Developer tells about the mass collection of IP addresses of bitcoin owners
According to him, an unknown company links this data to transactions and wallets for identification
30.03.2023 - 09:00
613
3 min
0
What’s new? On March 28, an anonymous Bitcoin developer under the nickname 0xB10C announced the existence of LinkingLion, an organization that since 2018 has been collecting IP addresses of cryptocurrency users on bitcoin and Monero networks and linking them to transactions and wallets for identification. The developer allowed that LinkingLion could be a company that analyzes blockchain to improve its own products or sell the collected data.
What else is known? 0xB10C writes that LinkingLion uses four IP address ranges (three IPv4 /24 ranges and one IPv6 /32 range) to connect to the Bitcoin network’s listening nodes to link new transactions to the IP addresses of the nodes.
These four ranges are owned by Fork Networking, Castle VPN, Linama UAB, and Data Canopy, according to the registries. Fork Networking hosting company and VPN provider Castle VPN are both US-based and owned by the same person. Data Canopy is also registered in the States and offers data processing services. There is no information about the Lithuanian company Linama UAB on the web.
Since the connections from these four IP ranges show similar behavior, the developer concluded that they are all controlled by the same organization. 0xB10C calls it LinkingLion, since AS LionLink Networks is a company common to all of the above firms.
ConsenSys and Ledger heads deny claims of client data collection
The executives explained that user privacy is a priority for their companies
That said, the developer has not reached definitive conclusions as to whether LinkingLion is a single entity or a group of entities. According to 0xB10C, it is unlikely that this activity has been conducted by an individual for several years.
Earlier, Bitcoin developer James O’Beirne spoke about working on a feature that alerts users when someone tries to steal their coins and then prevents the theft by redirecting the funds to a safer wallet. The feature is a type of smart contract that places constraints on how BTC can be spent on the wallet. If implemented on the Bitcoin network, it would require a soft fork (a backwards-compatible change to the blockchain).
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$62 547
BTC
-3.13%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.1
XRP
-3.48%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.078947
DOGE
-5.17%
-
Zcash
$418.13
ZEC
-7.25%
-
Stellar XLM
$0.193322
XLM
-6.43%
-
Cardano
$0.150923
ADA
-5.14%
-
Polkadot
$3.32
DOT
+5.27%