On-chain tracking of Monero and other Cryptonotes


In the previous articles we discussed how to turn churning into incriminating evidence using external metadata [ 1 ] and how lack of churning will let your funds be tracked through simple output tagging (Knacc attack)[ 2 ]. In this article we will discuss how to track churning — and do active tracking attacks on-chain without help of any metadata. In fact you can do it on Monero blockchain right now, without anyone being any wiser.

Simple output merging attack

This attack builds upon the “Heuristic II” attack (section 5.2) from A Traceability Analysis of Monero’s Blockchain by Amrit Kumar, Clément Fischer, Shruti Tople, and Prateek Saxena. IACR Cryptology ePrint Archive, 2017. [ link ]

Normal transaction flow

Only real inputs are shown to simplify the diagram.

Tracking churning

Last week I explained how Knacc attack enables tracking users. Standard Monero advice is to “churn” (send money to yourself). I warned users very strongly not to do it. Author of the attack disagreed, possibly unaware of this possibility [ 1 ]. Let’s see how such churn looks in context.

Here Alice does one churning transaction.

Active tracking attack

Did you notice how we deanonymized T2? We know that T2 was created by Alice, we know that 3A is change, and the other output didn’t form another ring therefore Alice either hasn’t spent it yet or sent it to someone else.

Active output trace attack

Thanks section

I would like to thank Dash and ZCash community for helping me spread awareness of privacy issues after I have been banned from @monero Telegram channel [ 3 ].

Pretty thumbnail picture rendered by RyoRu



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store