banner
Monero suffering a Sybil attack
Monero suffering a Sybil attack
Blockchain

Monero suffering a Sybil attack

By Marco Cavicchioli - 11 Nov 2020

Chevron down

The Monero network is under attack, as confirmed directly by Monero project leader Riccardo Spagni. 

Spagni reveals that an attacker defined as “incompetent” attempted a real-time Sybil-type attack against the Monero network to try to correlate transactions to the IP addresses of the nodes that transmitted them. 

This would be the first attack of this kind against Monero, but according to Spagni, it was “quite ineffective”. 

In fact, it would have had no effect on any of Monero’s on-chain privacy mechanisms, and since it was already a possible attack anyway, a lot of work would have been done over the years to mitigate it, such as making it possible to use Tor or i2p so that nodes transmit transactions completely anonymously. 

The attack has been explained in detail on Reddit, where it is also pointed out that this type of threat is actually possible on virtually all permissionless cryptocurrencies.

It has however been in progress for 10 days, and in the meantime, the nodes involved have been included in the blacklist.

The Sybil attack against Monero

This was not an attempt to alter the blockchain, or to interfere with its operation, but rather an attempt to extract additional data regarding the IP addresses of the nodes used for transactions in progress. 

Monero, however, already incorporates a solution to this problem, Dandelion++, which made this attack much less effective than it could have been. However, Spagni himself warns that this is not a guaranteed solution to all such problems, but is designed for occasional monitoring. 

In other words, a similar attack, but in much larger proportions, could have had some effect by intercepting the IP addresses of some Monero nodes. 

A list of IP addresses that would have been intercepted with this attack has also been published on monero-badcaca.net, but so far there is no clear confirmation that they match those of the actual senders of the transactions. 

In fact, this site should not be considered impartial and objective, as it explicitly states:

“Monero was never a real privacy coin. Multiple problems that Ciphertrace is currently exploiting were reported to Monero project in 2016 and remain unfixed since. To draw attention to the issue I will publish transactions, IP addresses and porn preferences of 100 “lucky” Monero users every day”.

Marco Cavicchioli
Marco Cavicchioli

Class 1975, Marco teaches web-technologies and is an online writer specializing in cryptocurrencies. He founded ilBitcoin.news, and his YouTube channel has more than 25 thousand subscribers.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.