Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Technology » Failed Sybil Attack Targeted Monero Users, Privacy Is Safe

Failed Sybil Attack Targeted Monero Users, Privacy Is Safe

by

Failed attack threatened to link IP addresses to user identities.

Failed Sybil Attack Targeted Monero Users, Privacy Is Safe

Key Takeaways

  • Monero was targeted by an attack today that could have compromised the privacy of some users.
  • However, the attack failed to achieve its goal: linking IP addresses and user identities.
  • The identity of the attacker is still unknown.

Share this article

Monero was targeted by an attempted Sybil attack that ultimately failed, according to reports from project developer Riccardo Spagni.

Attacker Targeted IP Addresses

As explained by Spagni, an unknown attacker ran several nodes in an attempt to compromise Monero users’ privacy. In essence, the attacker tried to record IP addresses and associate them with certain transactions to compromise user privacy.

The attack exploited a Monero-specific bug that increased the attacker’s chances of ending up in a legitimate node’s list of peers.

The attack ultimately failed, though: Spagni describes the attacker’s attempts as “largely incompetent” and “clumsy,” adding that the attacker did not exploit any of Monero’s on-chain privacy features, such as shielded transactions or ring signatures.

Spagni says that, though the precise line of attack was novel, similar attacks could be performed against most cryptocurrencies and privacy coins. As such, Spagni recommends that Monero users broadcast their transactions through Tor or i2p. Monero has also released a blacklist of addresses associated with the attacker, which will reduce further risks.

It should be noted that the attack only affects Monero users who are running a full node, not users who have a light wallet.

Who Carried Out the Attack?

It is not clear who is responsible for the attack. One possibility is that a surveillance company carried out the attack. Given that the U.S. government has contracted two analysis firms to circumvent Monero’s privacy, it is plausible that one of those firms was responsible for the attempted attack.

Spagni alleges that firms such as Chainalysis have used similar techniques to monitor other blockchains such as Bitcoin.

However, he doesn’t believe that was the case in this attack.

Spagni says that Chainalysis “already has a relationship” with exchanges and says it can ask for information that the Sybil attack would have provided. “I don’t think they’d even bother,” he concludes.

Ultimately, the identity of the attacker remains a mystery.

Update: XMR-stak developer FireIce is now known to be responsible for the exploit; the developer claims the attack is still underway and has published the results on this page. Developers maintain that the exploit is largely ineffective.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.