To evaluate Monero's honeypot risk score let's look at the ratio of daily transactions (~25k) and the total number of Monero nodes (~14k), and then compare it to that of other coins like BTC (~22k nodes, 396k TXs), ETH (11214 nodes, 1.5M TXs) , LTC (1167 nodes, 200K TXs). This can measure the likelihood that the current amount of Monero nodes is organic and not inflated by Sybil nodes. Based on data available online, Monero's transactions per node ratio (~1.7) is more than 10x lower than that of Bitcoin (~18) and very close to 1. This suggests that Monero's node network is dominated by sybil nodes at a ratio of 10-to-1 (10 XMR sybil nodes for every user node).
Another way to interpret the low ratio, in practical terms, is that for every Monero daily transaction there is 1 dedicated node in the network serving the broadcaster of the transaction. By comparison, in ETH and LTC a node serves, on average, 133 and 173 transactions per day respectively. Bitcoin makes a good, realistic benchmark because it is the original cypherpunk coin (not the case with ETH and LTC) with a community that always encouraged its users to run full nodes as part of its culture. The amount of sybil XMR nodes per user node is probably even higher when we consider that the average Monero user is less likely than the average BTC user to run their own node.
Like I've been explaining for a while, Monero is obsolete privacy tech turned honeypot by Palantir/Chainalysis (both funded by In-Q-Tel) via crime marketing. Monero tracing exploits its old privacy tech (UTXO accounting model & key images) but offchain metadata is also crucial (ie: Sybil nodes generate profit). In BTC/LTC/ETH tracing, OTOH, offchain metadata play a marginal role, which is why in coins like ETH and LTC the tx-per-node ratio is so high as there is no utility/profit generated by Sybil nodes.
To be able to use offchain metadata consistently, Palantir/Chainalysis would need a huge enough network of full Monero nodes in order to maximise the probability that any user not using a full node sends the transaction to a node that reports back to Chainalysis. And in cases where users run their own nodes, to still be able to tell which node a specific transaction originated from despite Dandelion. Monero's outstandingly low tx/node ratio suggests a huge sybil network 10x the size of organic Monero nodes is already in place.
Another way to interpret the low ratio, in practical terms, is that for every Monero daily transaction there is 1 dedicated node in the network serving the broadcaster of the transaction. By comparison, in ETH and LTC a node serves, on average, 133 and 173 transactions per day respectively. Bitcoin makes a good, realistic benchmark because it is the original cypherpunk coin (not the case with ETH and LTC) with a community that always encouraged its users to run full nodes as part of its culture. The amount of sybil XMR nodes per user node is probably even higher when we consider that the average Monero user is less likely than the average BTC user to run their own node.
Like I've been explaining for a while, Monero is obsolete privacy tech turned honeypot by Palantir/Chainalysis (both funded by In-Q-Tel) via crime marketing. Monero tracing exploits its old privacy tech (UTXO accounting model & key images) but offchain metadata is also crucial (ie: Sybil nodes generate profit). In BTC/LTC/ETH tracing, OTOH, offchain metadata play a marginal role, which is why in coins like ETH and LTC the tx-per-node ratio is so high as there is no utility/profit generated by Sybil nodes.
To be able to use offchain metadata consistently, Palantir/Chainalysis would need a huge enough network of full Monero nodes in order to maximise the probability that any user not using a full node sends the transaction to a node that reports back to Chainalysis. And in cases where users run their own nodes, to still be able to tell which node a specific transaction originated from despite Dandelion. Monero's outstandingly low tx/node ratio suggests a huge sybil network 10x the size of organic Monero nodes is already in place.
๐7๐คฏ4๐ฉ3๐ฏ2โค1๐1
XMR PROOF OF SYBIL: When TARI launched, it reached 11,300 full nodes within 24h from Monero's total 12,560 nodes.
The event was immortalized in a tweet by @Donttracemebruh. Even if we completely disregard TARI's huge 30% premine and its founder's poor reputation (recently involved in the CSS hack controversy), 11k nodes in 24h (even before marketing started) doesn't make any sense unless the nodes were the Monero Sybil nodes controlled by one entity that decided to run TARI in parallel.
That would explain how TARI bootstrapped its node infrastructure so quickly. For Monero, that implies a Sybil-to-user node ratio of at least 10:1, in the same range as estimated when comparing Monero to Bitcoin.
In addition to the transaction per node ratio, this is an even stronger piece of evidence that Monero has been fully Sybiled by a network of at least 11,000 nodes (min 90% of nodes).
The event was immortalized in a tweet by @Donttracemebruh. Even if we completely disregard TARI's huge 30% premine and its founder's poor reputation (recently involved in the CSS hack controversy), 11k nodes in 24h (even before marketing started) doesn't make any sense unless the nodes were the Monero Sybil nodes controlled by one entity that decided to run TARI in parallel.
That would explain how TARI bootstrapped its node infrastructure so quickly. For Monero, that implies a Sybil-to-user node ratio of at least 10:1, in the same range as estimated when comparing Monero to Bitcoin.
In addition to the transaction per node ratio, this is an even stronger piece of evidence that Monero has been fully Sybiled by a network of at least 11,000 nodes (min 90% of nodes).
๐คฏ8๐คฃ3๐คก2๐1๐ฏ1๐ญ1
Everyone in Monero seems to finally agree with the proposition that Monero has no receiver privacy. Monero's defense has now been reduced to "you can see receiver's output, but you can't tell when that output is spent". This is also blatantly false. Here is a list of ways to detect when an output TXO1 is spent:
1. OSPEAD/output age analysis: if the owner of the output spends TXO1 too soon or too late, the output will be exposed as the real spend because it will be too old or too young for the decoy selection algo to have picked it.
2. Cluster analysis: if we've sent money more than once to the owner of the output, or if we know of other outputs they control because we collect information from CEXes (or other offchain metadata), then whenever TXO1 appears in a transaction with other outputs from the same spender we know that it's being spent.
3. Spam attack: If after sending TXO1 we start spamming the chain with new outputs by sending dust amounts to ourselves, then if TXO1 appears in a transaction where a sufficient number of spam TXOs are included, by exclusion we can find out where TXO1 is spent. Note that we don't need 15 spam TXOs to be included, we need just enough spam TXOs to make sure the specific age range of our target output is over represented in the target transaction.
4. Key image analysis: TXO1 is included in a transaction where we recognise enough spent outputs among decoys (because we aggregate data with exchanges that give us the key images of their spent TXOs)
5. A combination of the 4 methods listed so far can pretty much deanonymize any Monero transaction.
None of these attack vectors are possible on Dero, because it uses the account model with homomorphic encryption. Some will argue that today, since Dero has sender and receiver rings, a spam attack can still do damage. However, even with rings, a spam attack (alone) still does trivial damage thanks to homomorphic encryption because you still have no way of knowing which one is the sender or the receiver ring. So even if we see an account we recognize in a transaction, we've no idea if our target is receiving money or spending (whether it's spender or receiver ring). Moreover, while in Monero a TXO has to be emptied every time it's spent, in Dero accounts are simply updated and can be updated multiple times. So a spam attack provides trivial information about a transaction on Dero, while on Monero a spam attack alone can be fatal.
In other words, Monero has no receiver privacy and no sender privacy.
1. OSPEAD/output age analysis: if the owner of the output spends TXO1 too soon or too late, the output will be exposed as the real spend because it will be too old or too young for the decoy selection algo to have picked it.
2. Cluster analysis: if we've sent money more than once to the owner of the output, or if we know of other outputs they control because we collect information from CEXes (or other offchain metadata), then whenever TXO1 appears in a transaction with other outputs from the same spender we know that it's being spent.
3. Spam attack: If after sending TXO1 we start spamming the chain with new outputs by sending dust amounts to ourselves, then if TXO1 appears in a transaction where a sufficient number of spam TXOs are included, by exclusion we can find out where TXO1 is spent. Note that we don't need 15 spam TXOs to be included, we need just enough spam TXOs to make sure the specific age range of our target output is over represented in the target transaction.
4. Key image analysis: TXO1 is included in a transaction where we recognise enough spent outputs among decoys (because we aggregate data with exchanges that give us the key images of their spent TXOs)
5. A combination of the 4 methods listed so far can pretty much deanonymize any Monero transaction.
None of these attack vectors are possible on Dero, because it uses the account model with homomorphic encryption. Some will argue that today, since Dero has sender and receiver rings, a spam attack can still do damage. However, even with rings, a spam attack (alone) still does trivial damage thanks to homomorphic encryption because you still have no way of knowing which one is the sender or the receiver ring. So even if we see an account we recognize in a transaction, we've no idea if our target is receiving money or spending (whether it's spender or receiver ring). Moreover, while in Monero a TXO has to be emptied every time it's spent, in Dero accounts are simply updated and can be updated multiple times. So a spam attack provides trivial information about a transaction on Dero, while on Monero a spam attack alone can be fatal.
In other words, Monero has no receiver privacy and no sender privacy.
๐ฅ18๐คก4๐ฏ4๐1๐1๐คฎ1๐ฉ1๐จโ๐ป1
Need to trace Monero? Look no further, a new unicorn has entered the Monero tracing scene: Naxo LLC.
According to its website, Naxo, whose founders seem to be former law enforcement agents, specializes in investigating alternative currencies not supported by commercially available blockchain investigative tools. That sounds like code for: be prepared to pay a premium.
Two months ago Naxo publicly announced that they purchased Moonstone Research (for an undisclosed amount). I've written about Moonstone Research and Justin's likely connection to Chainalysis before. Speaking of Justin, Naxo says (among others) Justin also has extensive experience developing and supporting compliance programs, most notably at DV Chain and Cake Wallet where he spent the early part of his career. [...] At Moonstone, Justin developed the companyโs flagship product, Crescent Discovery, which helps investigative teams deanonymize Monero transactions. Justin was VP of Operations at Cake Wallet for 2 years from 2021 until 2023 before launching MR. And by the way, Cake wallet's code is not reproducible (maybe for compliance reasons? ๐คทโโ๏ธ).
Tracing Monero requires aggregating various data that exchanges report quarterly to Chainalysis. Moreover, Chainalysis is likely the owner or co-owner of a sybil network of at least 11 300 Monero nodes. This network was accidently exposed during Tari's XMR merge mining launch (which was promoted in unison by all Cake wallet employees). Spy nodes help collect offchain metadata that make Monero cheaper to trace.
Contrary to Moonstone Research, which was run by Justin alone and lacked the credibility to attract serious customers, Naxo has many former seasoned LE agents in its ranks so I can totally recommend Naxo if you need to trace Monero. Also, there is no data on who funds Naxo, but they attend Chainalysis conferences in NYC so I'm sure they have access to all the deep capabilities of Chainalysis and/or Palantir. They also seem much more approachable than Chainalysis, perfect for smaller customers that want Monero tracing without the red tape. So if you're in the market for tracing XMR, I'd go for Naxo.
As a potential customer and privacy activitst, I give Naxo full 5 stars. โญ๏ธโญ๏ธโญ๏ธโญ๏ธโญ๏ธ
According to its website, Naxo, whose founders seem to be former law enforcement agents, specializes in investigating alternative currencies not supported by commercially available blockchain investigative tools. That sounds like code for: be prepared to pay a premium.
Two months ago Naxo publicly announced that they purchased Moonstone Research (for an undisclosed amount). I've written about Moonstone Research and Justin's likely connection to Chainalysis before. Speaking of Justin, Naxo says (among others) Justin also has extensive experience developing and supporting compliance programs, most notably at DV Chain and Cake Wallet where he spent the early part of his career. [...] At Moonstone, Justin developed the companyโs flagship product, Crescent Discovery, which helps investigative teams deanonymize Monero transactions. Justin was VP of Operations at Cake Wallet for 2 years from 2021 until 2023 before launching MR. And by the way, Cake wallet's code is not reproducible (maybe for compliance reasons? ๐คทโโ๏ธ).
Tracing Monero requires aggregating various data that exchanges report quarterly to Chainalysis. Moreover, Chainalysis is likely the owner or co-owner of a sybil network of at least 11 300 Monero nodes. This network was accidently exposed during Tari's XMR merge mining launch (which was promoted in unison by all Cake wallet employees). Spy nodes help collect offchain metadata that make Monero cheaper to trace.
Contrary to Moonstone Research, which was run by Justin alone and lacked the credibility to attract serious customers, Naxo has many former seasoned LE agents in its ranks so I can totally recommend Naxo if you need to trace Monero. Also, there is no data on who funds Naxo, but they attend Chainalysis conferences in NYC so I'm sure they have access to all the deep capabilities of Chainalysis and/or Palantir. They also seem much more approachable than Chainalysis, perfect for smaller customers that want Monero tracing without the red tape. So if you're in the market for tracing XMR, I'd go for Naxo.
As a potential customer and privacy activitst, I give Naxo full 5 stars. โญ๏ธโญ๏ธโญ๏ธโญ๏ธโญ๏ธ
NAXO
The elite blockchain investigative experts solving your high stakes challenges.
๐คฃ9๐ฅ4๐คก2๐ฆ1
Lockbit's affiliate admin panel was hacked last month. The leaked database (which refers to activity from December 18, 2024 to April 29, 2025) paints an interesting picture of what percentage of blackhat hackers favors Monero over Bitcoin today (tldr: max 35%).
So what's Lockbit? It's a Russian criminal enterprise that offers ransomware as a service (RaaS) to blackhat hackers. These hackers don't disclose responsibly the vulnerabilities they find but opt to exploit and blackmail their victims. Hackers who wish to use Lockbit's ransomware must register on Lockbit and pay a one time $777 registration fee. When they successfully penetrate a target, they deploy Lockbit's ransomware to encrypt everything and start negotiating with the victim for a payment (ransom) in exchange for the decryption key of the data. If the victim doesn't pay then the data is published online. If the ransom is successful (ie: victim pays) Lockbit receives 20% of the ransom, while the hacker takes 80%.
In the registration process Lockbit requires its affiliates to pick one payment option, either BTC or XMR (not both). Once registrants pick an option then a unique registration address is generated where they need to send their payment to have access to Lockbit's ransomware panel. Based on data from the past 6 months that was just leaked (the best data available today), only 35% opted for XMR (1335) while 65% (2338) opted for BTC. Considering also that this is not the currency of the ransom to be paid, but the currency with which to pay a $777 registration fee, liquidity has no impact but is merely a question of what these blackhat hackers consider more private. As of today, the vast majority of blackhat hackers consider BTC to be more private than XMR.
If your tech is not private then the word gets out one way or another. Even if your propaganda/censorship machine is impeccable in appearance, peer to peer real life stories kick in at some point. Today, however, there are also plenty of public reports of Monero being traced, dating back from 2017 (Lazarus) till 2024 (Yuta Kobayashi). The technical explanation is simple: monero has no receiver privacy and senders can be exposed through a combination of data derived from OSPEAD analysis, cluster analysis, spam attack, key image analysis and spy nodes (explained in-depth here).
So what's Lockbit? It's a Russian criminal enterprise that offers ransomware as a service (RaaS) to blackhat hackers. These hackers don't disclose responsibly the vulnerabilities they find but opt to exploit and blackmail their victims. Hackers who wish to use Lockbit's ransomware must register on Lockbit and pay a one time $777 registration fee. When they successfully penetrate a target, they deploy Lockbit's ransomware to encrypt everything and start negotiating with the victim for a payment (ransom) in exchange for the decryption key of the data. If the victim doesn't pay then the data is published online. If the ransom is successful (ie: victim pays) Lockbit receives 20% of the ransom, while the hacker takes 80%.
In the registration process Lockbit requires its affiliates to pick one payment option, either BTC or XMR (not both). Once registrants pick an option then a unique registration address is generated where they need to send their payment to have access to Lockbit's ransomware panel. Based on data from the past 6 months that was just leaked (the best data available today), only 35% opted for XMR (1335) while 65% (2338) opted for BTC. Considering also that this is not the currency of the ransom to be paid, but the currency with which to pay a $777 registration fee, liquidity has no impact but is merely a question of what these blackhat hackers consider more private. As of today, the vast majority of blackhat hackers consider BTC to be more private than XMR.
If your tech is not private then the word gets out one way or another. Even if your propaganda/censorship machine is impeccable in appearance, peer to peer real life stories kick in at some point. Today, however, there are also plenty of public reports of Monero being traced, dating back from 2017 (Lazarus) till 2024 (Yuta Kobayashi). The technical explanation is simple: monero has no receiver privacy and senders can be exposed through a combination of data derived from OSPEAD analysis, cluster analysis, spam attack, key image analysis and spy nodes (explained in-depth here).
๐คฏ9๐3๐ฅ3๐คก2โก1๐1๐1
๐จInterpol just took down Monero-only Darknet Market Archetyp by tracing financial flows. In its 5 years of activity Archetyp amassed 612,000 users and a total transactions volume of over $289m (in XMR). While you can find the full Interpol PR here, here is a noteworthy quote:
By tracing financial flows (Archetyp was a Monero-only DNM), analysing digital forensic evidence, and working closely with partners on the ground, authorities were able to deliver a decisive blow to one of the most prolific drug markets on the dark web.
Archetyp's admin was arrested in Barcelona and other top vendors are being hunted down in Sweden and Germany. Like I've been arguing for a while, DNMs are honeypots and, as Monero's crime marketing suggests, Palantir/Chainalysis likely play a key role. Crime marketing consists of openly encouraging people to commit crimes with Monero (such as selling drugs online) with the promise of impunity (something Monero influencers do a lot). Chainalysis/Palantir then generate ROI by offering premium tracing services to LE to catch the criminals of their own making.
By the way, in March 2025 Chainalysis was sued by bankrupt crypto lender Celsius over 'sham audit confirming $3.3B of AUM'. Just so you've an idea of their moral/ethical compass.
To conclude, this piece of news only confirms what I've been saying for a long time and what advanced hackers (like those indirectly surveyed in the Lockbit admin panel leak) have known for a while: Monero is obsolete privacy tech turned honeypot by Chainalysis & Co.
By tracing financial flows (Archetyp was a Monero-only DNM), analysing digital forensic evidence, and working closely with partners on the ground, authorities were able to deliver a decisive blow to one of the most prolific drug markets on the dark web.
Archetyp's admin was arrested in Barcelona and other top vendors are being hunted down in Sweden and Germany. Like I've been arguing for a while, DNMs are honeypots and, as Monero's crime marketing suggests, Palantir/Chainalysis likely play a key role. Crime marketing consists of openly encouraging people to commit crimes with Monero (such as selling drugs online) with the promise of impunity (something Monero influencers do a lot). Chainalysis/Palantir then generate ROI by offering premium tracing services to LE to catch the criminals of their own making.
By the way, in March 2025 Chainalysis was sued by bankrupt crypto lender Celsius over 'sham audit confirming $3.3B of AUM'. Just so you've an idea of their moral/ethical compass.
To conclude, this piece of news only confirms what I've been saying for a long time and what advanced hackers (like those indirectly surveyed in the Lockbit admin panel leak) have known for a while: Monero is obsolete privacy tech turned honeypot by Chainalysis & Co.
๐ฅ12๐คก2โค1๐1
Archetyp DNM: From Monero only to Interpol only by tracing financial flows. Yes, they traced Monero. Yes, DNMs are honeypots. Yes, Monero is obsolete privacy tech turned honeypot by you know who.
๐คฃ9๐ฉ5๐ฅ1๐คก1๐1
Yesterday, a Chainalysis proxy (obvious from the misinformation contained in it) released a report on deanonymizing Zano by exploiting the weak network privacy and its staking feature. The core argument seems to rotate on the importance of having a strong p2p network communication protocol, which neither Monero nor Zano have.
That of p2p communication protocol is a topic I covered in February. Monero and Zano share the same weaknesses at the p2p communication protocol level. The disinformation piece by "Zaldo/jhendrix" on Zano argues that Dandelion++ in Monero defends against such type of attack. That's completely false, and if you've read my previous posts you should know why. I will still explain again here for the new ones, but first and foremost, before proceeding any further, check my pinned post infographic. You will see that as I explained there, both Monero and Zano have the weakest privacy of all UTXO chains. The outcome of this Zano (Chainalysis) investigation confirms that while misleadingly trying to hide Monero's weaknesses (which I will address here).
Monero's Dandelion makes sure that each node first propagates the transaction to a single node ("first single node"), instead of to all nodes in all directions at the same time (like Zano's p2p protocol). Dandelion's solution can be easily attacked by a chain analysis actor by simply increasing the amount of spy nodes, because this increases the odds that a user node picks a spy node as its first single node when broadcasting a new transaction.
For this reason, Dandelion does not provide protection in a network where at least 90% of nodes are spy nodes. We have a lot of proof today that over 90% of nodes in Monero are spy node (or circa 11300). Now let's read together what these honeypot promoters say about Zano:
If we have one spy in our peerlist, then once we relay a transaction, the Dandelion protocol will choose a random peer to broadcast it to, resulting in a 1/8 chance of picking our spy.
This passage proves they're engaging in disinformation, because if you know this much then you cannot claim to not know that even Dandelion can be easily bypassed by simply increasing the number of sybil nodes. By the same logic as employed to explain Zano's weakness, if in our list (network) 9 out of 10 nodes are spy nodes (like in Monero: see this and this), then the Dandelion protocol has a 9/10 chance of picking our spy node. In other words, Dandelion leaks at least 90% of the user IPs and this can be made more accurate by increasing the number of spy nodes further.
Let's read more what they say about Zano:
We can determine the user's IP address by comparing all spy node relay information, and by filtering for the earliest timestamp, we will identify the source with a 100% success rate.
But we can do the same in Monero, where 90% of nodes are spy nodes, and we will get the user's IP with min 90% success rate. Of course the Chainalysis interns have been instructed to suppress or censor any mention of this, even as a theoretical scenario, let alone admit its factual existence in Monero. Yet considering the evidence out there, it's obvious they cannot disagree with the statement that running your own node provides no protection in Monero, just like in Zano. Or maybe, to be fair, we can say it provide at most 10% more protection in Monero.
So the jhendrix/Zaldo piece can be best summarized as, we have deanonymized Zano by leveraging its weak p2p communication protocol and Monero's p2p protocol is, at its current state, only 10% stronger. Then Monero isn't private, is it?
The only cryptocurrency that effectively mitigates network level attacks is Dero, and it does it by combining UDP with/over TLS and erasure coding. In Dero, you can run your own node and not use a VPN and an outside observer still has no way of pinpointing a transaction to its node of origin because thanks to UDP and erasure coding it can't know who broadcast it first.
That of p2p communication protocol is a topic I covered in February. Monero and Zano share the same weaknesses at the p2p communication protocol level. The disinformation piece by "Zaldo/jhendrix" on Zano argues that Dandelion++ in Monero defends against such type of attack. That's completely false, and if you've read my previous posts you should know why. I will still explain again here for the new ones, but first and foremost, before proceeding any further, check my pinned post infographic. You will see that as I explained there, both Monero and Zano have the weakest privacy of all UTXO chains. The outcome of this Zano (Chainalysis) investigation confirms that while misleadingly trying to hide Monero's weaknesses (which I will address here).
Monero's Dandelion makes sure that each node first propagates the transaction to a single node ("first single node"), instead of to all nodes in all directions at the same time (like Zano's p2p protocol). Dandelion's solution can be easily attacked by a chain analysis actor by simply increasing the amount of spy nodes, because this increases the odds that a user node picks a spy node as its first single node when broadcasting a new transaction.
For this reason, Dandelion does not provide protection in a network where at least 90% of nodes are spy nodes. We have a lot of proof today that over 90% of nodes in Monero are spy node (or circa 11300). Now let's read together what these honeypot promoters say about Zano:
If we have one spy in our peerlist, then once we relay a transaction, the Dandelion protocol will choose a random peer to broadcast it to, resulting in a 1/8 chance of picking our spy.
This passage proves they're engaging in disinformation, because if you know this much then you cannot claim to not know that even Dandelion can be easily bypassed by simply increasing the number of sybil nodes. By the same logic as employed to explain Zano's weakness, if in our list (network) 9 out of 10 nodes are spy nodes (like in Monero: see this and this), then the Dandelion protocol has a 9/10 chance of picking our spy node. In other words, Dandelion leaks at least 90% of the user IPs and this can be made more accurate by increasing the number of spy nodes further.
Let's read more what they say about Zano:
We can determine the user's IP address by comparing all spy node relay information, and by filtering for the earliest timestamp, we will identify the source with a 100% success rate.
But we can do the same in Monero, where 90% of nodes are spy nodes, and we will get the user's IP with min 90% success rate. Of course the Chainalysis interns have been instructed to suppress or censor any mention of this, even as a theoretical scenario, let alone admit its factual existence in Monero. Yet considering the evidence out there, it's obvious they cannot disagree with the statement that running your own node provides no protection in Monero, just like in Zano. Or maybe, to be fair, we can say it provide at most 10% more protection in Monero.
So the jhendrix/Zaldo piece can be best summarized as, we have deanonymized Zano by leveraging its weak p2p communication protocol and Monero's p2p protocol is, at its current state, only 10% stronger. Then Monero isn't private, is it?
The only cryptocurrency that effectively mitigates network level attacks is Dero, and it does it by combining UDP with/over TLS and erasure coding. In Dero, you can run your own node and not use a VPN and an outside observer still has no way of pinpointing a transaction to its node of origin because thanks to UDP and erasure coding it can't know who broadcast it first.
๐ฅ5๐3๐คก2๐1๐จโ๐ป1
Zachxbt (Chainalysis) traced a WHITE marketing wallet to the Zkasino scam. Zkasino raised 10k ETH & team went MIA.
It's highly likely that Chainalysis (Zachxbt) traced Monero transactions to get to the bottom of the WHITE scam. Quote:
I noticed a number of transactions in late Feb to early Mar 2025 where Zkasino funds were sent to an instant exchange and WhiteRock wallets received similar quantities from other instant exchanges via XMR.
The flow chart has no evidence of Zkasino funds that were sent to swap services to buy XMR. If that's how he traced them, then show us the ~60ETH TXs from Zkasino to instant exchanges that preceded the funding of the WHITE wallet so we can verify timing and amounts, no? No, bc that's probably not how he traced them.
WHITE is the same type of scam as EOS. EOS raised $4.1bn (2018), delivered 0, but is going public today as Bullish ("Peter Thiel backed"). Zach won't look into EOS/Bullish, despite being 100x bigger. But he'll trace XMR for WHITE. Paypal mafia, innit?
It's highly likely that Chainalysis (Zachxbt) traced Monero transactions to get to the bottom of the WHITE scam. Quote:
I noticed a number of transactions in late Feb to early Mar 2025 where Zkasino funds were sent to an instant exchange and WhiteRock wallets received similar quantities from other instant exchanges via XMR.
The flow chart has no evidence of Zkasino funds that were sent to swap services to buy XMR. If that's how he traced them, then show us the ~60ETH TXs from Zkasino to instant exchanges that preceded the funding of the WHITE wallet so we can verify timing and amounts, no? No, bc that's probably not how he traced them.
WHITE is the same type of scam as EOS. EOS raised $4.1bn (2018), delivered 0, but is going public today as Bullish ("Peter Thiel backed"). Zach won't look into EOS/Bullish, despite being 100x bigger. But he'll trace XMR for WHITE. Paypal mafia, innit?
๐ค3๐คฏ2๐คก2๐2๐ญ1
A quick ICYMI'd update on the only protocol that is not chain analyzable today:
1. In April, Civilware released new Dero binaries that contain new seed nodes and some other updates. Link to Civilware's most recent Dero binaries (141): https://github.com/civilware/derohe/releases/tag/Release141
2. In May, Civilware released a wallet version that patches the wallet payload randomness re-use bug. If you want to review/test the patched wallet and provide feedback you can download it here: https://github.com/civilware/derohe/commit/f5b765417b949f62e19f043d370993db9b837f31
SixofClubs, Dank, Azylem and other community contributors are part of Civilware. If you're new to Dero and want to get started running a node and/or mining, you should be using Civilware's binaries as they are the most recent ones.
UTXO chains (XMR, Zano, ARRR, ZEC) are old tech, both onchain (because of UTXO and single use outputs generated with each transaction) as well as at the network level, which is always TCP based. Their p2p protocols were not designed to resist state actors or well funded actors like Chainalysis/Palantir.
DERO combines homomorphic encryption with the account model for onchain privacy-through-encryption, and UDP (connectionless, no handshake metadata) with erasure coding in its p2p communication protocol. This obfuscates transaction origin and reduces traceable patterns.
1. In April, Civilware released new Dero binaries that contain new seed nodes and some other updates. Link to Civilware's most recent Dero binaries (141): https://github.com/civilware/derohe/releases/tag/Release141
2. In May, Civilware released a wallet version that patches the wallet payload randomness re-use bug. If you want to review/test the patched wallet and provide feedback you can download it here: https://github.com/civilware/derohe/commit/f5b765417b949f62e19f043d370993db9b837f31
SixofClubs, Dank, Azylem and other community contributors are part of Civilware. If you're new to Dero and want to get started running a node and/or mining, you should be using Civilware's binaries as they are the most recent ones.
UTXO chains (XMR, Zano, ARRR, ZEC) are old tech, both onchain (because of UTXO and single use outputs generated with each transaction) as well as at the network level, which is always TCP based. Their p2p protocols were not designed to resist state actors or well funded actors like Chainalysis/Palantir.
DERO combines homomorphic encryption with the account model for onchain privacy-through-encryption, and UDP (connectionless, no handshake metadata) with erasure coding in its p2p communication protocol. This obfuscates transaction origin and reduces traceable patterns.
๐ฅ18๐5๐คก3โค1๐1๐คฏ1
Another XMR-only hacker goes down, with at least 3 huge hacks attributed to him whose ransoms were collected in XMR. Guy's name is Kai West and he went by the monicker 'IntelBroker'.
In the Palantir controlled press they are saying he got caught because of a $250 BTC transaction in February 2023, before any of the 3 huge hacks between March 2023 and November 2024 had happened. Seriously dudes, so they knew who he was and let him on the loose for 2 years despite that $250 BTC transaction tied to a Ramp account with his driving license being 'how they caught him'?
I read the complaint, and here is what the complaint actually says. Forum user IntelBroker, which was part of a digital ransomware gang, accepted $250 in BTC once in February 2023, and this transaction is used to prove that the identity of Kai West and that of the IntelBroker forum user are connected. That's it. The bulk of his criminal activity however occurred much later. According to the DOJ complaint, there have been at least 4 more high profile victims spanning from March 2023 until December 2024 whose ransoms were collected in XMR.
Since in all the successive breaches he sold the data for XMR, the only way to prove that these ransoms went to Kai West is to be able to trace Monero and see where the money goes. You know, to make sure that ransoms don't go to someone else that has stolen Kai West's identity or that is using Kai West as a front. So either Monero was traced, or it was traced. There is no other way you can attribute those hacks to Kai West without tracing Monero for confirmation that it's actually him and not someone impersonating him. Or someone else inside the gang.
As recently as 2 months ago, Intelbroker gave an interview to Palantir Crime Marketing shill Sam Bent (Bent is the guy that encourages people on social media to commit crimes with XMR). At some point Sam Bent does his favorite crime marketing question. What is your favorite privacy coin, IntelBroker? 'XMR, for the flawless privacy tech' he answers. Woah! Palantir you saw that? Give Sam Bent a raise please.
In the Palantir controlled press they are saying he got caught because of a $250 BTC transaction in February 2023, before any of the 3 huge hacks between March 2023 and November 2024 had happened. Seriously dudes, so they knew who he was and let him on the loose for 2 years despite that $250 BTC transaction tied to a Ramp account with his driving license being 'how they caught him'?
I read the complaint, and here is what the complaint actually says. Forum user IntelBroker, which was part of a digital ransomware gang, accepted $250 in BTC once in February 2023, and this transaction is used to prove that the identity of Kai West and that of the IntelBroker forum user are connected. That's it. The bulk of his criminal activity however occurred much later. According to the DOJ complaint, there have been at least 4 more high profile victims spanning from March 2023 until December 2024 whose ransoms were collected in XMR.
Since in all the successive breaches he sold the data for XMR, the only way to prove that these ransoms went to Kai West is to be able to trace Monero and see where the money goes. You know, to make sure that ransoms don't go to someone else that has stolen Kai West's identity or that is using Kai West as a front. So either Monero was traced, or it was traced. There is no other way you can attribute those hacks to Kai West without tracing Monero for confirmation that it's actually him and not someone impersonating him. Or someone else inside the gang.
As recently as 2 months ago, Intelbroker gave an interview to Palantir Crime Marketing shill Sam Bent (Bent is the guy that encourages people on social media to commit crimes with XMR). At some point Sam Bent does his favorite crime marketing question. What is your favorite privacy coin, IntelBroker? 'XMR, for the flawless privacy tech' he answers. Woah! Palantir you saw that? Give Sam Bent a raise please.
๐คฃ13๐จโ๐ป3โค2๐คก2๐2๐ฉ1
Deanonymizing a XMR transaction from X using simple onchain heuristics. Someone forwarded this tweet to me, so I had a look at it. Let's start with what we know:
1. Real spends are recent TXOs (we eliminate super old TXOs)
2. this is a retail transaction, real spends are fragments from the same retail wallet (rest TXOs) and therefore should share transaction heuristics (structure, fees)
3. since it's the same user, they should share other behavioral patterns (day, time zone)
4. the target transaction happened in August 6th, 15:19 UTC, with a fee of 0.000044360000 XMR, with 2 inputs and 2 outputs (retail structure)
With these heuristics I went through the decoys in the TX and added next to each their onchain metadata. Siblings refer to other outputs that were created with that specific output. KIs (key images) refers to the number of inputs in the TX that created that output. The fee is the fee paid in the TX that created the output. In my next post I'll explain how to identify the highly likely real spends.
1. Real spends are recent TXOs (we eliminate super old TXOs)
2. this is a retail transaction, real spends are fragments from the same retail wallet (rest TXOs) and therefore should share transaction heuristics (structure, fees)
3. since it's the same user, they should share other behavioral patterns (day, time zone)
4. the target transaction happened in August 6th, 15:19 UTC, with a fee of 0.000044360000 XMR, with 2 inputs and 2 outputs (retail structure)
With these heuristics I went through the decoys in the TX and added next to each their onchain metadata. Siblings refer to other outputs that were created with that specific output. KIs (key images) refers to the number of inputs in the TX that created that output. The fee is the fee paid in the TX that created the output. In my next post I'll explain how to identify the highly likely real spends.
๐ฅ10๐4๐คฏ2๐คก2โค1
Since we know our real spends come from a retail wallet then we rule out all TXOs created in many-to-many or one-to-many transactions. These are the TXOs that have more than one sibling (marked with asterisk). The reason is that the transactions where these TXOs were created are not compatible with normal users because normal user transactions have 2 outputs (receiver and rest). By doing this we eliminate 8 decoys in the first ring and 10 decoys in the second input ring (among which also the oldest).
Next we start looking for TXOs that share a fee with our target transaction. By comparing fees there is only 1 TXO in the first ring that matches our fee, and 2 TXOs in the second ring. We have most likely found the real spend of the first ring. If we look at the time when this candidate TXO was created, it's 13:32 UTC, which is UTC afternoon time of the same day of our target transaction (2h prior). This TXO (from block 3209243) is the first highly likely real spend because it is recent (created 2h earlier), is generated by a user (not program), and uses the same fee structure.
When we look at the 2 candidate TXOs that are left in the second ring (on the right), we notice that one of them was created at 10AM UTC (5h earleir), while the other was created at 14:26 UTC (1h earlier). By following the recency heuristic the most recent TXO is the second real input of the transaction (from block 3209273).
Therefore based on onchain data and what we know from X, the highly likely real spends of this 2 input XMR transaction are the one from block 3209243 and block 3209273.
To find the receiver we need to identify the rest TXO (that stays in user's wallet). One way of doing so would be to monitor the blockchain for when one of those TXOs is included in another transaction in afternoon UTC time that shares the same fee size (or some other pattern). By exclusion, once the rest is found we can get the highly likely receiver.
Ok, so this is what I can do with a simple explorer by applying simple heuristics. Something like Chainalysis can cross reference with other Monero databases and get hits with 100% certainty. Therefore, like I've said for a while, Monero is 100% traceable just like Bitcoin. And by the way, this kind of analysis is not possible on Dero because Dero uses the account model where balances are simply updated (homomorphically), we don't have new outputs created with every transaction. Therefore there is no "recency" heuristic or heuristics like "retail/non retail" that are made possible by the UTXO accounting model such as in the one/many-to-many structure in this case.
Next we start looking for TXOs that share a fee with our target transaction. By comparing fees there is only 1 TXO in the first ring that matches our fee, and 2 TXOs in the second ring. We have most likely found the real spend of the first ring. If we look at the time when this candidate TXO was created, it's 13:32 UTC, which is UTC afternoon time of the same day of our target transaction (2h prior). This TXO (from block 3209243) is the first highly likely real spend because it is recent (created 2h earlier), is generated by a user (not program), and uses the same fee structure.
When we look at the 2 candidate TXOs that are left in the second ring (on the right), we notice that one of them was created at 10AM UTC (5h earleir), while the other was created at 14:26 UTC (1h earlier). By following the recency heuristic the most recent TXO is the second real input of the transaction (from block 3209273).
Therefore based on onchain data and what we know from X, the highly likely real spends of this 2 input XMR transaction are the one from block 3209243 and block 3209273.
To find the receiver we need to identify the rest TXO (that stays in user's wallet). One way of doing so would be to monitor the blockchain for when one of those TXOs is included in another transaction in afternoon UTC time that shares the same fee size (or some other pattern). By exclusion, once the rest is found we can get the highly likely receiver.
Ok, so this is what I can do with a simple explorer by applying simple heuristics. Something like Chainalysis can cross reference with other Monero databases and get hits with 100% certainty. Therefore, like I've said for a while, Monero is 100% traceable just like Bitcoin. And by the way, this kind of analysis is not possible on Dero because Dero uses the account model where balances are simply updated (homomorphically), we don't have new outputs created with every transaction. Therefore there is no "recency" heuristic or heuristics like "retail/non retail" that are made possible by the UTXO accounting model such as in the one/many-to-many structure in this case.
๐ฅ13๐คก5๐ซก5๐3๐ฉ3๐คฏ2
Here is a recap of the top privacy coin tracing heuristics, and how vulnerable different privacy coins are to each method. As you can see, none of the top heuristics works on DERO because of its choice to use the account model with homomorphic encryption, and on the transport layer to resort to UDP over TLS and erasure coding.
The weakest privacy coin where an attacker can employ the biggest number of heuristics, Monero, has the highest market cap. Almost as if some companies (Palantir? Chainalysis? TRM Labs?) are inflating its valuation, and promoting it with crime marketing, exactly because it can be traced.
The weakest privacy coin where an attacker can employ the biggest number of heuristics, Monero, has the highest market cap. Almost as if some companies (Palantir? Chainalysis? TRM Labs?) are inflating its valuation, and promoting it with crime marketing, exactly because it can be traced.
๐ฅ16๐คก7๐คฏ3๐ค1๐1๐ฏ1
๐จThe privacy community has a right to know that a core developer of Pirate Chain doesn't know that his own chain is a UTXO chain.
That's not a minor misunderstanding so I can't help but wonder, how can he not know? One explanation I've heard, which sounds plausible, is that Forge simply forked the ARRR codebase from Zcash so he has no deep understanding of it.
The UTXO heuristic with respect to ARRR stands and is not weak. Even though links between inputs and outputs are broken onchain with ZK proofs, these can be unmasked by applying transport layer heuristics. When a user creates a transaction, the wallet generates new outputs (notes) and zk-SNARK proofs. It then broadcasts everything: the nullifiers of the spent inputs, the new notes, and the zk-SNARKs to the network.
By checking for the node/IP that first broadcasts a group of nullifiers and new notes, we can correlate nullifiers to new outputs created and learn if the outputs come from a consolidation, one to many, or many to many transaction.
That's not a minor misunderstanding so I can't help but wonder, how can he not know? One explanation I've heard, which sounds plausible, is that Forge simply forked the ARRR codebase from Zcash so he has no deep understanding of it.
The UTXO heuristic with respect to ARRR stands and is not weak. Even though links between inputs and outputs are broken onchain with ZK proofs, these can be unmasked by applying transport layer heuristics. When a user creates a transaction, the wallet generates new outputs (notes) and zk-SNARK proofs. It then broadcasts everything: the nullifiers of the spent inputs, the new notes, and the zk-SNARKs to the network.
By checking for the node/IP that first broadcasts a group of nullifiers and new notes, we can correlate nullifiers to new outputs created and learn if the outputs come from a consolidation, one to many, or many to many transaction.
๐13๐6๐คฏ5๐คก3๐ฅฑ3๐2๐คช1