So I’m recently running on a challenge the use of bitcoin.
I began with a complete node that I attempted to protected following the most productive practices to be had on-line.
Then, I arrange an electrum server that used to be hooked up to the entire node and on best of which I related a device pockets, being as a rule a chilly one.
With a purpose to practice up this actual server’ standing, I added it to a notification carrier equipped by means of this web page.
And that’s the reason when issues began to get bizarre.
I suddently began to peer the entire node being at all times 1 to two blocks at the back of the present block top. I then noticed 3 connections on reasonable to the electrum server from IP addresses that I did not personal. After all, I noticed that my pockets descriptor has been modified and that the receiving addresses of the pockets were changed. So everytime I might obtain a brand new transaction, it might generate a brand new cope with that used to be now not derived from my non-public key.
However this is essentially the most attention-grabbing section. For trying out goal, I had made an incoming transaction to that pockets, days sooner than, the use of the primary generated cope with that I can name “A”. When I began to have doubts, I went again to make sure the record of generated addresses and I could not in finding “A” anymore. It used to be visualy changed by means of a random cope with “B”, with the similar transaction however no different knowledge has modified (txid, inputs, outputs…). That record used to be other from the record I used to peer within the pockets.
That is once I got here again to the electrum server, seeing new connections each 2d, from other IP addresses. I assumed “I am being DDOSing”. After seeing my complete node being at all times past due catching the closing block, I used to be in spite of everything positive that I used to be sufferer of a sybil assault.
I then began to mitigate the assault by means of performing some duties at the pockets, the electrum server and the bitcoin core node. It’s not that i am positive if it is going to be sufficient however like any individual stated to me at some point, “there are many issues to believe… and security-wise and so forth. it is a large enterprise with a whole lot of dangers.”
Edit : Including the next query.
Query : How used to be it conceivable for the attacker to modify the descriptor and the receiving cope with of my pockets, during the electrum server? Is there some other vulnerabilities I will have to pay attention to so as to mitigate the dangers ?