Sometime this week, a research group that goes by the name Rapid7 released a report that discloses more than a year’s worth of research concerning illegal activity in relation to Bitcoin Core (BTC) full nodes.
Rapid7 is a computer security project that provides information about vulnerabilities. The research team used a network called Project Heisenberg to collect data along with its internet scanner called Project Sonar and intelligence from Bitnodes.
Bitcoin full node operators connect generally connect by default to a TCP service on port 8,333, though there are up to more than 600 substitute ports accessible. The Project Sonar helped the research team to find out the top three nations with the most port 8,333 nodes. The top three countries are the U.S, China, and Germany. Rapid7’s research team started closely observing the blockchain back in August of last year (2017). Soon after they begun monitoring the blockchain, they discovered that over 11,000 nodes per day. In addition to that, they also gathered more than 144,000 unique full nodes worth of data during the course of the study.
Furthermore, more than 900 nodes were connected to Rapid7’s innovative technology Project Heisenberg. The Project Heisenberg unveiled fascinating and certain malicious activities like the distribution of MS17-010, a critical Microsoft operating system vulnerability.
One of the Rapid7’s researchers, John Hart elaborates that:
“Investigations into these interactions showed familiar patterns. Port scans and active reconnaissance with tools like Nmap were rampant, as was repeated attempted exploitation of Ms17-010, largely from China.” Mr. Hart added: “17 hosts, mostly from the china IPv4, were actively slinging exploits for MS17-010.”
The report also shows the number of malicious nodes found. Out of the top three previously mentioned, the U.S came out with up to 178 connections. China came in second with 154 connections and Germany followed with 132 connections. However, the team stated that not all of the findings found in full nodes can be deemed harmful to the group observed the nodes used curious scanning and probing behavior in the Bitcoin peer-to-peer network.
The report ends by noting that the total number of bad actors discovered within the cryptocurrency’s network is fairly low, but on bad days these nodes can take up to 2 percent of the BTC network.
Rapid7’s report concludes by stating: “therefore, on a typical day, the Bitcoin network is approximately three times more evil than the rest of the internet. On particularly active days, we see ten times as many malicious nodes in the bitcoin network as we see on the regular internet, by volume.”