frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Chainalysis Successful Deanonymization Attack on Monero

https://darkwebinformer.com/chainalysis-successful-deanonymization-attack-on-monero-2/
65•Anon84•2mo ago

Comments

embedding-shape•2mo ago
It always seemed weird from Day 1 when I reviewed Monero vs Zcash to rely on anonymization that depends on other nodes and number of honest peers, instead of relying on technical anonymization that Zcash does, seems much more reliable and long-term workable, even though it was much harder and took them longer to arrive at good solutions.
pclmulqdq•2mo ago
If Zcash had privacy by default, they would have won against Monero for being the private cryptocurrency. As it stands, any private transaction on the Zcash chain stands out like a sore thumb and the use of de-anonymized transactions around it make it easy to figure out how much money was moved. It was a missed layer 8 opportunity on the part of Zcash.

This attack doesn't seem to work if you run a monero node, though.

embedding-shape•2mo ago
You'd have a bit more credibility if your complaint was more up to date :) Zcash wallets have defaulted to shielded accounts and transactions for some time already.
pclmulqdq•2mo ago
It took at least half a decade if not a full decade to get to the obvious place and I (and everyone else) wrote Zcash off in that time.
vosper•2mo ago
You said

> As it stands, any private transaction on the Zcash chain stands out like a sore thumb

Is that actually still the case or has the change to defaults made anonymity more common?

pclmulqdq•2mo ago
If you look at recent mined blocks, a majority of transactions are still public. So yes, even if the default is shielded wallets and private transactions for a specific wallet, most of the chain is not using them.
DennisP•2mo ago
True, but as of this month 30% of zcash transactions are shielded, and 20-25% of addresses are private. That's a fairly large anonymity set. The percentage of shielded transactions is also increasing, at a rate that will make them a majority within a year if the trend continues.

https://www.coindesk.com/research/inside-zcash-encrypted-mon...

embedding-shape•2mo ago
> and I (and everyone else) wrote Zcash off in that time

Seemingly in the ecosystem you exists in yeah, but in the world at large Zcash seems to have at least 6x the volume. I guess "everyone else" didn't get your memo. Regardless, I don't really care personally which one is better or which one you specifically use, as long as what we say is being truthful :)

pclmulqdq•2mo ago
Are you referring to on-exchange volume of a coin that has pumped 10x in a few months? And it's only 6x the on-exchange volume of monero? It sounds like people still don't use it. If you look at the blockchain, you will see very few transactions per block (literally less than one per minute), so it seems the volume is almost entirely on the exchanges. It's probably people speculating on privacy for some reason, combined with some dumping of the pre-mine.

The majority of the on-chain use is also public transactions, so it seems the "privacy by default" setting doesn't really matter.

monero-xmr•2mo ago
I know (and many others do as well, it’s not that hidden) of the group that pumped Zcash. Very well executed pump
pjdkoch•2mo ago
September 17, 2024
kobieps•2mo ago
surprising how often this happens...
RandomBacon•2mo ago
Monero's main "competitor" seems to be Zcash which is run by a VC-backed company. The company gets 20% of all mined Zcash. The incentive is very strong to FUD Monero.

As of this comment, Monero is #26 on CoinGecko's list of crypto by marketcap with Zcash at #27. I'm guessing that's why there's a few of these posts on HN all of a sudden.

kobieps•2mo ago
Sure, but I more meant people recycling year old news for clicks, and smart people falling for it. That's a very broad phenomenon and not tied to crypto.
pixel_popping•2mo ago
Useful analysis actually! Thank you
nunobrito•2mo ago
This isn't deanonymization, it is modifying and infiltrating nodes to then listen what is happening from naive users connecting to them.

There was never an expectation of privacy when you connect to servers outside your control with non-encrypted data. That is the reason why the article itself mentions that this isn't working when running your own node, as most people do.

This is the same thing as complaining that Monero is no longer anonymous because Windows is capturing screenshots and keyboard presses when you open the desktop app.

Monero remains anonymous by default.

dodomodo•2mo ago
In practice they (allegedly) took anonymouse transaction and linked it to real world identity. Call it what you want.
fruitworks•2mo ago
The transaction wasn't really anonymouse in the first place, but I agree that the UI should warn users more when working in "light wallet" mode.
dodomodo•2mo ago
Nothing is "really anonymouse", it's all a game of information sharing and hiding. I think I now understand the difference in our definitions, for you anonymouse means that at the protocol level no one can link the transaction to "you" (defined by a set of identifiers). My defenition is just "not publicly linked to your real world identity", so for example, sending a message under a pseudu name in a public forum would be anonymous under my defenition but not anonymouse under yours. What do you think?
fruitworks•2mo ago
Necroing this, but my general opinion is that anonymousity is more of a question of extent and the shape of anonymousity sets than a binary condition of anonymouse/public. But you are correct that we can never satisfy the binary condition.

Given enough foresnsics, it's possible to link pseudoanonymouse identities to real identities. See chainalysis. I'm sure if you apply stylometry to either of our posts, you could uncover our identities. I think there was a post here doing just that.

So my real problem with the pseudoanonymouse model is that when if fails, it generally favors centralized institutions in who are capable of the surveilance needed for correlation. It is asymmetric. People say that bitcoin's transparency is a feature, but the feature is only accessible to those with the metadata, like arkham or chainalysis. Reputation systems can be very useful though.

abecedarius•2mo ago
> running your own node, as most people do.

Huh, surprising -- it's very different from most people using most software. (Of course HN is not most people.)

I tried to fill myself in by asking Claude Opus neutrally "do most users of Monero run their own node?" and was told it couldn't find good data, it's community-promoted behavior, but there were multiple reasons for skepticism.

I have no idea, I'm just noting my surprise.

krior•2mo ago
I don't know what asking AI adds to the discussion.
ianbutler•2mo ago
Well reading comprehension tells us they were surprised that most monero folks run their own nodes and that they were unable to find supporting information.

Your comment however does actually add nothing.

wizzwizz4•2mo ago
No, reading comprehension tells us that Claude Opus output the "unable to find supporting information" claim, which abecedarius faithfully relayed to us. There's no evidence in the text that suggests abecedarius attempted to find supporting information.
ianbutler•2mo ago
Okay and if they had said Google we wouldn't be doing this dance, people just hate AI and its obnoxious to see comments about it on HN all the time. On a crypto post no less.

We get it you guys don't like AI, next!

It is equally obnoxious to people who talk about AI for everything as if it is a savior, it's a tool use it or don't.

abecedarius•2mo ago
It was a form of "huh, interesting. I tried to quickly find some more evidence for this but failed."

If Claude as search engine were able to link to some backing (maybe like "we estimate around n nodes regularly joining the network, which roughly matches the order of magnitude of estimated users" ) -- that'd be great! I'd have said I was surprised but look what I found.

Instead:

- it couldn't dig up anything supporting, except that Monero sites encourage users to run their own node;

- one point it raised against was confirmed by another reply to my comment ("apps like CakeWallet, where their node is used and assumed as trustworthy"). (Claude listed the same and a couple more wallets it called "popular" with similar trust dependence.)

I agree with GP that just relaying a chatbot is rude. That's why I didn't do that.

shmel•2mo ago
It's literally in their FAQ: https://www.getmonero.org/get-started/faq/

Anyone curious about how Monero is implemented would immediately understand why it's a bad idea to use remote nodes.

>What is the difference between a lightweight and a normal wallet?

>For a lightweight wallet, you give your view key to a node, who scans the blockchain and looks for incoming transactions to your account on your behalf. This node will know when you receive money, but it will not know how much you receive, who you received it from, or who you are sending money to. Depending on your wallet software, you may be able to use a node you control to avoid privacy leaks. For more privacy, use a normal wallet, which can be used with your own node.

nunobrito•2mo ago
Most people don't know nor use Monero at all.

Most monero users are on the desktop where the common practice is to download and run their own nodes and/or use monero from Android on apps like CakeWallet, where their node is used and assumed as trustworthy.

To give background info: most users are on desktops because monero mining happens using CPU and instead of GPU, so they install the wallet which comes with a miner included and installs the node as well. They basically make some little income every single day and accumulate that profit.

The other miners like GuPax also install a node on the local computer as well, so a large majority of users simply runs nodes locally because they don't want to send their hashes to remote nodes which might fool them.

abecedarius•2mo ago
Thanks for explaining. I'm still confused: CakeWallet (and similar) were a reason to doubt the original claim. Are these "popular" wallets rarely used, or are you considering the nodes that they trust as equivalent to your own node?
nunobrito•2mo ago
People using monero tend to be well informed, or at least better informed than average crypto users. What I see happening is that most users have at minimum three different wallets: One for mining on the desktop, one "cold" wallet for storing the bulk of their money and then one wallet on cakewallet with pocket money for the convenience of small and fast transactions (e.g. donations, small payments).

From that sense in regards to CakeWallet: Android isn't anywhere secure and there is a real danger that key credentials are stolen by rogue apps. In the end doesn't really matter much about whichever nodes are trusted by cakewallet because the monetary values hosted on those Android wallets don't tend to have much value much to begin with.

I've been a long time user and never saw reports of cake wallet being insecure or people losing their wallet money from there. In either case most people using monero tend to be extra cautious from the start.

bhouston•2mo ago
So chainalysis is working for governments now? I guess it makes sense.
MadsRC•2mo ago
Now? Chainalysis has always worked for governments…

It was basically spawned out of the government needing help with investigating crypto - I think it was Mt. Gox…

Anon84•2mo ago
Exactly. “Tracers in the Dark” (https://a.co/d/aos3Nka) does a good job of telling that story and a couple of others from the early days of blockchain analytics
walletdrainer•2mo ago
Chainanalysis is certainly not running the Tor attack as described here.

It’s technically possible, but not really practical. We’d have seen darknet markets as they currently exist eradicated a long ago.

486sx33•2mo ago
It’s fairly easy to decrease susceptibility to this attack. #1 run your own node #2 monitor the nodes you are connected to with “sync_info” #3 ban nodes that aren’t up to current block height, strange port connections, and connections from typical spy IP addresses. There could still be a spy node connected when you send your transaction but it won’t have a very high probability of originating from any particular place
yieldcrv•2mo ago
Featherwallet runs a Tor client and connects to Tor nodes after it is done syncing, you can't send a transaction before it is done syncing
kittikitti•2mo ago
It's absolutely wild that Tor and VPN's can be so easily backdoored by governments. The mitigations in this article make sense but how would I explain this to normies who support law enforcement? I guess they can just live in denial.

Show HN: GTM MCP Server- Let AI Manage Your Google Tag Manager Containers

https://github.com/paolobietolini/gtm-mcp-server
1•paolobietolini•19s ago•0 comments

Launch of X (Twitter) API Pay-per-Use Pricing

https://devcommunity.x.com/t/announcing-the-launch-of-x-api-pay-per-use-pricing/256476
1•thinkingemote•30s ago•0 comments

Facebook seemingly randomly bans tons of users

https://old.reddit.com/r/facebookdisabledme/
1•dirteater_•1m ago•1 comments

Global Bird Count

https://www.birdcount.org/
1•downboots•2m ago•0 comments

What Is Ruliology?

https://writings.stephenwolfram.com/2026/01/what-is-ruliology/
2•soheilpro•4m ago•0 comments

Jon Stewart – One of My Favorite People – What Now? With Trevor Noah Podcast [video]

https://www.youtube.com/watch?v=44uC12g9ZVk
1•consumer451•6m ago•0 comments

P2P crypto exchange development company

1•sonniya•20m ago•0 comments

Vocal Guide – belt sing without killing yourself

https://jesperordrup.github.io/vocal-guide/
1•jesperordrup•24m ago•0 comments

Write for Your Readers Even If They Are Agents

https://commonsware.com/blog/2026/02/06/write-for-your-readers-even-if-they-are-agents.html
1•ingve•25m ago•0 comments

Knowledge-Creating LLMs

https://tecunningham.github.io/posts/2026-01-29-knowledge-creating-llms.html
1•salkahfi•26m ago•0 comments

Maple Mono: Smooth your coding flow

https://font.subf.dev/en/
1•signa11•32m ago•0 comments

Sid Meier's System for Real-Time Music Composition and Synthesis

https://patents.google.com/patent/US5496962A/en
1•GaryBluto•40m ago•1 comments

Show HN: Slop News – HN front page now, but it's all slop

https://dosaygo-studio.github.io/hn-front-page-2035/slop-news
5•keepamovin•41m ago•1 comments

Show HN: Empusa – Visual debugger to catch and resume AI agent retry loops

https://github.com/justin55afdfdsf5ds45f4ds5f45ds4/EmpusaAI
1•justinlord•43m ago•0 comments

Show HN: Bitcoin wallet on NXP SE050 secure element, Tor-only open source

https://github.com/0xdeadbeefnetwork/sigil-web
2•sickthecat•46m ago•1 comments

White House Explores Opening Antitrust Probe on Homebuilders

https://www.bloomberg.com/news/articles/2026-02-06/white-house-explores-opening-antitrust-probe-i...
1•petethomas•46m ago•0 comments

Show HN: MindDraft – AI task app with smart actions and auto expense tracking

https://minddraft.ai
2•imthepk•51m ago•0 comments

How do you estimate AI app development costs accurately?

1•insights123•52m ago•0 comments

Going Through Snowden Documents, Part 5

https://libroot.org/posts/going-through-snowden-documents-part-5/
1•goto1•52m ago•0 comments

Show HN: MCP Server for TradeStation

https://github.com/theelderwand/tradestation-mcp
1•theelderwand•55m ago•0 comments

Canada unveils auto industry plan in latest pivot away from US

https://www.bbc.com/news/articles/cvgd2j80klmo
3•breve•56m ago•1 comments

The essential Reinhold Niebuhr: selected essays and addresses

https://archive.org/details/essentialreinhol0000nieb
1•baxtr•59m ago•0 comments

Rentahuman.ai Turns Humans into On-Demand Labor for AI Agents

https://www.forbes.com/sites/ronschmelzer/2026/02/05/when-ai-agents-start-hiring-humans-rentahuma...
1•tempodox•1h ago•0 comments

StovexGlobal – Compliance Gaps to Note

1•ReviewShield•1h ago•1 comments

Show HN: Afelyon – Turns Jira tickets into production-ready PRs (multi-repo)

https://afelyon.com/
1•AbduNebu•1h ago•0 comments

Trump says America should move on from Epstein – it may not be that easy

https://www.bbc.com/news/articles/cy4gj71z0m0o
7•tempodox•1h ago•4 comments

Tiny Clippy – A native Office Assistant built in Rust and egui

https://github.com/salva-imm/tiny-clippy
1•salvadorda656•1h ago•0 comments

LegalArgumentException: From Courtrooms to Clojure – Sen [video]

https://www.youtube.com/watch?v=cmMQbsOTX-o
1•adityaathalye•1h ago•0 comments

US moves to deport 5-year-old detained in Minnesota

https://www.reuters.com/legal/government/us-moves-deport-5-year-old-detained-minnesota-2026-02-06/
9•petethomas•1h ago•3 comments

If you lose your passport in Austria, head for McDonald's Golden Arches

https://www.cbsnews.com/news/us-embassy-mcdonalds-restaurants-austria-hotline-americans-consular-...
2•thunderbong•1h ago•0 comments