The Monero network is under attack, as confirmed directly by Monero project leader Riccardo Spagni.
Recently, a largely incompetent attacker bumbled their way through a Sybil attack against Monero, trying to correlate transactions to the IP address of the node that broadcast it. Whilst novel in that it is the 1st Sybil attack of this sort, it was also quite ineffective. 1/n
— Ric “el pony esponjoso” (@fluffypony) November 10, 2020
Spagni reveals that an attacker defined as “incompetent” attempted a real-time Sybil-type attack against the Monero network to try to correlate transactions to the IP addresses of the nodes that transmitted them.
This would be the first attack of this kind against Monero, but according to Spagni, it was “quite ineffective”.
In fact, it would have had no effect on any of Monero’s on-chain privacy mechanisms, and since it was already a possible attack anyway, a lot of work would have been done over the years to mitigate it, such as making it possible to use Tor or i2p so that nodes transmit transactions completely anonymously.
The attack has been explained in detail on Reddit, where it is also pointed out that this type of threat is actually possible on virtually all permissionless cryptocurrencies.
It has however been in progress for 10 days, and in the meantime, the nodes involved have been included in the blacklist.
The Sybil attack against Monero
This was not an attempt to alter the blockchain, or to interfere with its operation, but rather an attempt to extract additional data regarding the IP addresses of the nodes used for transactions in progress.
Monero, however, already incorporates a solution to this problem, Dandelion++, which made this attack much less effective than it could have been. However, Spagni himself warns that this is not a guaranteed solution to all such problems, but is designed for occasional monitoring.
In other words, a similar attack, but in much larger proportions, could have had some effect by intercepting the IP addresses of some Monero nodes.
A list of IP addresses that would have been intercepted with this attack has also been published on monero-badcaca.net, but so far there is no clear confirmation that they match those of the actual senders of the transactions.
In fact, this site should not be considered impartial and objective, as it explicitly states:
“Monero was never a real privacy coin. Multiple problems that Ciphertrace is currently exploiting were reported to Monero project in 2016 and remain unfixed since. To draw attention to the issue I will publish transactions, IP addresses and porn preferences of 100 “lucky” Monero users every day”.
