Ivan Bogatyy a member of the team at Dragonfly Research, has posted a publication on Medium, claiming that he successfully exploited the Mimblewimble (MW) privacy protocol, and had access to all the addresses in a whopping 96% of all Grin transactions run on the MW.
Bogatyy said that he did this using only $60 a week, via Amazon Web Services (AWS), a cloud computing service by Amazon. The MW protocol achieves its own privacy and anonymity by making use of CoinJoins, which is basically a way to merge several different transactions in a block to produce an ‘anonymity set.’ However, Bogatyy’s findings prove to show that there is a big enough problem with the protocol. He wrote:
“In my attack, I was able to link 96% of all transactions while only connecting to 200 peers out of the total 3000 peers in Grin’s network. But if I wanted to spend a bit more money, I could easily connect to 3000 nodes to disaggregate almost all transactions.”
The above excerpt means that if Bogatty decided to spend more than $60 a week on AWS, he could easily break the CoinJoin process of merging transactions in a block to achieve anonymity. Bogatty added however that the problem might be unfixable for MW, and further suggested that other privacy networks such as Zcash and Monero, are a lot better regarding privacy, than MW.
Back in January, a new line of miners was launched, targeted at the Grin digital currency.
Image Credits: Pixabay
Keep in mind that we may receive commissions when you click our links and make purchases. However, this does not impact our reviews and comparisons. We try our best to keep things fair and balanced, in order to help you make the best choice for you.
