CryptoPotato
CryptoPotato
  • Crypto News
  • Margin Trading
  • Guides
    • Bitcoin & Crypto Guides 101
    • Bitcoin For Beginners
    • Editorials
  • DeFi & NFT
  • Buy
  • Language
  • Crypto News
  • Bitcoin For Beginners
  • Cryptocurrency Guides 101
  • Editorials
  • Bitcoin & Crypto Margin Trading
  • DeFi & NFT News
  • Bitcoin Price Analysis
  • CryptoPotato Crypto Fund
  • Ethereum (ETH) Price Analysis
  • Ripple (XRP) Price Analysis
  • Market Updates
  • Interviews
  • Buy Bitcoin with Card
  • bitcoin
    BTC$22,878.00
  • ethereum
    ETH$1,568.38
    • Market Updates
    • BTC Analysis
    • ETH Analysis
    • XRP Analysis
    • Interviews
    • Opinions
    CryptoPotato
    CryptoPotato
    • Crypto News
    • Margin Trading
    • Guides
      • Bitcoin & Crypto Guides 101
      • Bitcoin For Beginners
      • Editorials
    • DeFi & NFT
    • Buy
    • Language
    • Crypto News
    • Bitcoin For Beginners
    • Cryptocurrency Guides 101
    • Editorials
    • Bitcoin & Crypto Margin Trading
    • DeFi & NFT News
    • Bitcoin Price Analysis
    • CryptoPotato Crypto Fund
    • Ethereum (ETH) Price Analysis
    • Ripple (XRP) Price Analysis
    • Market Updates
    • Interviews
    • Buy Bitcoin with Card
    Home » Crypto News » Yes, Monero Was Attacked: But It Was Not “Broken”

    Yes, Monero Was Attacked: But It Was Not “Broken”

    Author: Felix Mollen

    Last Updated Nov 14, 2021 @ 13:20

    A few days ago, a mysterious hacker attacked Monero and shared some sensitive information. Now, Riccardo Spagni replied, explaining the situation.

    A few days ago, a mysterious Twitter user claimed to have found the magic formula to crack Monero.

    Fireice_UK shared a web address that “revealed” personal information of several Monero users, even including their sexual preferences.

    “Anonymous” cryptocurrency #Monero broken. https://t.co/M2tDXFzpLb

    You can now check how many paedophiles thought it is private today. 100 new IP addresses, transaction details and user’s porn preferences published every day.#SaveTheChildren $xmr

    — Fireice UK (@fireice_uk) November 5, 2020

    The website in question, Monero BADCACA, features a table with the TxID of a Monero transaction, its city of origin, the node’s IP —perhaps not the sender’s, more on this later— and the person’s favorite porn based on the torrents they downloaded.

    The Dark Side of Monero?

    The site also has a FAQ. Fireice_UK claims to have been tracking the blockchain for some time and that the Monero development team knew about the project’s shortcomings, basically turning a blind eye to it and caring mostly about the money:

    ADVERTISEMENT

    I have been logging Monero transactions for over a year now. Main reason why I decided to go public are blatant lies that there is nothing to worry about Ciphertrace and that Monero is private.

    All things considered, how did the hacker get access to this information? Another tweet could be the key to the answer:  Unlike Ciphertrace, they got it from the nodes; basically intercepting the data before it spread through the network.

    If your #monero transaction was stuck in the mempool for a few minutes. I have some bad news – that means it was intercepted by BADCACAhttps://t.co/zMmx9BntaN

    — Fireice UK (@fireice_uk) November 5, 2020

    What Actually Happened

    Riccardo “fluffypony” Spagni, who served for a long time as Monero’s lead developer, explained what happened in an extensive thread. TL;DR: It’s nothing alarming, and in fact, Monero’s very design makes it virtually impossible to identify the user with certainty.

    Recently, a largely incompetent attacker bumbled their way through a Sybil attack against Monero, trying to correlate transactions to the IP address of the node that broadcast it. Whilst novel in that it is the 1st Sybil attack of this sort, it was also quite ineffective. 1/n

    — Riccardo Spagni (@fluffypony) November 10, 2020

    A Sybil attack occurs when a malicious actor tries to obtain information from a user through various practices such as creating multiple accounts or nodes to intercept and block transactions. This can happen on many public blockchains, not just Monero.

    Monero uses a transaction broadcast system called Dandelion++. Unlike Bitcoin —where a person usually broadcasts a transaction as quickly as possible to as many nodes as they can— in Monero, the transaction bounces off several individual nodes before one of them spreads it across the network.

    how Dandelion++ works in Monero
    How Dandelion++ works in Monero. Image: Bean Privacy

    In short, the nodes can know the IP that spread the information, but are not sure if it’s the IP of who sent the transaction. In fact, intermediate nodes also don’t know if they are communicating with the sender or they’re just bouncing the information.

    Therefore, the intercepted IP does not necessarily belong to the people involved in a transaction. Nor is it 100% real that fireice_UK has “broken” Monero. The amounts, addresses, and sensitive data associated with those transactions remained unknown. Equally important, what about the porn? Well: obfuscation methods like VPNs, Tor or i2p make it almost impossible to link a user to one of the IP addresses shared by BADCACA —but there’s always a chance.

    Still Nervous?

    Spagni explains that the hacker tried really hard in order to achieve such a difficult attack, but even after all the effort, the reliable information they were able to obtain was very little:

    This attack, whilst novel in that it is a live Sybil attack against a network, was simply not large enough to be broadly effective against Dandelion++ – the attacker would have had to launch many thousands more nodes. 9/n

    — Riccardo Spagni (@fluffypony) November 10, 2020

    Even if they did do this, they would still not have been able to demonstrably prove a link between a node and a transaction, and it would be a “best guess” heuristic. Naturally this attack was entirely useless against anyone using a light node (eg. MyMonero), 10/n

    — Riccardo Spagni (@fluffypony) November 10, 2020

    against anyone using Tor / i2p for their node, against anyone who runs their node behind a VPN, or against anyone using pushtx on a Monero block explorer to broadcast their transactions. It was also largely useless for anyone using a node remotely (eg. Monerujo or the GUI). 11/n

    — Riccardo Spagni (@fluffypony) November 10, 2020

    In other words, it seems like there is nothing to fear, but if the possibility of a Sybil attack worries you, just follow some essential tips:

    • Run your own node
    • Broadcast your transactions on a block explorer’s pushtx functionality
    • Use Tor or i2p
    • Get a girlfriend and stop downloading porn

    This article was first published on Nov 11, 2020

    SPECIAL OFFER (Sponsored)
    Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

    PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.

    You Might Also Like:

    • monero_tracking
      Monero (XMR) Market Capitalization is at a 2-year High
    • monero_tracking
      Crypto Intelligence Firm Claims Monero (XMR) Tracking Capabilities
    • monero_tracking
      Chainalysis Wins $625,000 IRS Contract to Track Monero
    Tags: Hacking Monero Security
    Enjoy reading? Share with your friends
    Facebook Twitter LinkedIn Telegram

    About The Author

    Felix Mollen
    More posts by this author

    Felix got into Bitcoin back in 2014, but his interest quickly expanded to everything blockchain-related. He's particularly excited about real-world applications of blockchain technology. Having worked as a professional content writer for three years before that, Felix transitioned to working on blockchain-centered projects and hasn't looked back ever since.

  • bitcoin
    BTC$22,878.00
  • ethereum
    ETH$1,568.38
  • Join Our Community

    FacebookTwitter YouTubeTelegram


    Editorials
    How Long Will the Ethereum LSD Narrative Last? Talking 2023 Trends with Nansen’s Martin Lee

    How Long Will the Ethereum LSD Narrative Last? Talking 2023 Trends with Nansen’s Martin Lee

    Everything That’s Going on With Pi Network: From Start to Latest Controversial Listing

    Everything That’s Going on With Pi Network: From Start to Latest Controversial Listing

    What is Ethereum Liquid Staking and Why It Is Crucial As Shanghai Upgrade Approaches?

    What is Ethereum Liquid Staking and Why It Is Crucial As Shanghai Upgrade Approaches?

    The Lesson in Alameda-FTX About Government Regulation and Crypto (Opinion)

    The Lesson in Alameda-FTX About Government Regulation and Crypto (Opinion)

    5 Bullish and 2 Bearish Cases for DeFi Going Into 2023 (Opinion)

    5 Bullish and 2 Bearish Cases for DeFi Going Into 2023 (Opinion)

    From Google and Microsoft to Binance: Interview with Head of Product Mayur Kamat

    From Google and Microsoft to Binance: Interview with Head of Product Mayur Kamat

    13 Biggest Crypto Scandals and Controversial Stories of 2022

    13 Biggest Crypto Scandals and Controversial Stories of 2022

    Join Our Newsletter
    Become a CryptoPotato VIP
    One Weekly Email Can Change Your Crypto Life.
    Sign-up FREE to receive our extended weekly market update and coin analysis report
    We NEVER send spam. You can unsubscribe at any time.
    Invalid email address
    Thanks for subscribing!
    Footer Logo
    About
    Advertise on CryptoPotato
    About Us | Contact Us | Careers
    Editorial Policy
    Terms of service | Privacy Policy | GDPR
    More Sections
    IEO List | Evaluations
    Airdrops
    Scholarship
    Disclaimer
    Disclaimer: Information found on CryptoPotato is those of writers quoted. It does not represent the opinions of CryptoPotato on whether to buy, sell, or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk. Full disclaimer
    © Copyright CryptoPotato 2016 - 2021
    Scroll to top
    One Weekly Email Can Change Your Crypto Life.

    Sign-up FREE to receive our extended weekly market update and coin analysis report

    We never send SPAM. You can unsubscribe at any moment
    Invalid email address
    Thanks for subscribing!