Exploring Spatial, Temporal, and Logical Attacks on the Bitcoin Network

BY KEYHUNTER 06.03.2025
Exploring Spatial, Temporal, and Logical Attacks on the Bitcoin Network

In this paper, we explore the partitioning attacks on the Bitcoin network, which is shown to exhibit spatial bias, and temporal and logical diversity. Through data-driven study we highlight: 1) the centralization of Bitcoin nodes across autonomous systems, indicating the possibility of BGP attacks, 2) the non-uniform consensus among nodes, that can be exploited to partition the network, and 3) the diversity in the Bitcoin software usage that can lead to privacy attacks. Atop the prior work, which focused on spatial partitioning, our work extends the analysis of the Bitcoin network to understand the temporal and logical effects on the robustness of the Bitcoin network.

I. INTRODUCTION

The Bitcoin network consists of nodes that are connected in a peer-to-peer architecture. These nodes are geographically spread over the Internet, and they use a gossip protocol to exchange transactions and blocks. Ideally, Bitcoin nodes are expected to remain synchronized over the state of the blockchain in order to maintain a consistent view. Moreover, the decentralized and distributed network is considered safe against single point-of-failure. However, these assumptions, if challenged, may lead to system-wide vulnerabilities and partitioning attacks, which we explore in this paper.

In Bitcoin, partitioning attacks can be launched against a group of nodes that: 1) are geographically clustered within an autonomous system (AS), 2) have an outdated view of the blockchain, and 3) are using a vulnerable software client infected with malware and bugs. As an outcome of each attack, an adversary can influence the key features and operations of Bitcoin including the publication of a block, the transaction confirmation, and the network size. Prior work [1], on partitioning attacks focused on the spatial attack vector, indicating that Bitcoin nodes are vulnerable to BGP hijacks. In this paper, we validate their findings and present an up-to-date condition of the network. Additionally, and novel to our work, we present more optimized and cost effective attacks that extend into temporal and logical network frontiers.

Data Collection. For this study, we crawled Bitnodes [2], a service that maintains a persistent connection with all reachable nodes in the Bitcoin network. We used the information to develop another crawler, atop Bitnodes, to acquire data. The data contained information including the IP address, the latest block, and the software client of each node. We used the IP address of nodes to find their corresponding AS and organization. For our analysis, we use two datasets: a sample per minute and a sample per 10 minutes, respectively.

II. PARTITIONING ATTACKS

A. Spatial Partitioning

In spatial partitioning, an adversarial AS or organization can hijack BGP prefixes of a target AS that hosts a higher fraction of Bitcoin nodes and mining pools. As a result, it can hijack the Bitcoin traffic, isolate the mining power, or simply harm the reputation of the target AS.

Prior work [1], carried out in 2017, showed that 13 ASes hosted 30% Bitcoin nodes while 50 ASes hosted 50% Bitcoin nodes. In our analysis, started on February 28, 2018, we found that only 8 ASes host 30% of Bitcoin nodes and 24 ASes host 50% of Bitcoin nodes. At the organization level, we found that only 13 organizations host 50% of the Bitcoin nodes. Among them, only two organizations host 65.7% of Bitcoin hash rate, with the leading organization (AliBaba) having a 59.4% share of Bitcoin the hash rate. This indicates that since 2017, Bitcoin has become more centralized. In Figure 1, we plot the CDF of ASes and organizations that host Bitcoin full nodes, and in Table I, we present the top 5 mining pools along with their hash rate and distribution across ASes and organizations.

Spatial partitioning can facilitate other major attacks including double-spending, consensus delay, eclipse attacks, and the 51% attack. As shown in Table I, if an attacker hijacks 3 ASes, he can isolate more than 60% of the Bitcoin hash rate. This can be further extended by individually targeting ASes and hijacking BGP prefixes. To prevent spatial partitioning, node hosting should be spread across multiple ASes. This can resist the centralization and raise the attack cost.

B. Temporal Partitioning

In temporal partitioning, a malicious miner can partition the network and force users into following a counterfeit blockchain. The objective of the attacker is the isolation and

Mining PoolH. Rate %ASesOrganizations
BTC.com12.4%AS45102Hangzhou Alibaba
Antpool11.7%AS45102AliBaba (China)
ViaBTC10.3%AS45102AliBaba (China)
BTC.TOP6.3%AS45102AliBaba (China)
F2Pool34.3%AS58563Chinanet Hubei
12 others

subversion of nodes that are behind the main chain by one or more blocks. The nodes can be behind the chain due to poor connectivity, low bandwidth, or network churn.

An attacker with the information of vulnerable nodes can connect to them and feed them false blocks. To outline the network’s vulnerability, we plot this temporal diversity of Bitcoin nodes in Figure 2, where the x-axis denotes a time-index for network observations (one observation every 10 minutes in Figure 2(a) and Figure 2(b), and one every minute in Figure 2(c)). From Figure 2, we were able to make the following observations. 1) Consensus pruning is not uniform across the network. 2) Generally, a majority (≈ 50%) remains synchronized. 3) 30–40% nodes remain 1–4 blocks behind with respect to updated nodes. 4) There are vulnerable moments in which up to 90% of the network is 1–4 blocks behind.

As shown in Figure 2, nodes in the yellow and purple region are behind the network, and vulnerable to attacks. The attack recovery will require a fork in which all transactions will be reversed and UTXO sets will be updated. Standing out in our analysis is the observation that Bitcoin has a level of asymmetric vulnerability. With a market capitalization of ( o(10^{11}) ) USD and network configuration of ( o(10^5) ) nodes, each full node is worth ( o(10^7) ) USD. However, the cost of disrupting the network is far less than the value being impacted.

Since temporal partitioning has not been studied before, therefore, effective countermeasures do not exist. However, we propose a simple yet effective scheme, called BlockAware [3], which uses the expected block time to notify the node about its blockchain view with respect to the network. As part of our ongoing work, we are prototyping BlockAware over Bitcoin Core to defend against the temporal attacks.

C. Logical Partitioning

To connect to the Bitcoin network, peers run a software called Bitcoin Core that implements protocols of the system. Bitcoin Core is an open source project that can be customized and updated to implement new rules and policies. Since 2009, there have been over 40 updates to Bitcoin Core, with the latest, v0.16.0 released in February 2018.

Table II shows the distribution of Bitcoin software at the time of our data collection. We observed that 288 Bitcoin software variants are used by nodes. The latest version of Bitcoin Core, 0.16.0, is used by only 36% of the nodes while 27% use version 0.15.1. The remaining 37% of the network uses 286 different software clients.

Peer “democracy” in software selection has served well, but is vulnerable to attacks. An attacker can release a modified version of software client, contaminated with bugs and malware that can put the privacy of the user at risk. To obfuscate the true nature of the software client, and to gain confidence of the users, the attacker may also introduce useful features in his software that offer better performance. One example is Falcon, that provides faster connectivity and minimum delay during transaction propagation [4]. Falcon is not malicious, but it demonstrates the independence of peers to run a client that is not part of Bitcoin Core. Logical partitioning can compromise the privacy of a node running the malicious software version. It may expose the user to privacy risks and theft.

Vulnerability to logical partitioning is due to the open network protocol. A central authority to regulate client participation would violate decentralization, and therefore, logical partitioning attacks remain a vulnerability to be considered.

III. CONCLUSION

In this paper, we explore the vulnerability of Bitcoin to spatial, temporal, and logical attacks. Our results show that over time, Bitcoin nodes have become more centralized among ASes, and therefore, more vulnerable to BGP attacks. Additionally, due to the diversity in consensus and the use of different software clients by different nodes, both temporal and logical partitioning attacks are possible.

Acknowledgement: This work is supported by Air Force Material Command award FA8750-16-0301.

REFERENCES

[1] M. Apostolaki, A. Zohar, and L. Vanbever, “Hijacking bitcoin: Routing attacks on cryptocurrencies,” in IEEE Symposium on Security and Privacy, SP San Jose, USA, May 2017, pp. 375–392, https://doi.org/10.1109/SP.2017.29.

[2] B. Community, “Bitnodes: Global bitcoin nodes distribution,” 2018, https://bitnodes.earn.com/.

[3] M. Saad, V. Cook, L. Nguyen, M. T. Thai, and A. Mohaisen, “Partitioning Attacks on Bitcoin: Colliding Space, Time and Logic,” Tech. Rep., 2019.

[4] Z. Zhang, Y. Zhang, Y. C. Hu, and Z. M. Mao, “Practical defenses against BGP prefix hijacking,” in Proceedings of the 2007 ACM Conference on Emerging Network Experimentation and Technology CoNEXT, New York, USA, Dec 2007, p. 3, http://doi.acm.org/10.1145/1364654.1364658.

Useful information for enthusiasts:

Contact me via Telegram: @ExploitDarlenePRO