Monero Exploit Discovered!

Recently(ish?) a vulnerability in Monero's ring signatures was discovered.

If you rely on Monero for privacy, please read the mitigation advice!

If you simply use it for extra transactional privacy, and don't care about institutional or state actor-level threats, then you probably shouldn't worry about much.

🕵️EXPLOIT TL;DR

Basically, the MAP Decoder Attack uses standard statistical analysis to increase the probability of guessing the correct transaction (Monero uses decoys) from 1 in 16 to around 1 in 4.2. Combined with other known attacks, this could increase this probability even further.

I'm not a subject matter expert, but here's the full analysis by Duke Leto, who is.

🕵️WHAT YOU SHOULD DO

Do three things:

1. Use two wallets
2. Use one for receiving only and one for spending only
3. Do not reuse a stealth address for receiving from different parties

This practically extends your decoy set to where even using the MAP Decoder Attack won't affect you nearly as much.

Again, credit to Duke for this handy mitigation guide (he had 4 steps, I turned it to 3). Read the full guide.

🕵️WHAT YOU SHOULD NOT DO

You should not simply stop using Monero.

You're still getting significantly better privacy than most other cryptos for most other use cases, and infinitely more than by using banks. Don't let this FUD you into giving up on privacy entirely.

But you should also avoid doing criminal stuff. I'm not here to moralize, just saying that if you're doing things that could get you in trouble, be super careful about how you use privacy tools.

🕵️BETTER PRIVACY IS ON THE WAY!

Thankfully, Full-Chain Membership Proofs (FCMP) are being developed, which will evolve Monero past ring signatures, and essentially get rid of all these vulnerabilities.

In the meantime, either use those mitigations described above, or use cryptos with privacy functions more similar to what FCMPs will provide, like Zcash or Firo.

Posted Using INLEO