Researchers point out serious gaps in the privacy promises of stealth cryptocoin Monero.
As discerning dark web drug dealers and pseudonymous hackers have figured that Bitcoin is not magically private money, many have turned to Monero, a digital coin that promises a far higher degree of anonymity and untraceability baked into its design. But one group of researchers has found that Monero’s privacy protections, while better than Bitcoin’s, still aren’t the cloak of invisibility they might seem.
Monero is designed to mix up any given Monero “coin” with other payments, so that anyone scouring Monero’s blockchain can’t link it to any particular identity or previous transaction from the same source. But in a recent paper, a team of researchers from a broad collection of institutions—including Princeton, Carnegie Mellon, Boston University, MIT, and the University of Illinois at Urbana-Champaign—point to flaws in that mixing that make it possible to nonetheless extract individual transactions.
That shouldn’t just worry anyone trying to stealthily spend Monero today. It also means evidence of earlier not-quite-untraceable payments remain carved into Monero’s blockchain for years to come, visible for any snoop that cares to look.
Those privacy flaws were especially acute before a change to Monero’s code in February of 2017, the researchers note. But transactions before that time remain dangerously identifiable, and even payments after that change may be easier to identify than Monero’s privacy-sensitive users might think. “The mental model that people have today for Monero is a simplistic one, that these transactions are private. That model is just incorrect,” says Andrew Miller, a researcher at the University of Illinois at Urbana-Champaign who worked on the paper. “There’s information that’s revealed and not covered up by Monero’s cryptography.” Miller is also an advisor to Zcash, another cryptocurrency that promises privacy protections.