Bitcoin transactions are transferred through a hex string that contains the transaction information. The hex string is signed with the private key of the address that has the coin.

It is not possible for people to steal Bitcoins through MITM attack. The raw transaction does not contain any sensitive information that would allow one to steal your Bitcoins.

However, you can be tricked into accepting a payment when it the payment isn't on the actual network. The attacker can isolate you from the Bitcoin network and use Bitcoin on their fork. With this, they can trick you into thinking that you have received payments.

So when you transfer money from one address to another, only that information is being used?




Does my real curiosity really provide anonymity? For example, when I send this message, the data transfer between me and the server is certain. If you do not hide your IP address, this message can be detected very conveniently from my computer. (https://browserleaks.com/)

When transferring money from Bitcoin wallets, is there any information transfer about my computer? Can they find out who owns the transfer address?

Yes. Only the outputs being spent from and the outputs being created are all that is really used. The outputs being created typically contain the hash of your public key. That is the only way to identify who owns that transaction.

Not easily. The Bitcoin protocol does not contain anything about IP addresses or other computer information relevant to identifying you. There is no need for any of that information. Block explorers who do give that information are both not definitive and only relative to their own nodes (e.g. blockchain.info's "relayed by IP" field in transactions can only show the node that told blockchain.info about the transaction, not the node that sent it).

Since Bitcoin uses a gossip protocol so that every node on the network receives the transaction, the only people who know the IP where the transaction originated from are the nodes that you are directly connected to. Even so, those nodes cannot be sure that you are the originator and not just someone else relaying a transaction that they don't know about yet. The other nodes have to be connected to every single other node on the network (an impossible task) in order to truly determine with certainty that the transaction originated from your node. This kind of attack (called a sybil attack) is very hard to do as it is impossible to know the IP address of every single node on the network and not all nodes will connect to the attacker's node(s)

Even with a sybil attack you can still use IP address hiding techniques such as a VPN or TOR in order to hide your IP address.

Could you give an example of how such an attack would look? I'm having a hard time imagining how a third party could do harm by pretending it received a payment from me.

Many things are possible if people are stupid enough to believe you. E.g. this address -> https://blockchain.info/address/1QLbGuc3WGKKKpLs4pBp9H6jiQ2MgPkXRp

is advertised as Bitcoin Magic Doubler including a service thread here -> https://bt.irlbtc.com/view/1357858.0

People send coins to the address and instantly get a transaction "back". This will however never confirm and it in fact only shows on blockchain.info. Which makes people use these inputs to fool others in turn.
-> https://blockchain.info/tx/d83b29b81ad3a2e4d084dd583847cd87d278f3255a9301f74a668479aab13266

Well, not for the person participating in the "doubler" as they have to send first. For everyone else, yes.

I'm new to bitcoin. There's a lot I do not know about Bitcoin.
If theoretically this sentence is correct: "The attacker can isolate you from the Bitcoin network and use Bitcoin on their fork. With this, they can trick you into thinking that you have received payments."
Then it would not be hard to produce scenarios for the attacker. Needless to say, there must be a monetary gain to cover the cost of the attack.
How much does it cost you to carry out such an attack? (to create a technical sub build)

It's a simple script. The following are written to give an idea only. I do not feel like doing something like that. Nobody should do anything like that. Defrauding people is something very wrong. You do not have the right to steal anyone's money. It's written just to be a brainstorming. Also, this scenario is also written to get our own security.

We hunt our victims over social media sites. We use female profiles for this. For 3-4 months, we play a game-enthusiastic young girl on facebook. This young girl will be a person interested in bitcoin at the same time. On Steam, you can already buy games with bitcoin. So this young girl will be contacted by players who have knowledge about bitcoin.

This young girl will be our friend, so it's a real profile. The commission will be given to each of the gross proceeds made. Technical infrastructure will be provided by IT specialists friends (network and software). The important thing is that we can have faith and trust. For this, the young girl will sell BTC for 3-4 months. This will not be cheat for 3-4 months. The money issuer will really be sold to BTC.

Victims will be selected from different countries. So different facebook accounts will be created for different countries. The victim will only face to face meeting girls who are our friends. But the meeting will be on the ground we set up. This place will be a place for computer enthusiasts. The whole network infrastructure here will be our control.

The real cheat will begin once you have had enough confidence. People will be defrauded here because they are willing to shop in the place we set up. "The attacker can isolate you from the Bitcoin network and use Bitcoin on their fork. With this, they can trick you into thinking that you have received payments." The infrastructure described here will be prepared. And BTC will be sold in large quantities. People will think that they are receiving BTC payments on the fork bitcoin network. The country will be abandoned after the crash is over.

How much budget is needed for such an attack?

Only in this scenario will the victim think the process has been verified. All transactions will go through our network. Bitcoin will think he gets paid when he looks at his wallet.

Also the system will work through our DNS addresses. So when he wants to enter the popular sites used for Bitcoin, he will be connected to fork sites. If a site like blockchain.info wants to check the operation, it will appear as if the transaction has been approved because it has logged into our fork site.

The only problem here is that the victim wants to use his own mobile internet. Devices that weaken the mobile signal power can be used. So he will have to use our network.

Only if you have enough hash power to solve a block at the current difficulty in a reasonable amount of time. SPV wallets and Full Node wallets will all reject any invalid block you attempt to provide.

If you've got that much hash power, you can make a lot more money actually solving legitimate blocks and broadcasting them instead of solving fake blocks and then throwing the blocks away.