Researchers have exploited a flaw in the cryptocurrency Monero to break the anonymity of transactions, however, this is just a re-release and seems to be already over 1 year old now. Several pages ‘forgot’ to mention that this is already resolved and the new introduced and updated research paper overall says nothing that is not already well known.
Old news – new hype
The recent post shows that Monero suffers from an attack which can break the anonymity of XMR (Monero). The research paper shows in detail how the attack can break the anonymity. The original article came first from coindesk. An overview of the flaw can be found on GitHub.
Monero users should be warned that their prior transactions are likely vulnerable to tracing analysis A significant fraction (91%) of non-RingCT Monero transactions with one or more mixins are deducible (i.e., contain at least one deducible mixin), and therefore can be conclusively traced. Furthermore, we estimate that among all transaction inputs so far, the Guess-Newest heuristic can be used to identify the correct mixin with 80% accuracy. Even after accounting for publicly deanonymized transactions such as pool pay- outs, we find that at least a few hundred transactions per day in mid 2016 and more than a thousand transactions per day from September 2016 through January 2017 would be vulnerable. Furthermore, we estimate that at most a quarter of these can be attributed to illicit marketplaces like AlphaBay. These users might have incorrectly assumed that Monero provided much higher privacy, especially for transactions taking place in late 2016. Because many transactions on AlphaBay are criminal offenses, with statutes of limitations that will not expire for many years (if ever), these users remain at risk of deanonymization attacks. We stress that illicit businesses tend to be early adopters of new technology, but there exist many legitimate reasons to use privacy-centric cryptocurrencies (e.g., a journalist protecting her sources). While such scenarios are less visible, their users face the same risk of deanonymization.
Towards fulfilling this recommendation, we released an initial draft of this paper to the Monero community. We believe it has been in the best interest of Monero users that we offered this warning as soon as possible, even before countermeasures have been deployed. One reason for our decision is that the data from the Monero blockchain is public and widely replicated, and thus delaying the release would not mitigate post-hoc analysis, which can be carried out at any future time. Second, countermeasures in future versions of the Monero client will not affect the vulnerability of transactions occurring between the time of our publication and the deployment of such future versions.
Complementing this paper, we have launched a block explorer (https://monerolink.com), which displays the linkages between transactions inferred using our techniques. We recommend additionally developing a wallet tool that users can run locally to determine whether their previous transactions are vulnerable.
Original research findings
Problem already solved
You don’t need to panic, this is as already mentioned old news back from last year. The issue is already fixed. In fact, Monero shows yet again that it can defeat a lot of attacks and that it is still one of the most secure cryptocurrencies available because the issue was quickly resolved back in September 2017 with a bigger update.
Again wrong News from Wired, Naked Security & Slashdot
It’s not the first time those mentioned pages spreading wrong conclusions and wrong news without doing any single research. The impact of telling ‘Monero is not secure’ has a huge rat tail and it seems that such news pages don’t care what they spread just to make some clicks.
Monero is still secure and whenever there is something upcoming the developers trying to fix it and this as soon as possible because those guys take their promise serious. I think the sad story was yet again that some pages spreading ‘news’ on a copy & pasta level without actually asking if what they writing is really true, this mostly happens if someone writes an article who has no clue about what he is really talking about.
In case you read all the mentioned links in my article you will notice that Monero just only proved once again that XMR is a real alternative to real insecure cryptocurrencies like BitCoin, this is due the fact that BitCoin & Co were never designed to protect it’s users while Monero was built with keeping in mind that security comes first.
- HN Discussion of Wired’s article “Monero Is Less Untraceable Than It Seems” (reddit.com/r/Monero)