De-anonymization attacks against the privacy coin XMR

Original Article ↗ Hacker News Discussion ↗

Monero vs Bitcoin: Technology, Scaling, and Market Cap

  • Several commenters see Monero as technologically superior to Bitcoin (privacy, monetary design) yet with much smaller market cap, attributing BTC’s dominance to inertia, branding, and institutional access (ETFs, futures).
  • Others stress that tech quality and market cap are weakly correlated; mindshare and liquidity are self-reinforcing.
  • Monero’s tail emission (constant-rate issuance, uncapped supply, declining inflation rate) is praised as better money for actual use but less attractive for speculation compared to BTC’s capped supply.
  • On scaling, Monero is acknowledged as heavier than BTC: larger transactions, TXO-based state, and wallet requirements to track many outputs. However, it has fewer self‑imposed on-chain limits, so in practice may handle more usage.

Privacy Models, Attacks, and Planned Upgrades

  • Strong support for Monero’s default, mandatory privacy versus optional privacy coins (e.g. Zcash).
  • Criticism that the article is “far from comprehensive”: missing Eve–Alice–Eve (EAE/ABA) attacks, churning weaknesses, randomness issues, flooding, and network-level spying that can link TXIDs to IPs.
  • OSPEAD / “map decoder” work is cited as showing Monero’s practical privacy is substantially weaker than previously assumed, with fixes still pending and requiring a hard fork.
  • Skeptics argue decoy-based privacy is inherently stochastic and systematically weaker than ZK-based designs; they note most newer privacy systems avoid decoys.
  • Monero is moving toward Full Chain Membership Proofs (FCMP/FCMP++), a ZK-style scheme expected to significantly strengthen privacy, but years of work remain.

Inflation, Opaque Ledgers, and Supply Auditing

  • One camp argues opaque blockchains risk undetectable inflation (e.g., breaking a discrete log could allow invisible money creation), while transparent chains can always verify supply.
  • Others counter that in systems like Monero, the same cryptographic mechanisms that prevent double-spends also prevent inflation, and that Bitcoin’s scripting complexity introduces its own inflation risks.
  • There is direct disagreement on whether Monero’s inflation risk is materially higher or not, with one commenter flatly labeling the “invisible inflation” concern as wrong.

Bitcoin Privacy (CoinJoin, Lightning, etc.) vs Monero

  • Some ask whether BTC plus CoinJoin/Lightning makes Monero unnecessary.
  • Several replies criticize Lightning as effectively a separate IOU system whose security depends on active blockchain monitoring; channel closures can still enable cheating.
  • Debate over how strong Bitcoin’s double-spend protection really is in real commerce, and whether Lightning materially degrades those guarantees.
  • Consensus in the thread leans toward BTC privacy tools being weaker and more complex to use than Monero’s built‑in privacy.

Evidence from Hacks, Laundering, and Court Cases

  • The ByBit hack and other major thefts where BTC/USDT are quickly swapped into XMR are cited as practical evidence that Monero is hard to trace, even for Western agencies.
  • Some say this “proves” XMR’s privacy; others temper that to “evidence at best.”
  • One commenter notes that Monero’s use by criminals simultaneously increases liquidity and improves anonymity sets, making it more effective for all users over time.
  • It’s stressed that timing and amount correlations (e.g., cashing out the exact amount received, in a single transaction) can deanonymize users regardless of cryptography.
  • A critic warns that relying on public court narratives to judge privacy is dangerous because of parallel construction: authorities may secretly exploit attacks, then claim a different method in court.

Regulation, Politics, and Ethics

  • Multiple comments mention de facto bans: Monero being delisted or blocked from most regulated fiat exchanges.
  • Some see attempts to ban or stigmatize Monero as strong evidence the tech works; others speculate that if it weren’t already compromised, governments would have moved faster or harsher.
  • There’s concern Monero could be instantly criminalized under future capital controls, effectively equated with money laundering.
  • Ethical tensions: some fear private money will primarily aid ultra‑rich corruption or hostile states (e.g., North Korean operations); others point out the legacy financial system already enables elite impunity, and value Monero’s optional auditability for individuals under repression.

Alternative Privacy Coins and Project Trust

  • DERO is raised as an “alternative” with fully encrypted balances, but another commenter notes a serious privacy break attributed to developer incompetence, undermining trust.
  • Several participants emphasize Monero’s long track record and comparatively trustworthy, principled dev culture (e.g., ASIC resistance decisions, default full-node behavior).
  • Questions arise about pseudonymous developers; the consensus is that reputation and history matter more than legal identities.

Wallets, OPSEC, and Practical Usage

  • Feather Wallet (desktop) and Cake Wallet (mobile) are recommended. Feather is praised for: Tor-only connections after initial sync, onion-only peers, enforced subaddresses, and preventing address reuse.
  • OPSEC advice:
    • Avoid simple exchange→exchange flows; instead withdraw to your wallet, wait days or weeks, then send out in different denominations.
    • Don’t move in/out the same amounts shortly after; timing/amount patterns can reveal you.
    • Watch out for dust attacks and avoid spending suspicious tiny outputs.
  • Simple “tip jar” setup: create a wallet, back up the seed, derive a view-only wallet for monitoring, and publish a receiving address starting with “8”.

Critique of the Linked Article and Meta Issues

  • Some commenters complain the article lacked a visible date, which they consider crucial for rapidly evolving topics; after this thread, the site editor adds dates and clarifies authorship.
  • One commenter accuses the piece of reading like “AI slop” due to repetitive structure; the author responds angrily, stating it was manually researched and written over weeks, with a professional journalism background.
  • More technically oriented critics say the article overstates the conclusion (“Monero’s privacy remains resilient”) and underplays ongoing, serious de‑anonymization research and live attacks, describing it as part of a pattern of Monero-promotional “nothing to see here” analyses.

AI, Darknet, and Future Demand for Private Payments

  • A side discussion speculates that future AI regulation (especially if the US restricts model exports or mandates a “good boy list” of allowed providers) could drive demand for grey/black‑market AI services.
  • One view: people will pay with crypto over Tor/onion services to access unapproved models, analogous to how darknet markets evolved.
  • Another view is skeptical: if consumer hardware can run many models locally, Tor/AI marketplaces might be unnecessary, and the “darknet AI + crypto” narrative is seen as overblown.

Legal Outlook (EU and Beyond)

  • The EU’s planned 2027 ban on privacy-preserving cryptocurrencies is noted; practical advice from the thread is minimal beyond a curt “do it anyway,” reflecting a belief that technical use will outlive formal legality.