Chainalysis Successful Deanonymization Attack on Monero

53 pointsposted 9 hours ago
by Anon84
(darkwebinformer.com)

26 Comments

nunobrito

5 hours ago

This isn't deanonymization, it is modifying and infiltrating nodes to then listen what is happening from naive users connecting to them.

There was never an expectation of privacy when you connect to servers outside your control with non-encrypted data. That is the reason why the article itself mentions that this isn't working when running your own node, as most people do.

This is the same thing as complaining that Monero is no longer anonymous because Windows is capturing screenshots and keyboard presses when you open the desktop app.

Monero remains anonymous by default.

dodomodo

5 hours ago

In practice they (allegedly) took anonymouse transaction and linked it to real world identity. Call it what you want.

fruitworks

3 hours ago

The transaction wasn't really anonymouse in the first place, but I agree that the UI should warn users more when working in "light wallet" mode.

abecedarius

3 hours ago

> running your own node, as most people do.

Huh, surprising -- it's very different from most people using most software. (Of course HN is not most people.)

I tried to fill myself in by asking Claude Opus neutrally "do most users of Monero run their own node?" and was told it couldn't find good data, it's community-promoted behavior, but there were multiple reasons for skepticism.

I have no idea, I'm just noting my surprise.

shmel

2 hours ago

It's literally in their FAQ: https://www.getmonero.org/get-started/faq/

Anyone curious about how Monero is implemented would immediately understand why it's a bad idea to use remote nodes.

>What is the difference between a lightweight and a normal wallet?

>For a lightweight wallet, you give your view key to a node, who scans the blockchain and looks for incoming transactions to your account on your behalf. This node will know when you receive money, but it will not know how much you receive, who you received it from, or who you are sending money to. Depending on your wallet software, you may be able to use a node you control to avoid privacy leaks. For more privacy, use a normal wallet, which can be used with your own node.

krior

2 hours ago

I don't know what asking AI adds to the discussion.

ianbutler

2 hours ago

Well reading comprehension tells us they were surprised that most monero folks run their own nodes and that they were unable to find supporting information.

Your comment however does actually add nothing.

wizzwizz4

a few seconds ago

No, reading comprehension tells us that Claude Opus output the "unable to find supporting information" claim, which abecedarius faithfully relayed to us.

nunobrito

an hour ago

Most people don't know nor use Monero at all.

Most monero users are on the desktop where the common practice is to download and run their own nodes and/or use monero from Android on apps like CakeWallet, where their node is used and assumed as trustworthy.

To give background info: most users are on desktops because monero mining happens using CPU and instead of GPU, so they install the wallet which comes with a miner included and installs the node as well. They basically make some little income every single day and accumulate that profit.

The other miners like GuPax also install a node on the local computer as well, so a large majority of users simply runs nodes locally because they don't want to send their hashes to remote nodes which might fool them.

embedding-shape

6 hours ago

It always seemed weird from Day 1 when I reviewed Monero vs Zcash to rely on anonymization that depends on other nodes and number of honest peers, instead of relying on technical anonymization that Zcash does, seems much more reliable and long-term workable, even though it was much harder and took them longer to arrive at good solutions.

pclmulqdq

5 hours ago

If Zcash had privacy by default, they would have won against Monero for being the private cryptocurrency. As it stands, any private transaction on the Zcash chain stands out like a sore thumb and the use of de-anonymized transactions around it make it easy to figure out how much money was moved. It was a missed layer 8 opportunity on the part of Zcash.

This attack doesn't seem to work if you run a monero node, though.

embedding-shape

5 hours ago

You'd have a bit more credibility if your complaint was more up to date :) Zcash wallets have defaulted to shielded accounts and transactions for some time already.

pclmulqdq

4 hours ago

It took at least half a decade if not a full decade to get to the obvious place and I (and everyone else) wrote Zcash off in that time.

embedding-shape

3 hours ago

> and I (and everyone else) wrote Zcash off in that time

Seemingly in the ecosystem you exists in yeah, but in the world at large Zcash seems to have at least 6x the volume. I guess "everyone else" didn't get your memo. Regardless, I don't really care personally which one is better or which one you specifically use, as long as what we say is being truthful :)

pclmulqdq

3 hours ago

Are you referring to on-exchange volume of a coin that has pumped 10x in a few months? And it's only 6x the on-exchange volume of monero? It sounds like people still don't use it. If you look at the blockchain, you will see very few transactions per block (literally less than one per minute), so it seems the volume is almost entirely on the exchanges. It's probably people speculating on privacy for some reason, combined with some dumping of the pre-mine.

The majority of the on-chain use is also public transactions, so it seems the "privacy by default" setting doesn't really matter.

monero-xmr

3 hours ago

I know (and many others do as well, it’s not that hidden) of the group that pumped Zcash. Very well executed pump

vosper

3 hours ago

You said

> As it stands, any private transaction on the Zcash chain stands out like a sore thumb

Is that actually still the case or has the change to defaults made anonymity more common?

pclmulqdq

3 hours ago

If you look at recent mined blocks, a majority of transactions are still public. So yes, even if the default is shielded wallets and private transactions for a specific wallet, most of the chain is not using them.

DennisP

33 minutes ago

True, but as of this month 30% of zcash transactions are shielded, and 20-25% of addresses are private. That's a fairly large anonymity set. The percentage of shielded transactions is also increasing, at a rate that will make them a majority within a year if the trend continues.

https://www.coindesk.com/research/inside-zcash-encrypted-mon...

walletdrainer

4 hours ago

Chainanalysis is certainly not running the Tor attack as described here.

It’s technically possible, but not really practical. We’d have seen darknet markets as they currently exist eradicated a long ago.

pjdkoch

6 hours ago

September 17, 2024

kobieps

3 hours ago

surprising how often this happens...

RandomBacon

an hour ago

Monero's main "competitor" seems to be Zcash which is run by a VC-backed company. The company gets 20% of all mined Zcash. The incentive is very strong to FUD Monero.

As of this comment, Monero is #26 on CoinGecko's list of crypto by marketcap with Zcash at #27. I'm guessing that's why there's a few of these posts on HN all of a sudden.

bhouston

4 hours ago

So chainalysis is working for governments now? I guess it makes sense.

MadsRC

4 hours ago

Now? Chainalysis has always worked for governments…

It was basically spawned out of the government needing help with investigating crypto - I think it was Mt. Gox…

Anon84

3 hours ago

Exactly. “Tracers in the Dark” (https://a.co/d/aos3Nka) does a good job of telling that story and a couple of others from the early days of blockchain analytics