Monero (XMR) is one of the well-known and “older” coins with special privacy features. But at least since the report of the block chain security company CipherTrace, there have been considerable doubts about the actual privacy when using XMR for transactions. A hacker now points out further security gaps and puts Monero in trouble.
Monero (XMR): Sybil attack exposes user IPs
Monero was the target of a so-called Sybil attack, as Monero’s project developer Riccardo Spagni announced via ThreadReader a few days ago. This is big news for all gamblers out there who prefer casinos, where you can pay via XMR.
Spagni outlines the attack as follows: An attack operated several nodes in the network and tried to compromise the privacy of the users. The attacker tracked the IP addresses of the users and tried to combine them with certain transactions in the network.
The attack was a novelty as Spagni informed. The hacker used a bug from Monero, which apparently increased the chances of appearing in the list of peers of a node.
The attack itself can be applied in a similar way to many crypto currencies, especially privacy coins. However, only those who operate a full node are affected. Users of Light Wallets are not affected.
As potential security measures, users can broadcast their transactions via an onion routing protocol such as Tor.
Attack Reveals Conflict within the Community
In the above mentioned thread of Spagni, we also find passages that describe the hacker as incompetent and describe his attack as inefficient.
By now it is known who is behind the attack. This is the former developer Firelce, who announced more information about the attack on the following website.
Whoever reads the statements on the website will quickly see that it is also about personal feuds. The probably most important statement from Firelce’s perspective is right at the beginning of the website:
Monero was never a real privacy cousin. Several problems published by Ciphertrace have been known since 2016 and still have not been addressed. To draw attention to these problems, I will publish the IP addresses and transactions of 100 “happy” Monero users.
Cryprocurrencies are going to rise more and more, now that Paypal also will accept BTC soon. You can read more about it here.
What do you think about the attack on Monero (XMR)? – What is the risk for the coin and how functional is a privacy coin that cannot guarantee the privacy of its users?