A flaw in ostensibly untraceable cryptocurrency Monero, which has picked up steam as market leader Bitcoin has stumbled in value, may make it possible to trace transactions—and since the entire history of Monero is encoded in its blockchain in what is now known to be a semi-vulnerable method, transactions that happened years ago could potentially be analyzed for information on the parties involved.
A flaw in ostensibly untraceable cryptocurrency Monero, which has picked up steam as market leader Bitcoin has stumbled in value, may make it possible to trace transactions—and since the entire history of Monero is encoded in its blockchain in what is now known to be a semi-vulnerable method, transactions that happened years ago could potentially be analyzed for information on the parties involved.
Per Wired, a team of researchers from institutions including Princeton, Carnegie Mellon, Boston University, MIT, and the University of Illinois at Urbana-Champaign recently released a paper showing that while Monero is designed to mix the “coins” in each transaction with decoys called “mixins,” there are flaws in the way the Monero network handles that mixing. Here’s how one of the tricks works, according to Wired:
The second flaw is related to the timing of transactions:
Monero has since been updated to reduce the chance of successfully identifying which is the real coin and which are the mixins using the second method to 45 percent, still essentially flip-of-the-coin odds. Neither method can be used to identify the recipient in a transaction, just from who the coin originated, according to Wired. But that’s hardly reassuring for users, given how authorities have repeatedly busted so-called “dark web” markets like Silk Road, AlphaBay, and Hansa, and then used Bitcoin’s blockchain in tandem with recovered records and flipped suspects to track down even more suspected criminals.
The researchers estimate that at most 25 percent of Monero transactions are for “illicit use,” which is still a huge chunk of the activity on the coin’s network. While these flaws don’t necessarily show that anywhere near all of those illicit transactions could be traced, they do undermine Monero’s security. That’s bad news not for just cybercriminals, but anyone who relies on the coin for anonymity, ranging from regular users to white supremacists.
“Privacy isn’t a thing you achieve, it’s a constant cat-and-mouse battle,” Monero core developer Riccardo Spagni told Wired, adding that some of the flaws are offset by other security features. Regarding the second flaw concerning transaction timing, he added that the team needs to develop a new approach entirely: “There are steps we can take to continue to improve the sampling, but the reality is that this isn’t a solvable problem by just pecking away at it.”
It could be worse: Someone encoded illegal child abuse imagery into the Bitcoin protocol, potentially making holding or spending any bitcoins illegal.
[ Wired]
