How bad actors try to track Monero
Depending on your operational security, the combination of the various attack types in this article may reduce your privacy significantly, to get the real spend in a ring signature.
These methods have been used to arrest the Incognito Market admin, the operators of Archetyp, a Colombian drug dealer, a Finnish blackmailer, the Bitfinex hacker and 18 Japanese fraudsters.
---
# Eve-Alice-Eve attack
This one’s like a sneaky collusion trick. Two parties (both called Eve) team up to figure out who’s behind a transaction with Alice. Eve1 sends Monero to Alice in one transaction; Eve2 receives Monero from Alice in another.
They compare their transaction records, if Eve1’s address shows up in Eve2’s ring signature, or if amounts and times match up, they can pretty confidently say Alice was involved. Repeating this over and over makes their case even stronger.
---
# Poisoned output attack
Think of this like "marked bills" in the physical world. Here, the attacker "poisons" some Monero outputs, either with a unique amount or a specific pubkey, and then watches to see if those outputs get sent to someone who knows the identity of those who send them monero, and who has agreed to share data with the attacker to help identify the target.
If the target sends that marked Monero to a known colluder, the attacker can identify who sent it. Repeated use helps build a stronger case.
---
# Timing analysis attack
Sometimes, targets try to dodge the poisoned output trap by splitting amounts or churning (sending to new addresses repeatedly). But if they’re doing this on a regular schedule, attackers can catch on by watching the timing between transactions.
For example, if an attacker notices that every Tuesday, a certain person receives Monero and then quickly sends it out again, that pattern can reveal who they are, even if they try to hide it.
Anti-privacy adversaries can leverage timing information to increase the probability of guessing the real spend in a ring signature to approximately 1-in-4.2 instead of 1-in-16.
---
# Decoy elimination attack
This trick is handy if someone has a list of transaction IDs and thinks their target sent Monero in those transactions. They might get this list by scanning the blockchain for transactions that include a special kind of public key known to belong to the target, or from someone who’s interacted with the target a few times, like an exchange or a store.
Once they have the list, they can look up those transactions and check the signatures inside them. These signatures include a bunch of public keys used to hide who actually sent the money. The attacker checks if any of those keys are theirs or someone they know. If they find a match, they can ask the owner if they made that transaction. If not, then that key was just a decoy, not the real sender.
This method helps the attacker narrow down the possible real sender. In the worst case, they can remove all the fake keys and figure out exactly who sent the Monero. From there, they might trace the transaction back or forward, using the same or different techniques, to follow the money’s trail.
---
# Spy node attack
Monero transactions are broadcast through nodes, some are run by honest users, others by malicious actors (spy nodes). If your wallet sends transactions through a spy node, they might log your IP address, which can then be linked to your transaction and real identity.
Full nodes try to protect you with protocols like Dandelion++, but they’re not perfect. Attackers can exploit this by seeing if a transaction is still in its "stem" phase, which can leak your IP.
---
# Tx history lookup attack
If an attacker manages to get hold of your private keys (say, during a raid or if you accidentally share them), they can look up your entire transaction history on the blockchain. This helps them see all the Monero you’ve received and sent.
References:
getmonero.org, The Monero Project
Blog: OSPEAD - Optimal Ring Signature Research
New research funded by the Monero community provides a method of optimal defense against statistical analysis of ring signatures. However, the rese...
Buy or Sell Monero Anonymously, Quick and Easy — OpenMonero
Inspired by Agoradesk - Buy and sell Monero (XMR) online without ID verification - use PayPal, credit/debit card or bank transfer, gift cards, cash...
#Privacy #Markets #HiddenService #News #Work #Monero #Crypto #Hacking #HarmReduction #Guides #Bisq #cakewallet #haveno #retoswap #trading #p2p #escrow #localmonero #dex #cex #moneroju #xmrbaazar #security #agorism #cypherphunk #rugpull #transparency #stats
