Just recently a research group called Rapid7 published a report that reveals over a year’s worth of research regarding malicious activity tethered to Bitcoin Core (BTC) full nodes. By utilizing data collected from a network called ‘Project Heisenberg,’ and its internet scanner ‘Project Sonar,’ alongside intelligence from Bitnodes, the team had found quite a lot of exploits being shared between full blockchain nodes.
Study Finds Bad Actors Throughout Bitcoin Network’s Public Nodes
Bitcoin full node operators connect usually connect by default to a TCP service on port 8,333, but there are also over 600 alternative ports available. Rapid7’s recent research used data from the team’s Project Sonar which revealed the top three countries with the most port 8,333 nodes stem from the U.S., China, and Germany. The researchers began the blockchain surveillance back in August of 2017 and found more than 11,000 nodes per day. Moreover, the researchers collected data from more than 144,000 unique full nodes during the course of the study.
In addition to the Project Sonar intelligence over 900 nodes connected to Rapid7’s honeypot technology Project Heisenberg that revealed interesting and some malicious activities like the distribution of MS17-010 a critical Microsoft operating system vulnerability.
“Investigations into these interactions showed familiar patterns. Port scans and active reconnaissance with tools like Nmap were rampant, as was repeated attempted exploitation of MS17-010, largely from China,” explains Jon Hart a Rapid7 researcher.
17 hosts, mostly from the China IPv4 space, were actively slinging exploits for MS17-010.
The Bitcoin Network Three Times More Evil Than the Public Internet
As mentioned above most of the shady activities derived from confirmed malicious nodes with the most amount of connections the U.S. (178), China (154), and Germany (132). While the researchers note that not all of the findings found in full nodes can be deemed harmful the group observed the nodes used “curious scanning and probing behavior in the Bitcoin peer-to-peer network.”
The report concludes that the absolute number of bad actors found within the cryptocurrency’s network is fairly low, but on ‘bad days’ these nodes can account for up to 2 percent of the BTC network. Now the researchers say that the data collected may be considered low but compared to the “background noise” of malicious activity found on the entire IPv4 internet the figure is pretty alarming.
“Therefore, on a typical day, the Bitcoin network is approximately three times more ‘evil’ than the rest of the internet. On particularly active days, we see ten times as many malicious nodes in the Bitcoin network as we see on the regular internet, by volume,” explains the Rapid7 report.
If you are actively participating as a bitcoin miner, one takeaway is to recognize that there are a small number of participants in the bitcoin network actively taking hostile action against otherwise innocent nodes on the public internet.
What do you think about the research that states the BTC network of nodes is three times more “evil” than the entire IPv4 internet? Let us know what you think about this subject in the comments below.
Images via Shutterstock, Bitnodes, and Rapid7’s research report.
At news.Bitcoin.com all comments containing links are automatically held up for moderation in the Disqus system. That means an editor has to take a look at the comment to approve it. This is due to the many, repetitive, spam and scam links people post under our articles. We do not censor any comment content based on politics or personal opinions. So, please be patient. Your comment will be published.