Characterising Proxy Usage in the Bitcoin Peer-to-Peer Network

Abstract

In the public mind, Bitcoin has often been associated with censorship circumvention and evasion of surveillance measures, specifically in the context of monetary transactions. However, this perceived anonymity is a false sense of security as both on-chain transactions and the underlying message exchange in the peer-to-peer network are attack vectors for deanonymisation and monitoring, as shown in other research. Nonetheless, there has been an increase in Bitcoin usage not only for end-users but also in the context of cybercrime in the form of cryptojacking and ransomware. So there are a number of reasons why proxies might be used in the Bitcoin network, either as a privacy-preserving measure of end-users or as obfuscation in cybercrime. In this paper, we present a measurement study with the goal of characterising the proxy and VPN usage in the Bitcoin peer-to-peer network. We developed YABA (Yet Another Bitcoin Analyser) to gather network data in a geographically distributed fashion and analyse it. We describe our techniques to infer proxy/VPN usage and load on the peer through different latency measurements and the limitations of our approaches. We utilise port scanning of standard proxy/VPN service ports to compare results. We deployed our infrastructure on three continents (4 workers) and continuously crawled the network, with a total of 26.9 million connection attempts over five days. We conclude the usage of proxies to be minimal, with an estimated 0.4% of peers detected through latency measurements. Similar prevalence was measured through the use of port scans with SOCKS port hitrate at 0.3%, while common VPN ports had hitrates between 0.18% and 0.7%.