Chainalysis successful deanonymization attack on Monero : DarkNetMarkets | Torhoo darknet markets

Yep, it is a mess but on the other side it opens up an incentive to speed up some Monero development to mitigate this and strengthen it, like Seraphis, FCMP and proper multisig development (related to Seraphis). People don't realize how important it is. But this takes time and in between one has to keep his security posture unbroken.

/u/Paris, I recommend pinning this in the announcements, as it directly impacts the whole community and is vital for our shared safety. Ensuring it remains visible will help keep everyone informed and reinforce the importance of staying vigilant.

No thanks. Sounds boring.

The story about node dot moneroworld dot com, that is already down now is that based on the Chainalysis presentation it was a sting operation promoting the poisoned Monero nodes to the public as trustworthy. The guy behind it was, as they say - "their administrator". They have those administrators around the world.

That is why our earlier article about this incident where some of the community members called the the node dot moneroworld dot com being infiltrated.

The issue is that not only moneroworld was compromised. Every remote Monero node CAN be poisoned. There is no way to detect that available now. The Monero design actually allows this adn they work now on some countermeasures. And therefore one cannot rule out the possibility that his remote node is poisoned.

Just don't use the remote nodes immediately and run your own node that is capable to utilize the Dandelion++ feature, don't connect to the net from an IP linked to your RL identity and be sure your financial flows are elaborate blurring the traces at every step.

Any remote Monero node can be compromised and attack you with the attacks described above.

Use Tor, of course. But use it wisely and don't require Tor to protect you against attacks like colluding national states or adversaries capable to contact the multiple national ISPs around the world and request specific data. Tor cannot protect you here. It doesn't have message padding and it doesn't have message mixing.

Q: are you saying that node.moneroworld.com is/was run by Chainalysis? As well as all of the remote nodes that used to be listed on the site?

It seems like the moneroworld was infiltrated or directly run by the Chainalysis administrator.

Q: what is Dandelion++? Is it implemented automatically when someone runs their own node?

Yes, the Dandelion++ (its current version is the ++) it is running by itself when you use your own node. If you use a remote node, you don't use Dandelion feature.

Q: what metadata? And is this metadata visible publicly even when running your own remote node?

Some metadata are always visible on the blockchain like transaction timestamp, size of the transaction, fees and few others whether you use remote node or not. But if you run your own local node, the Dandelion++ obfuscates a bit the the time stamp of the transaction. The transaction broadcast to the Dandelion++ Steam phase and subsequent fluff phase is different time than the timestamp of the transaction on the Monero blockchain.

Q: is mixing necessary or advisable even when running your own node? (If so, why?)

Yes, it is. Monero is probabilisticaly traceable at any times. Current anonymity set of Monero RingCT is 16:1, where 1 signature belongs to you and the remaining 15 sigs are taken from the blockchain pool of unspent outputs and used as decoys to obfuscate the real sig. That is why the Chainalysis needed to lure Monero users to their poisoned remote nodes to serve them compromised decoys.

Q: This is where I'm especially confused. Are you saying that using Tor to connect to nodes (e.g. in MoneroGUI) doesn't fully de-anonymize the traffic because a number of exit nodes are controlled by state actors? Are Monero transactions that use nodes routed through Tor any less anonymous than regular traffic in the Tor browser? I'm just not clear exactly what you're saying or what the implications are for transactions on Monero or traffic on Tor itself.

If the Chainalsis or any other adversary contracted the ISPs in various countries, or the countries themselves are the adversaries, they can request the data from the ISPs and see the traffic patterns of the nodes. It is not Monero specific, but actually any-proxy-specific like Tor, VPN, I2P.

We used the example of the USA and Germany because if you check the Tor stats, US and DE can see large portion of the Tor traffic, because on their soil there is about 50% of all the Tor nodes in the world. We don't know what countries the Chainalysis contracted, but If they see a pattern in and out it doesn't matter how many hops are in between. They just know the original IP address with a very high probability. If it is your home IP address, you are directly deanonymized and identified.

Q: Last, is there any way to tell what previous transactions may have been compromised?

Well I would say that many of the public remote nodes (see in the video the "RPC-" tag) were run by the Chainalysis administrators and were widely published and advertised.

Considering the standard OpSec procedures for contingency planning and damage control: if the impact of the compromise in this part of the operation is highly significant, you cannot be detected and the occurrence is high, you have to trigger your contingency planning and start to work on your damage control immediately, because yo have to consider yourself potentially compromised. If you also broadcasted the transactions from your home address, it is even worse and if you used the CEXes with your poisoned Monero transactions, all your finance is poisoned now and needs to be brought back to purity.

We posted this article on /d/Monero as well as /d/OpSec and it is on hold for 17 hours now. I have written the message to /u/HeadJanitor but didn't get any response yet and the article is still Pending Approval.

Our previous post node.moneroworld.com was INFILTRATED, and so its Monero nodes /post/fde4b75e108a53cf6f4b about the same issue was on Pending Moderation on /d/OpSec for about 24 hrs and fell down in the feed, so not so many people noticed it. When I saw the article is Pending Moderation on /d/OpSec, I published that on /d/Monero and it was published immediately.

This article is a followup.... :-/ Now this article is Pending Moderation also on /d/Monero not only /d/OpSec. I don't know wtf.

I have some hardcore research to do, it looks like. A lot of research. Especially academic research that is most current and unfolding and then research in mathematics and cryptography where it yields the nature of how probabilistic this all is. Because if the probability of a massive asteroid colliding into the earth is extremely insignificant then we can focus elsewhere.

Yeah, but ensure first they don't fuck you.

YEAH FUCK CHAINALAYSIS!! U HAVE TO REMEMBER THEY ALSO OWN ZDASH OR DASH WHATVER! AND THEY ARE JEALOUS THAT MONERO ARE DOING VERY WELL AND NOT DZASH LOL LOL THEY MUST BE SOO PISSED OFF THEY HAVE CHOOSEN WRONG COINS HAHA! TWATS!

Thank you, take care and stay safe ;)

All posts about monero are moderated before approval due to phishing links.

See For information on how to obtain monero see: /post/fa0d55812cfccbfc9825

or /d/Monero/wiki?id=a34355a5 for more information

Never trust links in comments or private messages

This comment was posted automatically by a bot. All AutoModerator settings are configured by individual communities. Contact this community's Moderators to have your post approved if you believe this was in error.

This attack is not realistic. It is actually quite costly if they wanted to run so many nodes. That is why everyone needs to run their own node and completely stop using the remote nodes all together.

It can have some impact on all Monero users and we cannot say what level of impact it is, because there is no way to find out how many nodes the adversary runs nor how many ISPs give them the requested data.

By running your own node you utilize the Dandelion++ feature of Monero that obfuscates the true, original node in the Dandelion++ Steam phase. This already kills some of the attack vectors, like feeding you the poisoned decoys and frustrates the adversary's attempts to link the transactions together.

By sending the transaction from the IP that is not linked to your RL ID, the adversary is not getting the original IP right away.

By using DEXes instead of CEXes they cannot easily link the transactions to the known CEX IPs.

This by itself is much higher security stance.

All posts about monero are moderated before approval due to phishing links.

See For information on how to obtain monero see: /post/fa0d55812cfccbfc9825

or /d/Monero/wiki?id=a34355a5 for more information

Never trust links in comments or private messages

This comment was posted automatically by a bot. All AutoModerator settings are configured by individual communities. Contact this community's Moderators to have your post approved if you believe this was in error.

If Joe reported his crypto usage to his lovely government, he is of course not targeted by the Chanalysis.

What is so called illegal decides the same lovely government Joe reported to and it is very fluid and can change any time. Some lovely governments are already outlawing the Monero and other privacy coins so Joe is already quite fucked.

All posts about monero are moderated before approval due to phishing links.

See For information on how to obtain monero see: /post/fa0d55812cfccbfc9825

or /d/Monero/wiki?id=a34355a5 for more information

Never trust links in comments or private messages

This comment was posted automatically by a bot. All AutoModerator settings are configured by individual communities. Contact this community's Moderators to have your post approved if you believe this was in error.

[removed]

All posts about monero are moderated before approval due to phishing links.

See For information on how to obtain monero see: /post/fa0d55812cfccbfc9825

or /d/Monero/wiki?id=a34355a5 for more information

Never trust links in comments or private messages

This comment was posted automatically by a bot. All AutoModerator settings are configured by individual communities. Contact this community's Moderators to have your post approved if you believe this was in error.

Hi, the Dandelion is part of your monerod when you run your own node (full or pruned, works both cases). Current version of Dandelion is Dandelion++ and it is very good at obfuscating the original node as well as the transaction timestamp (a bit) visible on the blockchain.

All posts about monero are moderated before approval due to phishing links.

See For information on how to obtain monero see: /post/fa0d55812cfccbfc9825

or /d/Monero/wiki?id=a34355a5 for more information

Never trust links in comments or private messages

This comment was posted automatically by a bot. All AutoModerator settings are configured by individual communities. Contact this community's Moderators to have your post approved if you believe this was in error.

Get monero and send to a wallet you own before sending to market. DEX is decentralized exchange, and CEX is centralized exchange.

The Monero mixing is the way to increase the anonymity set of the monero transaction. It is not that easy as it seems to be. One has to understand the inner workings of the Monero, RingCT and blockchain analysis to counter that.

Also note that your anonymity is built not only within the Monero mixing. It is related to how you get the Monero from the partners, how you mix it, where it goes further, what patterns you expose to the adversary, your networking and few others. This together ensures you anonymity or breaks it.

There is unfortunately no one size fits all solution here. It is highly individual and needs to be tailored to ones specific situation. Otherwise it will fail, like the advises on Monero usage till now, despite what we were telling people for years.

Context, context, context shields or kills.

Use an external antenna and connect to the remote, faraway crowded public WiFi hotspot and rotate properly.

There are many guide out there on how to run your own node, depending on your OpSec considerations. Find one and try. If you need any assistance, let us know. We offer OpSec, Security and Counteirntelligence trainings.

You cannot know what remote nodes are compromised but they CAN be operated directly by the Chainalysis administrators. Just don't use ANY remote nodes now.

We always tell people to use the official CLI wallet with their own local node. This is the most simple way to use it fast and reliable. Especially from within QubesOS Whonix AppVM, isolated from network through Tor.

It means they COULD be poisoned and compromised at the level of all their transactions. We don't know now if those remote nodes were or were not run by the Chainalysis administrators. But it would make sense. But we don't know. Act as if you WERE compromised.

If you were broadcasting the Monero transactions to the poisoned remote nodes from the IP that is linked to your RL ID, you COULD be traced down to your home address. Again, you don't know and you hav eto act as if you WERE compromised.

Just don't use remote nodes immediately and trigger your damage controls procedures. If you need assistance with anything related to security, let us know.

Nope, it doesn't matter, what matters is your entry point to the internet. If it is related to your RL ID, you COULD be fucked.

You are welcome and thank you ;)

All posts about monero are moderated before approval due to phishing links.

See For information on how to obtain monero see: /post/fa0d55812cfccbfc9825

or /d/Monero/wiki?id=a34355a5 for more information

Never trust links in comments or private messages

This comment was posted automatically by a bot. All AutoModerator settings are configured by individual communities. Contact this community's Moderators to have your post approved if you believe this was in error.

Yes, but in the combined attack they could get your original IP too. But you cannot know, because you don't what ISPs in what countries the Chainalysis gets the data.

Set your antenna properly and you get the range you need. Be sure to know what signal limits are allowed in your jurisdiction not to flag yourself by crossing it. If you cannot do it yourself, ask someone who knows how to do that.

Wardriving in only one option. Utilize what fits your needs.

Yes, we knew about the situation with the Chainalysis and mentioned countless times that Monero is probabilistically traceable and warned and teach people how to deal with that. If they listened to us, they are fine now. Same with Tor. If they didn't listen to us and didn't hit reality, the reality hits on them and they are potentially fucked.

It is not about fear. It is about being informed and take proper precautions.

Nope. First, it doesn't matter to fend off the attack mentioned above. Second, you can set your node as you like.

Posting links of any sort is discouraged. There are ways to shortlist links or just include the information the link provides.
If you feel it's completely necessary to post a link, it requires Mod approval to be posted.

This comment was posted automatically by a bot. All AutoModerator settings are configured by individual communities. Contact this community's Moderators to have your post approved if you believe this was in error.

/post/2e5e6734d8611e5aec8a

clickable dread links

All posts about monero are moderated before approval due to phishing links.

See For information on how to obtain monero see: /post/fa0d55812cfccbfc9825

or /d/Monero/wiki?id=a34355a5 for more information

Never trust links in comments or private messages

This comment was posted automatically by a bot. All AutoModerator settings are configured by individual communities. Contact this community's Moderators to have your post approved if you believe this was in error.

If you were using random remote nodes from the internet, you COULD be the victim of that attack. Your transactions COULD be transparent in the eyes of the adversary and could be traced very easily. This also doesn't automatically mean the you really were the victim of the attack. They don't run all Monero remote nodes obviously.

If you also sent the Monero transactions, connected to the poisoned Monero remote node, from your home IP or any IP linked to your RL identity, you COULD be traced down to your RL identity.

The Chainalysis operation is worldwide and unfortunately due to the Monero design it cannot be detected as of now. There are discussions about some countermeasures like pre-checking if the RingCT decoys are not from the spent outputs and therefore poisoned, but it is not even started. We all wait for the FCMP to hit the ground that would help with some of the attacks, but the usage of the remote nodes would again make it a mess.

If you are more juicy target (you have to know if you can be considered one), let us know and we can help you with damage control and proper training before the SHTF. In full seriousness.

If one used any Monero remote node instead of his own node and/or even sent the transaction from the IP that is linked to his RL identity, there is A LOT to worry about.

Yep, and those Chainalysis guys are most probably not the only ones out there doing something similar. They are just most visible.

btw if your crypto is self made as you say, be sure to know what are the tax implications in your jurisdiction, before you do anything with it. Those bitches out there are legally hungry ;)

They cannot break Monero but they can break naive users.

Wrong, very wrong advice. BTC blockchain is completely transparent and the fees are skyrocketing and it will get only worse. Good luck with coinjoin in that situation.

There are some options of using sidechains like LN or Liquid but you have to run your own full infrastructure for that purpose, otherwise you are again trusting someone else and it doesn't help at all.

Just use Monero, but wisely with its limitations and status quo in mind. There are some usages for the BTC indeed, related to the tax issues, but those are quite advanced tactics and not part of this thread.