reply on: bitprojects-io turns off its 3000+ nodes, Bitcoin network keeps on going \ stacker news

pull down to refresh

245 sats \ 7 replies \ @02ad8239c2 2 Apr \ on: bitprojects-io turns off its 3000+ nodes, Bitcoin network keeps on going bitcoin

so what's the vulnerability ? i don't get it.

103 sats \ 6 replies \ @DarrelXero 2 Apr

Right, that made no sense at all. And what was the point of using all of those nodes to signal for BIP-110?

224 sats \ 5 replies \ @Scoresby OP 3 Apr

bit projects hasn't said much about signalling for 110. I think that is an independent issue.

But as far one person running a ton of nodes, the concern is that if thru are running so many nodes that my node makes most of its connections to nodes run by this person they could figure out if a transaction actually originates from me.

If all the nodes I connect to are controlled by one entity, they can feed me a false picture of the chain and I wouldn't necessarily be able to tell.

103 sats \ 4 replies \ @DarrelXero 3 Apr

So what were the findings? Isn't this the definition of a Sybil attack?

AI:

A Sybil attack in Bitcoin occurs when a single entity creates and controls a large number of pseudonymous identities (nodes) to gain a disproportionate influence over the network. The name comes from the book Sybil, a case study of a woman diagnosed with multiple personality disorder.

Mechanism of the Attack

In a peer-to-peer network, nodes rely on their "neighbors" to relay transactions and blocks.

In a Sybil attack:

The attacker floods the network with fake nodes.
They attempt to surround a target node so that all of its incoming and outgoing connections are linked to the attacker's controlled nodes.
Once isolated, the target node can be fed false information or blocked from seeing legitimate transactions.

Potential Impact on Bitcoin

While a Sybil attack cannot directly steal Bitcoin or change the rules of the protocol (like creating new coins), it can lead to several disruptions:

Double-Spending: By isolating a node, an attacker can prevent it from seeing a transaction that has already been spent elsewhere, making a second transaction appear valid.
Information Censorship: The attacker can refuse to relay blocks or transactions to the victim, effectively "blacking out" their view of the blockchain.
Privacy Erosion: Controlling multiple nodes allows the attacker to monitor transaction flows and deanonymize users by tracking which IP addresses broadcast which transactions.

How Bitcoin Prevents Sybil Attacks

Bitcoin does not use identity-based security (which is easy to fake). Instead, it uses Proof of Work (PoW).

Resource Cost: Creating a "fake" node is cheap, but gaining the power to influence the ledger (mining) requires physical hardware and electricity. An attacker cannot "fake" computational power.
Node Connectivity: Bitcoin Core nodes are designed to connect to multiple disparate peers. It is difficult and computationally expensive for an attacker to successfully surround a node that has diverse connections across the global network.
No Voting Power: Unlike Proof of Stake or other consensus mechanisms where "one identity = one vote," Bitcoin consensus is governed by the longest chain of cumulative PoW. Creating a million Sybil nodes does not grant an attacker the ability to rewrite the blockchain.

225 sats \ 3 replies \ @bitprojects_io 6 Apr freebie

The vulnerability is that I was able to do this for a much lower cost than assumed would be required. IP addresses are easy to rent/lease for $0.30-0.40, ASNs are easy to obtain and advertise from, and the bitcoin blockchain is easily deduplicated at both the block and file levels.

Only a small fraction of nodes are IPv4 reachable (meaning, accept inbound connections via IPv4), and nodes by default only make 8-12 outbound connections. With a little bit more scale, a single person or entity could become a large majority of the IPv4 reachable nodes that other nodes connect to, and that would allow them to control/restrict/decide/manipulate all traffic flow between nodes.

One action that would help change this is if more people made their bitcoin nodes IPv4 reachable -- able to accept inbound connections on TCP/8333 from the public internet

Another action would be to increase the outbound connection count to 24-48.

There are other combined actions/changes that help solve this but these two are ones that individual node runners can do.

103 sats \ 2 replies \ @DarrelXero 6 Apr

OK, so have you published your findings and your recommendations? Also, what was your point in running Knots and signalling for BIP-110 with your sybil nodes when you claim it was just for research purposes? Clearly you made that change at some point in the middle of your "research".

Also, is this you: https://www.bitprojects.io/

If so, why has it been offline since at least when you shutdown your 3000+ nodes?

103 sats \ 1 reply \ @bitprojects_io 6 Apr

Article coming soon.

To summarize though: I've been running these nodes long before the spam war started. I switched to knots last year because I believe that's the right choice, 100k op_return dramatically increases the attack surface of bitcoin and must be stopped. I then upgraded to knots 29.3+bip110 about 2 weeks ago now, and that's when everyone noticed all the nodes.

These nodes may be viewed as "fake" but they were still handling 80k connections from 35k unique sources. I actually did control 3k nodes, and I chose to signal bip110.

145 sats \ 0 replies \ @DarrelXero 6 Apr

I think even the puritans are irritated by your behavior in that regard. Hurts their numbers and accomplished nothing but reinforcing the narrative that what little support there is for the RDTS fork was artificial.

Looking forward to your published findings based on the experiment.