New Paper: Bitcoin over Tor a Bad Idea, Especially bad for SPV

In a new paper by Alex Biryukov and Ivan Pustogarov outline deterministic man in the middle attacks that can subject Bitcoin users over Tor to a number of adverse circumstances. From the paper:

A low-resource attacker can gain full control of information flows between all users who chose to use Bitcoin over Tor. In particular the attacker can link together user’s transactions regardless of pseudonyms used, control which Bitcoin blocks and transactions are relayed to the user and can delay or discard user’s transactions and blocks. In collusion with a powerful miner double-spending attacks become possible and a totally virtual Bitcoin reality can be created for such set of users.

Much of the attack leverages anti denial of service behavior in Bitcoin and the manner in which the Tor network handles traffic. The effects of such an attack are especially pronounced to users of Simplified Payment Verification or SPV clients. SPV clients include Multibit and the Schildbach wallet for Android, which are both based on Mike Hearn's BitcoinJ library. It should be noted that Hearn plans to make Tor connectivity the default in future BitcoinJ releases. The paper is available on

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>