Bitcoin News and Finance Moonstone Research Study Etches Doubts on Monero’s Privacy; Crypto Community Reacts Skip to main content

Moonstone Research Study Etches Doubts on Monero’s Privacy; Crypto Community Reacts

Moonstone Research Study Etches Doubts on Monero's Privacy; Crypto Community Reacts

On September 1, 2023, hackers made off with 2,675.73 monero (XMR), worth over $3 million at the time, from the Monero CCS donation wallet in nine separate transactions. Now, blockchain analysis firm Moonstone Research has traced forward through three of those transactions in a postmortem released this week.

Monero Privacy Challenged in Monero CCS Wallet Trace

Just 65 days ago, a monero (XMR) wallet earmarked for compensating contributors suffered from a hack. In a puzzling twist of events, the Monero team still grapples with the mysterious origins of this breach. A comprehensive investigation revealed that only two individuals held knowledge of the CCS wallet seed.

The wallet had also been operational since April 2020, functioning without issues until September 1, when an attacker executed a sequence of nine transactions, ultimately draining the entire balance of the CCS wallet. The enduring mystery revolves around how the assailant successfully accomplished this audacious feat.

The Moonstone Research postmortem details how the firm identified one of the hacker’s transactions that contained outputs from all nine of the initial withdrawals from the CCS wallet. While XMR transactions are designed to be private, this transaction’s rings contained one matching output from each of the nine hack transactions. Moonstone believes this indicates the transaction almost certainly belonged to the hacker, merging funds.

Analyzing this first transaction then allowed Moonstone to trace two more transactions likely made by the hacker sending funds to an exchange, service, or counterparty. However, the firm was unable to account for all the XMR withdrawn, indicating some funds have not yet been traced. The postmortem speculates the transactions were made using the mobile wallet Monerujo and its anonymizing “PocketChange” feature based on the abnormal number of outputs.

“Monero tracing is not deterministic in the same way that Bitcoin and Ethereum tracing often is. Monero transactions purposefully impose complexity to their transaction graphs, leading to false positives and ambiguity,” the report states. Still, blockchain analysis can uncover leads when combined with other evidence using heuristics.

Privacy Expert: ‘This Is Not a Scenario That Applies to Almost Anyone Using Monero’

Moonstone’s investigation demonstrates, under certain circumstances, XMR transactions can sometimes be partially traced despite their privacy features. But the report also shows there are still limitations to analyzing Monero’s complex blockchain. This development has piqued the interest of the crypto community, sparking discussions across various social media platforms. “Wow… not as private as everyone thinks,” one person remarked.

“I’m impressed but also concerned by how Monero transactions can be traced,” another person said on the social media platform X.

This is not the first time a blockchain analysis company has disclosed its capabilities to track XMR transactions. In 2020, Ciphertrace, a blockchain surveillance firm, claimed to have developed the “world’s first” Monero tracing tools designed for law enforcement purposes.

However, skepticism persists in the crypto community regarding the extent of these capabilities. At that time, information security engineer and XMR advocate Seth Simmons, among others, raised doubts about the accuracy of Ciphertrace’s claims and emphasized the need for corroborating evidence.

Simmons shared his perspective about Moonstone’s study as well and stressed that the specific tracing scenario doesn’t apply to the typical Monero user. He insists XMR remains inherently private and resistant to most tracking attempts. He explained that the ability to trace resulted from unusual circumstances: private keys were shared with a chain surveillance company.

Simmons further said that an atypical onchain footprint was created due to a Monerujo feature, and significant off-chain metadata was voluntarily provided. Seth suggests that future Monero improvements will make such tracing nearly impossible, emphasizing the need to avoid sharing private keys, sweeping entire wallet balances unnecessarily, and to minimize off-chain metadata exposure.

“Ring signatures’ only major weakness is against targeted tracing with known (or ‘poisoned’) inputs, which is this exact scenario,” Simmons wrote.

What do you think about Moonstone’s study and the skeptism surrounding monero tracking attempts? Share your thoughts and opinions about this subject in the comments section below.

Comments

Popular posts from this blog

Custodial Lightning Network Service Attack Discovered by LN ‘Newbie’ — Hacker Strikes 6 LN Custodians

On September 18, a Redditor posted to the r/bitcoin forum and explained how he discovered a way to “attack [the] lightning Network’s custodial services.” The Reddit account dubbed “Reckless Satoshi” wanted to figure out if a “discrepancy between real routing fees and service’s transaction fee can be exploited for a profit.” The researcher disclosed that he wanted to see how large the damage could be and said “it is bad.” 6 Lightning Network Custodial Services Attacked, Researcher Discloses Findings to Offenders Prior to Public Disclosure A Redditor called Reckless Satoshi published a disclosure post on r/bitcoin this past Saturday and disclosed how he had found a vulnerability with routing fees and some of the Lightning Network’s custodial services. The research attack was done in good faith and after it was complete he disclosed the bugs to the offending services before publishing his findings. Reckless Satoshi used the Lightning Network (LN) attack on six different services incl...

Axie Infinity Down 40% Since Last Week’s Price High, Protocol Revenue Outshines Competitors

Last week, the game token leveraged within the Axie Infinity gaming universe skyrocketed to all-time highs, while other crypto markets remained extremely lackluster. During the last seven days, Axie Infinity’s platform token has dropped significantly in value shedding more than 12%. Meanwhile, the game platform’s smooth love potion token has slid over 8% over the last 24 hours. Axie Infinity Down More Than 40% Since All-Time High Not too long ago, the axie infinity (AXS) token was a topical conversation because it reached an all-time high on July 15. At the time, AXS managed to capture $28.93 per unit and since then it has shed 12.8% during the last seven days. The axie infinity (AXS) token is used within the blockchain-based game that involves battles between token-based creatures called “Axies.” AXS is used for the game’s governance system as well as other actions within the game. At the time of writing axie infinity (AXS) is exchanging hands for $16.70 per coin. AXS/USD on Ju...

Play-to-Earn Game From Polker (PKR) Exchange Listing – Endorsed by Akon

The Play-to-Earn NFT based Polker.Game ‘s native token $PKR has been officially listed on the popular centralized exchange BitMart. Polker.game has been in the spotlight recently as Akon, the American R&B superstar and record producer gave his official endorsement of polker stating that the “game is revolutionary” and that Polker is “hands down.. the best play to earn, NFT game in the space.”. With the BitMart listing and celebrity endorsement from Akon, Polker is perfectly positioned to become a major player in the Play-to-Earn league. Watch Akon’s Video Here What is Play-to-Earn? Although not a new concept, play-to-earn has become a trending term due to the popularity of the NFT game AXIE infinity. In the past, previous play-to-earn games have also achieved success – however, thanks to the huge amount of development in the blockchain space in recent years the gaming experience is now massively improved. Play-to-Earn games are essentially free to play and open to anyone and...

China to Crack Down on Copyright Infringement Through NFTs

Authorities in China are going after creators of digital collectibles based on other people’s works of art, the use of which was not authorized. The government offensive is part of a campaign to combat online copyright infringement and piracy with the participation of several departments. Regulators in China Move to Strengthen Copyright Supervision of Online Platforms The National Copyright Administration of China (NCAC) has recently launched a campaign against copyright infringement and piracy on the internet, together with the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Internet Information Office of the People’s Republic. A major objective of the initiative is to improve copyright supervision of online businesses by investigating cases involving the sale and distribution of infringing products on short video, live broadcast and e-commerce platforms, and promptly dealing with infringing content, the agency announced in a press r...
Blogarama - Blog Directory