@Synnr
@sopuli.xyzI just noticed your username. Thank you for the project, Feather is amazing. I have a question though. I know Ruckinum ran an analysis and thinks this is not a black marble flood, but I can't help but think it's a way go somehow break the anonymity of monero, whether just sent amounts, or received amounts, which would still give a wealth of information.
I don't believe this is a random (D)DoS/spam. This is a deanon attack. I know it in my gut. I don't know enough about the internals of monero but I think you might.
Specifically...
The bug was triggered when the number of RingCT outputs on the blockchain exceeded 100 million
For instance, this transaction was constructed using a manipulated output distribution. Can you determine what the true spend is? Notice that all ring members are older than 1y 200d except for one 6-day-old output. Unless the user checks the ring on a block explorer and knows what to look out for, they would not notice that their transactions are being fingerprinted.
My understanding is that the 16 (or 15+real?) rings are all real, prior transactions. Are the transactions reused? If not, then they exhaust the supply of rings and now have great statistical advantage going forward. If they are reused, then they can tell the real spend by discarding any spend that's been used more than once. Is that correct?
I can't help but believe this is part of something larger, along with all the previous attacks in the last 2 years and now Samourai, Liquid pulling out of US, attacks on tor, RISAA and mandatory KYC on US cloud providers and domain registrars...
On that note, we've known LE has tools for years now (Chainalysis and 1-2 others) that can in some circumstances give a lead on who a target is, likely via statistical analysis. The tools are only available to law enforcement so the methods aren't known. My thoughts are, in no particular order:
They run or have compromised a lot of 'activist' nodes and xpubs are sent to the nodes in light wallets, unsure if this is how it works, or if that was unique to Samourai's whirlpool design. If this was the case, light wallets use currently online available servers, so chances are a user connects their wallet to tens of servers. Users who run their own nodes would be unaffected but I think the majority of monero users use light nodes.
They have tools that monitor public ledger chains, and watch the amounts in/out. You use an exchange service to trade $500 of BTC to XMR, the amounts (fees included) are correlated over time, leading to known persons selling via KYC services. Probably least likely option but unsure how XMR works in depth.
They run and/or work with (gag order) no-KYC major services that would have that information, as well as other more 'centralized' helpful no-KYC exchange services that know exactly what amount and address the funds are going to and where they came from.
I just noticed your username. Thank you for the project, Feather is amazing. I have a question though. I know Ruckinum ran an analysis and thinks this is not a black marble flood, but I can't help but think it's a way go somehow break the anonymity of monero, whether just sent amounts, or received amounts, which would still give a wealth of information.
I don't believe this is a random (D)DoS/spam. This is a deanon attack. I know it in my gut. I don't know enough about the internals of monero but I think you might.
Specifically...
The bug was triggered when the number of RingCT outputs on the blockchain exceeded 100 million
For instance, this transaction was constructed using a manipulated output distribution. Can you determine what the true spend is? Notice that all ring members are older than 1y 200d except for one 6-day-old output. Unless the user checks the ring on a block explorer and knows what to look out for, they would not notice that their transactions are being fingerprinted.
My understanding is that the 16 (or 15+real?) rings are all real, prior transactions. Are the transactions reused? If not, then they exhaust the supply of rings and now have great statistical advantage going forward. If they are reused, then they can tell the real spend by discarding any spend that's been used more than once. Is that correct?
I can't help but believe this is part of something larger, along with all the previous attacks in the last 2 years and now Samourai, Liquid pulling out of US, attacks on tor, RISAA and mandatory KYC on US cloud providers and domain registrars...
On that note, we've known LE has tools for years now (Chainalysis and 1-2 others) that can in some circumstances give a lead on who a target is, likely via statistical analysis. The tools are only available to law enforcement so the methods aren't known. My thoughts are, in no particular order:
They run or have compromised a lot of 'activist' nodes and xpubs are sent to the nodes in light wallets, unsure if this is how it works, or if that was unique to Samourai's whirlpool design. If this was the case, light wallets use currently online available servers, so chances are a user connects their wallet to tens of servers. Users who run their own nodes would be unaffected but I think the majority of monero users use light nodes.
They have tools that monitor public ledger chains, and watch the amounts in/out. You use an exchange service to trade $500 of BTC to XMR, the amounts (fees included) are correlated over time, leading to known persons selling via KYC services. Probably least likely option but unsure how XMR works in depth.
They run and/or work with (gag order) no-KYC major services that would have that information, as well as other more 'centralized' helpful no-KYC exchange services that know exactly what amount and address the funds are going to and where they came from.
Oops I was wrong, it looks like I have a penny left in the sending wallet so it was just a lucky coincidence on amounts sent during testing.
Note that someone should pass to the feather dev(team?)
In version 2.6.7 you can send the same coin without waiting for the 10 block confirmation. I have a feeling that's going to cause some true spend detections.
When gold was used as currency, it would be shaved off using a scale to confirm the weight (gold is a very soft metal, easily 'sliced' off the coin/bar. Shopkeepers had their own scales but wary customers could carry gold pocket scales to confirm the weight.
Just like you can spend fractions of a cryptocoin, you can spend fractions of a precious metal coin.
XMR PRICE
(2/4/24) $165
(4/13/24) $115
That's a 30% decrease in about 2 months. As an aside, 30% is the APR for most high-interest loans.
The idea is there, but something like DAI would be better to look at, although it remains to be seen how long crypto will be used and accessible (especially once CBDC rolls out and legislators getting even more heavy-handed with non-CBDC coins.)
The only way this would work is to peg it to fiat or commodity. Or expect that your ROI will either be nothing or an insane amount.
FTA:
The key thing to note is that no observer can link two addresses together. However, it is possible for the sender to link payments together if the receiver re-uses addresses.
For example, if you withdraw from ExchangeA using AddressA, and then go on to issue another withdrawal from ExchangeA using AddressA, the exchange will easily be able to link these two withdrawals together by simply comparing the withdrawal addresses (even if you used different accounts). Furthermore, if ExchangeA is cooperating with ExchangeB, it would be possible for both exchanges to link address-reusing withdrawals together.
Additionally, even if the sender is not cooperating with other entities in order to link transactions together, it is still possible for the sender to unwittingly link transactions together if their software is poorly implemented and erroneously re-uses the same random data for multiple transactions. Basically, the receiver is relying on the sender to generate good random data in order to generate a one-time key. If the sender fails to use good random data, then the "one-time" key isn't "one-time", and transactions can possibly be linked.
So, for maximum protection against linkability, it's a good idea to generate a new addresses for transactions that you don't want linked.
Further reading: https://localmonero.co/knowledge/monero-subaddresses?language=en
I think this can easily be achieved by generating a new subaddress for every request. ( I don't know how OpenAlias works, maybe it already does this.)
You can't with privacy.com or other big services, but there are other services that let you either generate a no-KYC reloadable credit card, or buy a prepaid international card that works for almost everything.