Since we know our real spends come from a retail wallet then we rule out all TXOs created in many-to-many or one-to-many transactions. These are the TXOs that have more than one sibling (marked with asterisk). The reason is that the transactions where these TXOs were created are not compatible with normal users because normal user transactions have 2 outputs (receiver and rest). By doing this we eliminate 8 decoys in the first ring and 10 decoys in the second input ring (among which also the oldest).

Next we start looking for TXOs that share a fee with our target transaction. By comparing fees there is only 1 TXO in the first ring that matches our fee, and 2 TXOs in the second ring. We have most likely found the real spend of the first ring. If we look at the time when this candidate TXO was created, it's 13:32 UTC, which is UTC afternoon time of the same day of our target transaction (2h prior). This TXO (from block 3209243) is the first highly likely real spend because it is recent (created 2h earlier), is generated by a user (not program), and uses the same fee structure.

When we look at the 2 candidate TXOs that are left in the second ring (on the right), we notice that one of them was created at 10AM UTC (5h earleir), while the other was created at 14:26 UTC (1h earlier). By following the recency heuristic the most recent TXO is the second real input of the transaction (from block 3209273).

Therefore based on onchain data and what we know from X, the highly likely real spends of this 2 input XMR transaction are the one from block 3209243 and block 3209273.

To find the receiver we need to identify the rest TXO (that stays in user's wallet). One way of doing so would be to monitor the blockchain for when one of those TXOs is included in another transaction in afternoon UTC time that shares the same fee size (or some other pattern). By exclusion, once the rest is found we can get the highly likely receiver.

Ok, so this is what I can do with a simple explorer by applying simple heuristics. Something like Chainalysis can cross reference with other Monero databases and get hits with 100% certainty. Therefore, like I've said for a while, Monero is 100% traceable just like Bitcoin. And by the way, this kind of analysis is not possible on Dero because Dero uses the account model where balances are simply updated (homomorphically), we don't have new outputs created with every transaction. Therefore there is no "recency" heuristic or heuristics like "retail/non retail" that are made possible by the UTXO accounting model such as in the one/many-to-many structure in this case.

Here is a recap of the top privacy coin tracing heuristics, and how vulnerable different privacy coins are to each method. As you can see, none of the top heuristics works on DERO because of its choice to use the account model with homomorphic encryption, and on the transport layer to resort to UDP over TLS and erasure coding.

The weakest privacy coin where an attacker can employ the biggest number of heuristics, Monero, has the highest market cap. Almost as if some companies (Palantir? Chainalysis? TRM Labs?) are inflating its valuation, and promoting it with crime marketing, exactly because it can be traced.

🚨The privacy community has a right to know that a core developer of Pirate Chain doesn't know that his own chain is a UTXO chain.

That's not a minor misunderstanding so I can't help but wonder, how can he not know? One explanation I've heard, which sounds plausible, is that Forge simply forked the ARRR codebase from Zcash so he has no deep understanding of it.

The UTXO heuristic with respect to ARRR stands and is not weak. Even though links between inputs and outputs are broken onchain with ZK proofs, these can be unmasked by applying transport layer heuristics. When a user creates a transaction, the wallet generates new outputs (notes) and zk-SNARK proofs. It then broadcasts everything: the nullifiers of the spent inputs, the new notes, and the zk-SNARKs to the network.

By checking for the node/IP that first broadcasts a group of nullifiers and new notes, we can correlate nullifiers to new outputs created and learn if the outputs come from a consolidation, one to many, or many to many transaction.

After reading this reply, I'm now really concerned about the expertise of the people working on Pirate Chain. Despite my explanation, their team still completely misses the vulnerability of UTXO heuristics when applied to their chain.

In my next post I will publish an ordered rebuttal of Pirate Chain teams's latest response...

1. I'm glad they acknowledge ARRR is technically a UTXO chain.

2. Because ARRR is UTXO, in each transaction new shielded notes (outputs) are created locally, together with the zk-SNARK proof. Then the nullifiers of the spent inputs, the zk-SNARK proof and the newly created notes are broadcast together from the sender's wallet to the wider network.

3. While the linkage between shielded notes and nullifiers created with each transaction is broken once they are published onchain, links can be revealed by spying who broadcast them first (through network layer heuristics).

4. "Transport layer applies to every other chain" - Not true. Not all chains have a transport layer that allows tracking who broadcast a transaction first. VPN, TOR are not a solution as they are easy to compromise for a state actor. The only privacy coin I know that eliminates transport layer heuristics is Dero. Dero does it not by telling users to use a VPN or Tor, but by using UDP over TLS with erasure coding. On Dero, even if the user doesn't use a VPN/TOR, other nodes can't tell which node a transaction originated from.

5. If the accounting model wasn't UTXO, then there would be nothing to leak. Since Pirate is UTXO a user/entity has to broadcast different amounts of nullifiers and new notes depending on the transaction type.

6. By exploiting transport layer heuristics, and monitoring the amount of nullifiers and new notes published by a wallet/user node, we get not only the transaction's origin but also behavioral information on the sender (from the transaction structure, such as consolidation transaction, one to many or many to many).

7. Even when it comes to UTXO, I'd happily mention another coin but the only coin to have eliminated UTXO heuristics is Dero which does it by using the account model. So even if Dero was using Pirate Chain's weak p2p communication protocol, you still wouldn't be able to glean behavioral information such as those provided by one to many or many to many transactions because Dero's accounting model is not UTXO.

To conclude, like explained in my infographic (check pinned), UTXO heuristics apply to ARRR and reveal a lot of information on senders. Stating the contrary would be malicious towards all those naïve users that rely on ARRR for privacy.

Three researchers from the Technische Universität of Berlin and TRM Labs, released a paper in May explaining why Haveno crosschain swaps are not private.

By using UTXO, timing and transaction fee heuristics, and combining these with Haveno's public trade history, they were able to create a system to completely deanonymize Haveno XMR-BTC crosschain trades. Here is a quick breakdown of how these heuristics are used:

1. Fee heuristic: Haveno uses an unusually high fee for its transactions, such as when initiating security deposits (whenever a trade is taken).
2. UTXO heuristic 1 (2->2 high fee transaction): Since security deposits happen in pairs, using the fee heuristic to look for pairs of transactions where outputs are mined in the same block creates leads of potential Haveno trades.
3. UTXO heuristic 2 (cluster analysis): Once a trade is completed successfully, Haveno releases the security deposits in a single high fee transaction, where one of the outputs goes to the taker and one to the maker. So next they look for 2 of the outputs from the previous transactions to appear together as inputs in a new transaction.
4. Timing heuristic 1: Since Haveno trades (offchain wrt XMR) must be completed within 24h, the second transaction (UTXO heuristic 2) must happen in less than 24h
5. Timing heuristic 2: Haveno publishes its trade history by obfuscating amounts by +-5%, therefore by looking up the transaction history and time, and analysing the BTC chain for transactions in the same amount in the obfuscation window, they expose the BTC transaction involved in a specific trade.

Not much else to say, just that when they tell you buy XMR on Haveno to go dark, you're not really going dark. Any KYC data (home address, photo of you holding your ID) tied to your BTC address is now transferred to your XMR outputs.

This attack combines many heuristics (UTXO, fee, timing) with information exposed by relying on a semi-centralized third party Haveno, such as trade amounts and time, to deanonymize all cross chain swaps.

Privacy activist Derolytics has just released a Dero explorer for all transactions between January 2022 and July 2025. By exploiting the randomness reuse bug, Derolytics has brute forced amounts, sender and receiver (where possible) of all Dero transactions conducted with the first generation Dero wallets.

Did this reveal an inflation bug? No.
Derolytics findings prove Dero's bulletproofs, the most critical component of any privacy coin, work as intended and have no known or unknown vulnerabilities.

Is there a protocol privacy flaw? No.
His work exploits a wallet bug. Transactions were deanonymized through bruteforce bc all Dero wallets to date re-use randomness. These transactions were NOT deanonymized
bc of a protocol weakness or flaw.

Will future transactions with new wallets be affected? No.
All transactions with new wallets that don't reuse
randomness will be immune against all the heuristics used to trace Monero & other UTXO privacy chains (ie the most private in crypto today).

Bulletproofs verify (without seeing balances, "zero knowledge" proofs) that Alice, with a balance of 10, cannot send Bob 10M coins. In privacy coins they are extremely important because they make sure the tokenomics are respected and the supply isn't inflated by minting illegal coins.

We've seen bulletproof exploits in the following projects:

1. Haven, where the amount of illegal coins in circulation turned out to be over 400M. This was more than 10 times the official circulating supply based on the emissions schedule. Haven was forced to shut down
2. Zephyr (16M minted)
3. Salvium (10M minted)
4. Xelis (team refuses to do a supply audit so we don't know the amount minted)

A bug in bulletproofs is fatal because exploits are very difficult to detect since balances are hidden and as result network participants can't detect the extra coins just by inspecting the blockchain (like they can do with Bitcoin and other transparent chains).

Dero's rocket bulletproofs are tailored to Dero's account based model and its integration with smart contracts. Rocket bulletproofs are undocumented anywhere in literature, they are first of their kind and released for the first time on Dero in 2022.

Considering how advanced Dero's bulletproofs are, and the risks of a bug in anything that is new and cutting edge, it makes sense that Captain released them in 2022 with a mechanism in place to detect a potential bulletproof exploit. To be clear, this is my opinion. Captain himself has not commented on the bug so far.

A counterargument I've heard is that this still makes him incompetent because someone could have built a custom wallet without randomness reuse to exploit BPs in case of a bug. Yes, they could have, but that would have also been detectable. Yet nobody had created such wallet until at least May 2024.

Derolytics' explorer exploits RR to deanonymize, among others, transaction amounts. It has done this for all transactions from genesis to date, and nothing indicative of a BP exploit has been found. Dero's rocket bulletproofs are, therefore, proven to be safe and bug free as of today.

Can randomness reuse (RR) be considered a backdoor by Captain? No, because RR was placed in Dero's wallet and the wallet has a warning stating that it is to be used for testing purposes only. Anyone who used Dero's CLI wallet even once saw the warning.

The reason we refer to RR as a bug is that those outside Captain who found and publicised it decided to disclose RR as a bug. This most likely because they couldn't comprehend the rationale behind RR.

Does RR tarnish Dero's reputation? RR cements Captain as someone that cares not only about innovation but also security. Releasing such advanced bulletproofs without an auditing mechanism on a chain that already had 12M coins in circulation would have been reckless from a security point of view.

To this day, Dero's protocol is the most advanced privacy protocol in existence because it is immune to all the key image, UTXO, transport layer and recency heuristics that are used to successfully deanonymize Monero and other UTXO privacy coins. The combination of the account model with homomorphic encryption, and UDP with TLS and erasure coding in the transport layer, eliminates all those heuristics at once.

How do DNM admins launder their profits with Monero? I will tell you in the next paragraph, but first let me announce that another Darknet Market has shut down, this time it's Abacus market. Abacus used both BTC and XMR.

Per TRM Labs: Faced with the decision between profit-seeking and self-preservation, Abacus's admins likely chose the latter.

Monero, despite being the weakest privacy coin, has been promoted for years by influencers bribed by unknown sources as the "most private cryptocurrency out there today" (a good example).

This led XMR to take market share from BTC and become (for a while) the favorite money laundering cryptocurrency of DNM admins. The Abacus voluntary shutdown suggests that DNM admins may have finally figured out there is no way out of the hole they've dug themselves in, even for a Monero chan.

Here is how DNM admins laundered profits with XMR:

1. Receive payments in BTC or LTC (for sales or ransoms in BTC or LTC).
2. Take this money and swap it for XMR through a non KYC swap service like FixedFloat.
3. To be safe bro, don't send this XMR straight to Binance but use an intermediary wallet first.
4. Then send it to Binance and cash out because Monero is untraceable. cough cough

They still got caught because Monero is not untraceable.

I will refer to any admin that has been exposed to use this scheme to launder profits as "Chan" because they're obviously a product of the Monero Chan gets away with it narrative.

Now let's see what has come out since February 2024 alone:

🚨March 2024: Incognito Chan arrested (who btw has pled guilty since)
🔔but muh heuristics are probabilistic, they don't hold up in court!!

🚨April 2024: Vestaanmo Chan arrest
🔔but it was bad opsec, he had to send to yet another address before Binance!!

🚨September 2024: Chainalysis video pitching XMR tracing to the IRS leaked on the web showing how they traced the XMR of a Colombian Chan after 4 hops without ever depositing to a CEX.
🔔but bad opsec, he had to use his own node!!

🚨July 2025: Yours only traces a XMR transaction using a simple XMR explorer regardless of any user OpSec
🔔Wait for FCMP++!!

🚨October 2024: Dutch Police takes down Cannabia/Bohemia and posts banner with names of 58 users that were arrested (probably all Monero Chans)
🔔The image is AI generated, they're not real!! (yes they are)

🚨October 2024: Yuta Kobayashi Chan arrested by the Japanese police.
🚨June 2025: Intelbroker Monero only hacker (Chan?) arrested
🚨June 2025: Archetyp DNM taken down
🚨July 2025: Abacus DNM shuts down (or maybe it's been taken down? Time will tell).

🚨Derolytics is promoting Xelis. In the past I've shared full evidence that Xelis is a fraud (inflation scam, unlimited supply attack like Haven): post 1, post 2. Supporting Xelis makes Derolytics a proven malicious actor.

I advise against using or visiting derolytics[.]com. Here are some risks:

1️⃣ log your searches, and if your IP is associated to a DERO node he could try to correlate your DERO node to your onchain address for when you broadcast transactions (something otherwise impossible on DERO because of UDP over TLS and erasure coding)

2️⃣ planning to use the site to spread malware in the future (once trust builds up)

3️⃣ he could be farming data for another type of attack vector we're not even aware of

The best defense is to not interact with the website at all.

Anyone who spent so much time building such explorer cannot pretend to not know that Xelis is an inflation scam. If they do, that proves they're 100% a malicious actor themselves.

The website is also quite pointless. We've known for a long time that the bug allows bruteforcing of transactions and Dero should be considered fully traceable until new wallets that don't have randomness reuse are released.

Are you ready for crypto's Snowden moment? In early 2013 the consensus was that encryption was pointless for the average Joe and mostly something for activists, journalists and criminals.

Nobody cares about your messages, Billy. They do those things only to criminals and terrorists, not people like you

But then when Snowden happened and his NSA leaks were dropped, everyone realised that global mass surveillance was real.

That single event created, overnight, the multi-billion dollar encrypted messaging app market. The shift was lightning fast and that's when Signal started gaining momentum and when Telegram was created.

If when Snowden informed the world of PRISM and xKeyscore someone came to you offering an encrypted but compliant messaging app where encryption can be revoked only by law enforcement, would that have qualmed your surveillance worries? I don't think so.

In 2013, "only law enforcement with a warrant can access your messages" stopped working for messaging apps, everyone realized that was code for mass surveillance. As result people started flocking into encrypted messaging apps like Signal and Telegram. The momentum was so strong that even established messaging apps, like Whatsapp, had to eventually give up and offer end to end encryption to be able to compete and survive.

I think we will see the same in crypto although the whistleblower here will most likely involve something like Palantir's Foundery of Crypto and will reveal how everyone that ever completed KYC in a CEX has their entire financially history recorded in a Palantir (or competitor) database.

Everyone will find out that the KYC documentation, such as a photo of the user holding their driving license, and their entire transaction history from chain to chain and even passing through so called "non KYC exchanges", is contained and updated in a Palantir database.

The whistleblower may also reveal how Foundry of Crypto can reverse dox social media users from addresses they shared on social media (to participate in an airdrop or to receive a tip). This allows profiling based on political views or other information shared on social media. Said information is then used to determine police response time in case of emergency at their address, or to profile them for employment, scholarships, visas etc.

When that Snowden moment comes, which I think is going to be soon, a trillion dollar market for a private-through-encryption cryptocurrency will be created overnight. That's why you should not sleep on privacy and on trying to hunt down the strongest privacy tech out there today (spoiler: it's not XMR, ARRR, or ZEC, or any of the VC-funded compliant L2s).

Contrary to what they tell you on MSM, people care a lot about privacy. Privacy is an instinct that no amount of money, psychological manipulation or delusional billionaires shouting I-don't-think-so can take away from human nature.

P.S.: Kryptoid has released a pre-compiled beta of the DERO CLI wallet with fixed randomness reuse. It is a pre-release but much more accessible for anyone wanting to test the beta since it's pre-compiled. This also means we're getting really close to a beta release that would allow anyone to leverage the full capabilities of the most advanced privacy protocol out there today.

What if Dandelion was introduced to compromise Monero's p2p network, not to make it more private? The official explanation is that Dandelion++ makes it more difficult for surveillance actors to identify the node that broadcast a transaction first.

This is achieved by opting for a sequence where the node that first creates a transaction chooses a single node to broadcasts it to (stem phase), instead of sending it to all nodes it's connected to. That second node that receives the stem transaction can also broadcast it to another single node or can move to the fluff phase where it broadcasts it to all connected nodes. Each node in the stem phase makes a probabilistic decision about whether to continue the stem phase by picking another single node or to just fluff it (ending the stem phase).

The process through which that first node is picked is crucial. The narrative is that Dandelion picks a random node, but in practice that's not the case. Stem phase peers come from a subset of healthy and connected nodes. Healthy here is defined through parameters such as good historical uptime and low latency.

Which nodes are more likely to be healthy, user nodes or industrial surveillance nodes? Which nodes are more likely to have low latency, user nodes or industrial surveillance nodes? Which nodes are more likely to have a good uptime, user nodes or industrial surveillance nodes?

Industrial surveillance nodes.

Chainalysis and its partners could therefore set up a network of high performing nodes, with low latency and high uptime, ensuring they have very high odds of being picked as first nodes by Monero. This would give them all relevant onchain metadata even for transactions of users running their own node.

Because of Dandelion, a strong (sub)network of well connected nodes could compromise the entire p2p network by skewing first hop odds in their favor through manipulated performance metrics. Dandelion would feed all first hops to the compromised nodes, due to their high reliability from a technical point of view.

So was Dandelion really an upgrade, or a successfully implemented attack on network layer privacy?

It has never been easier and cheaper to start mining Dero. If you want to mine some coins (you can mine dero with anything because it has the most egalitarian CPU algo in crypto) here's how to get started in less than 4h:

STEP 1: Download Civilware Dero binaries for your OS

STEP 2: Launch daemon (the node) with --fastsync. Fastsync takes 2-3h to complete and works for solo mining. Commands to launch with fastsync for Windows and Mac:

- Windows: ./derod-windows-amd64.exe --fastsync
- Mac: ./derod-darwin --fastsync

NB: Fastsync must be done from scratch, so if you already started a full sync delete the mainnet folder and start fastsync from scratch

STEP 3: Launch the CLI wallet and register an address (1 time process, should take 20-30 minutes)

STEP 4: Save your address and launch the miner with the following commands (Mac & Windows):

- Windows: ./dero-miner-windows-amd64 --wallet-address=<insert your address> --daemon-rpc-address=127.0.0.1:10100 --mining-threads=<number of threads>

- Mac: ./dero-miner-darwin --wallet-address=<insert your address> --daemon-rpc-address=127.0.0.1:10100 --mining-threads=<number of threads>

That's it, you're done and officially mining the most advanced privacy protocol out there. Btw for number of threads I put 3 (mining on my laptop), the more you put the more CPU it uses so increase/decrease based on what you're comfortable with.

We're still in the Satoshi era of Dero (1st halving in January 2026), so happy mining to all who jump in!

PS: If you want to optimize your hashrate further then use Tritonn's Dero miner, which you can find here.

One of the core weaknesses of all UTXO privacy chains is that they have to hide the spender by mixing it with other outputs present onchain. Since outputs can be spent only once, by identifying outputs that were already spent we can rule out decoys. This bad privacy protocol design pushes users to seek bigger anonymity sets hoping to minimize odds of their transactions being deanonymized.


(NB.: This deanonymization attack vector is not possible on Dero because accounts are not single use but are updated homomorphically and can never be ruled out as decoys unless it's attacker's own account that appears in the ring).

As a result of this weakness, a recurrent talking point, and obsession, among UTXO chain users is the size of the anonymity set. Or the number of outputs among which the real spender is hidden.

In Monero the anonymity set is currently "16", because in each transaction 15 outputs are picked among those present onchain and grouped in the input side of each transaction with every output that is being spent.

With zero knowledge chains the anonymity set is advertised as corresponding to all outputs ever created onchain since the user does not put any outputs in the transaction itself. The transaction contains only proof (zk-SNARK) that some inputs among those present onchain are being spent.

Does more outputs mean bigger anonymity set? If I spam ARRR with 1M transactions tonight, did I increase ARRR's anonymity set by 2M (assuming each transaction creates 2 outputs)? The belief that more outputs means more anonymity is false because what matters for the anonymity set is the number of independently owned sets of outputs, not the sheer number of outputs themselves.

In other words, if a person spams the blockchain with 1M outputs then the anonymity set hasn't increased by 1M, but by 1 unit at best.

This distinction is important since even from the outside there are ways to detect outputs owned by the same entity which can lead to them being ruled out as spam regardless of whether they have already been spent or not.

This happens for example in a ring based chain like Monero or Zano, when outputs belonging to the same entity or related entities (spammers, bots) are present inside the same ring they can reduce the anonymity set and be lumped together as decoys (because we know that the transaction wasn't done by a bot).

In a zkp chain too, like ARRR or Zcash, the real anonymity set is not the entire number of outputs, but the number of sets of outputs associated with a unique entity. Or related entities (spammers, bots, etc). This also reduces the real anonymity set considerably.

Another example of a factor that reduces the anonymity set in ZKP UTXO chains is the recency heuristic. This is an important behavioral heuristic that dictates how the spender of a current transaction is most likely an entity whose outputs were created recently.

Because of these weaknesses, the anonymity set is always much smaller than one is mistakenly led to believe. And deanonymization is also much easier.

Therefore the obsession with anonymity set size is just that, an obsession. And like all obsessions it's unhealthy because it glosses over major and unfixable weaknesses in all UTXO privacy chains that make them unfixable.

🚨Update your DERO CLI wallet if you haven't done it yet. Civilware just merged the patched wallet into its Dero binaries. This means the testing phase for this solution/patch of the randomness reuse bug was completed successfully. Now just download the Civilware CLI wallet and your transactions will be as private as they can get today as no other protocol offers better privacy than Dero.

Also, someone seems to have been spam registering Dero addresses. In my next post (which won't be tonight but in the coming days) I will delve deeper on how a black marble attack works on Dero and why it is much weaker than on Monero because contrary to Monero, Dero doesn't rely on single use outputs, UTXO, or rings for privacy. (That's right, it's not just about rings. Monero's weaknesses are much deeper and unfixable.)

🚨A quick list of Dero FUD patterns that seem to be active right now to make sure you overlook Dero:

1) Shill Dero with ARRR when ARRR is an amateur project (and still on trusted set up btw) with old tech done by a guy that just forked ZEC and has no deep protocol knowledge. This is FUD meant to exploit your greed to get you to diversify into ARRR (for another potential 10000x) as a hedge. Those who fall for it give up precious Dero coin share

2) Attempts to rehabilitate Slixe, the Xelis inflation scam creator. This is FUD meant to make you think Dero is related to Xelis and a scam too.

3) Attempts to gloss over the fact that Xelis is an inflation scam.

4) The usual basic FUD about Captain left, scammed, sold etc.

5) Random drama elevated aggressively to gaslight anyone looking into Dero: This is FUD to distract you from studying Dero's tech so you just get cold feet and never really dig into it.

Study the tech, ignore noise. The first halving is in ~6 months, expect a lot of trickery to bamboozle you.

🚨Is the QUBIC "attack" a psy-op to push Monero to proof of stake? Anyone who follows me knows that there are many cues strongly suggesting Monero is a honeypot operation:

1. Monero's tech is completely obsolete and as traceable as BTC. So easy to trace that I managed to trace all by myself a Monero transaction by using a simple Monero explorer

2. Monero's development is funded mainly through Magic Grants (masked as generous community donations). Magic Grants director Justin Ehrenhofer first was a mod on Reddit where he censored even experienced developers who dared to explain how Monero was traced (eg: ZEC community dev FireiceUK). Then he worked for Cake Wallet where he set Chainalysis nodes as default nodes (I've covered that story myself), and then he launched his own solo Monero tracing company (Moonstone Research), which was then sold to Naxo in March-April 2025.

In other words, Monero's development is funded with the proceeds from Monero tracing. (See this Chainalysis pitch presentation if you haven't seen it yet)

3. Monero's marketing is done through crime marketing by luring & encouraging gullible people to break the law with it with the promise of impunity by presenting it as the best privacy coin out there because it has the highest market capitalization

Now here is the thing, maintaining the highest market cap is vital for crime marketing to work (CM makes sure there is constant demand for Monero tracing services). This is because people who know nothing about the tech consider the market cap a convincing indicator that this must be the best privacy coin out there because it has the highest market cap.

However, maintaining a high market cap with tail emissions becomes increasingly expensive as people find out that Monero is obsolete because more miners turn opportunistic. Today for example to keep Monero's price at $260 approximately $100k must be injected daily.

Of course when nobody knows that Monero is obsolete finding this money is easy, because some miners will treat XMR as digital gold and not sell it. Others will buy/accumulate it. But now that DNM arrests have become so common, and activists who have been warning that Monero is traceable have been proven right, a lot of miners turn from believers into opportunistic. Demand from accumulators also decreases as more find out that Monero is traceable.

As result, maintaining a high market cap becomes increasingly expensive and requires Palantir/Chainalysis/TRM Labs to put more and more money out of their own pockets to sustain the market cap.

This is solved by switching to POS. Because by switching to POS most of the newly emitted supply would not go to outsiders through POW but to the current entities that hold most of Monero's supply themselves (so Chainalysis and Palantir).

For these entities that make money by tracing Monero, it is of course much cheaper to just stake (cost free), control most of the new emission, and simply not sell. This in order to maintain the artificially high market cap that is used as business card in crime marketing campaigns.

For this reason I believe we're inside an operation to push Monero into POS and the Qubic "attack" is just a way for Palantir and Chainalysis to craft the narrative for such transition.

🚨Dero's official binaries have been updated to release 14.2 to remove randomness reuse from all wallets.

Since the fix was allowed to be pushed in the official binaries, this strongly indicates that Dero's bulletproofs are now deemed by Captain to be battle tested & safe. This is my interpretation, Captain himself has never directly commented on randomness reuse.

Dero's rocket bulletproofs are not documented in literature & were introduced for the first time on Dero in 2022. They are created for homomorphic encryption, account model and smart contracts making them the most advanced BPs in crypto today. HE & account model are key features that eliminate single use outputs. This means Dero is immune to all UTXO & key image heuristics that compromised XMR & all UTXO privacy chains.

With this update Dero is not just the only non chainanalyzable privacy chain out there, but also officially battle tested and audited by the entire world that by using randomness reuse could independently verify its transactions.

🚨With Orchard ZEC replaces nullifiers & outputs w/ "actions".

Number of actions = total # of inputs + # outputs.

My concern is that statistically the total number of parts in a transaction is sufficient to apply UTXO heuristics to tell if money exchanged hands or not. Bc many-to-many, many-to one & one-to-many are consolidation or spam transactions, which means money doesn't exchange hands. So:

>5 actions → money stayed in place
3-5 actions → money exchanged hands

Despite this, ZEC still deserves credit for mitigating the UTXO heuristic. Monero OTOH is completely unaware of such heuristic (even FCMP does nothing to mitigate UTXO).

ZEC's other big weakness is the transport layer, since actions must be posted together, by monitoring the network we can group actions belonging to the same transaction.

Either way, this Qubic maxi captures the gist of it by asking Cfb a simple question: why not speak the same way about XMR, when we have proof that Chainalysis sells XMR tracing services to the IRS?

Dero is resistant to selfish mining thanks to Σ-mining. Dero's Σ-mining splits the block reward into 10 smaller parts: 9 miniblock & 1 integrator block.

Miniblocks are easier to mine, but the integrator block is required to form the block after which rewards are distributed among all those that contributed to mine that block. A miner's total reward is based on the amount of his miniblock(s) that were included in the final block.

In traditional POW coins like Monero and Bitcoin, a selfish miner (SM) that controls more than 33% of the total hashrate can claim a higher than 33% share of rewards by not releasing the blocks as he finds them but by building a private chain instead.

Dero's miniblocks make this strategy statistically unviable. A SM would lose all rewards by attempting to selfish mine.

From Cfb's recent tweet it's becoming obvious that he is part of team XMR, and the 51% attack narrative was likely psy-op to create a precedent to push Monero into POS.