Ivan Bogatyy a member of the team at Dragonfly Research, has posted a publication on Medium, claiming that he successfully exploited the Mimblewimble (MW) privacy protocol, and had access to all the addresses in a whopping 96% of all Grin transactions run on the MW.
Bogatyy said that he did this using only $60 a week, via Amazon Web Services (AWS), a cloud computing service by Amazon. The MW protocol achieves its own privacy and anonymity by making use of CoinJoins, which is basically a way to merge several different transactions in a block to produce an ‘anonymity set.’ However, Bogatyy’s findings prove to show that there is a big enough problem with the protocol. He wrote:
“In my attack, I was able to link 96% of all transactions while only connecting to 200 peers out of the total 3000 peers in Grin’s network. But if I wanted to spend a bit more money, I could easily connect to 3000 nodes to disaggregate almost all transactions.”
The above excerpt means that if Bogatty decided to spend more than $60 a week on AWS, he could easily break the CoinJoin process of merging transactions in a block to achieve anonymity. Bogatty added however that the problem might be unfixable for MW, and further suggested that other privacy networks such as Zcash and Monero, are a lot better regarding privacy, than MW.
Back in January, a new line of miners was launched, targeted at the Grin digital currency.
Image Credits: Pixabay