5 RULES TO MAKE TRACING YOUR MONERO MORE DIFFICULT

Despite being obsolete as tech, Monero is still the ‘privacy’ coin with the most liquidity out there. Since some may be forced to use it while liquidity catches up with Dero’s better tech, here is a list of best practices that make tracing your Monero more difficult (albeit not impossible):

1. When you buy, always split in as few transactions as possible. If you can, buy all at once and do not split your transactions at all. If you split then you will be creating multiple TXOs associated to yourself which makes tracing much easier and cheaper. Even if you’ve no adversaries, you’d still be making deanonymization of other people’s transactions more difficult.

2. Use different non-KYC exchange accounts with different emails/metadata to deposit/sell different TXOs. Do not combine or spend all your TXOs in one place, or they will all be associated to you. Even if you’ve no adversaries, you’d still be making deanonymization of other people’s transactions more difficult.

3. Do not transact in times of network spam. If the network is getting spammed then that’s most likely a black marble attack which means deanonymizing any transactions that take place during the spam is much easier and cheaper than usual. All you have to do is sit it out, wait for the spam to end, then wait another 3-6 months after the spam so the spammy TXOs get old. Then do your transaction.

4. Consolidate and then churn with 1 month time gaps. If your balance is split among different (U)TXOs then most likely those TXOs have been picked up by some AI algo and associated to a single entity (you in this case). To break up any links then first consolidate your TXOs. After you consolidate your entire balance will be located in one TXO. Be careful though, this TXO is earmarked as belonging to the same entity as your previous TXOs so it’s very important that you churn it. For churning to work it’s important that the churning transaction is not too close in time to the consolidation transaction, otherwise an AI will know you’re churning. So wait ~1 month and send your entire balance to another one of your TXOs. If you do this every month for 4/5 times then it will be much more difficult to connect your final TXO to the parent TXOs. Even if you’ve no adversaries, you’d still be making deanonymization of other people’s transactions more difficult.

5. Don’t use Monero as cash. Avoid tipping, websites like Monezon or other reckless behaviours associated with cash use. If used as cash Monero ends up deanonymizing all its own transactions. So it’s key to discourage others as well from using it as cash. For example, anyone accepting tips in Monero is creating hundreds of TXOs associated to themselves. These TXOs are very bad decoys and will be used to deanonymize other people’s transactions. Or by using a website like Monezon you would be adding even more metadata to your TXOs, some of which KYC grade. Even if you’ve no adversaries, you’d still be making deanonymization of other people’s transactions more difficult.

If everyone follows these tips then Chainalysis will have a much harder time tracing Monero giving all users more time to slowly and seamlessly start switching to Dero.

If you type Bitmonero in the Monero official Telegram, your message will get automatically removed/censored. The reason lies in the history of Monero. A quick recap: The 1st implementation of Cryptonote, Bytecoin, was leaked to the public in March 2014. A bitcointalk forum user (Thankful_for_today) warned everyone that 82% of Bytecoin's supply had been mined & announced his intention to relaunch it from block 0 and call it Bitmonero. TFT successfully built the genesis block & Bitmonero was born (1st fair launched Cryptonote implementation). Fluffypony and other forum users who had close to no coding skills and no understanding of Cryptonote hijacked Bitmonero with a hardfork and kicked out TFT. This is why the word Bitmonero is censored in the Monero Telegram today.

NB: There are several cues pointing to TFT being Captain Dero. You can find my full research on the history of Monero & connections to Dero here https://techleaks24.substack.com/p/the-full-history-behind-monero-nobody

Monero's core vulnerability is that the blockchain is structured around TXOs. TXOs have 2 properties that kill privacy: 1) they can be spent only once and that when spent 2) their key image is published onchain. Therefore once we determine where a TXO is spent via key image analysis, that TXO is effectively burnt and can be filtered out as decoy in all the other transactions where it appears among inputs. Burnt TXOs help deanonymize transactions by exposing senders and by burning even more TXOs. It's an inductive process that is fatal for Monero's privacy, because Monero cannot get rid of TXOs. This is also why FCMP++ doesn't fix Monero, because it doesn't address the core issue. Increasing the number of ring members to millions of TXOs doesn't add any more privacy when millions of TXOs have already been burnt. Dero, on the other hand, is built around accounts. Dero accounts have one special property: they are updated in encrypted state homomorphically. So an account can be updated more than once, and contrary to a TXO, no additional onchain metadata accompanies an account whenever its balance is updated (such as key images with TXOs). As a result of this, Dero maintains privacy despite any form of onchain metadata analysis because even if we expose an account as spender or receiver in one transaction, we have no way of knowing what that account does in other transactions where it appears among receiver or sender rings.

This gap in tech is a certainty and as result of it, it's inevitable for Dero to flip XMR valuation wise. The current gap in valuation with XMR is >100x. Although hard to say when this gap will be filled, we can try & guess. As per my August 25th post, Dero's uptrend should start in Q1 2025. Bitcoin's price action also lines up well with that scenario. After the election, Bitcoin should resume its upward trend & rotation out of Bitcoin into alts probably won't start until we are close to or above the $100k mark (probably in Q1 '25). Then, risk on money looking for higher returns will trigger alt season. Dero's halving is in Jan '26. In Q1 '25 the halving will be within a 1 year radius which should start fuelling more buy pressure. And then there are other events stacked between here & the '26 halving: bug patch, Atlantis burn, tech upgrade. For these reasons I'm convinced Dero's flippening of XMR will happen in this cycle and when it happens many will be caught by surprise.

In Zcash private transactions are optional, Zcash combines transparent UTXO transactions with shielded notes. Privacy applies only to shielded notes. ARRR, on the other hand, uses the same technology as Zcash, except that privacy is not optional because by default all transactions are shielded. To ensure privacy, Zcash and ARRR use a technology known as zero knowledge proofs (Zkp). The name comes from the fact that despite being UTXO blockchains, when someone sends you coins in ARRR (or in a shielded ZEC transaction) you cannot see the utxo of the sender. This is why it's called "zero knowledge" proof, because the transaction ID contains ZERO information about the spent UTXO. It only contains proof that the transaction adheres to protocol rules (ie. no new coins were created).

As a sender you sign a shielded note with the address where you want it to be sent, and then zk-SNARKs are used to generate new shielded notes for the receivers that are published on the blockchain. Imagine a black box. Every block, senders insert the shielded notes they intend to spend inside the box with a unique nullifier attached and the receiver address. Nullifiers are similar to Monero key images, but contrary to KIs they are not attached to any TXO/commitment (in Monero each KI is attached to a ring of 16 TXOs one of which is the real sender).

Monero also uses the UTXO accounting model. In every monero transaction at least one new key image is published onchain tied to 16 TXOs, and at least 2 new TXOs are created. Contrary to a Zcash shielded transaction, the spent TXO(s) is obfuscated by 15 decoy TXOs. Thanks to RingCT the network can verify that the key image attached to a ring belongs to one of the TXOs in the ring, without revealing to which one exactly it belongs. However, despite the obfuscation mechanism, we can still start mapping spent TXOs to their key images by conducting pattern analysis of key image and TXO metadata. Mapping TXOs to their key images allows filtering decoys, just like seen in the Chainalysis video presentation to the IRS leaked in September. Filtering decoys breaks Monero because it reveals the real flow of the money from one TXO to another, obliterating privacy. I've explained this process in depth in my 11/4 and 9/24 posts. In short, the underlying UTXO architecture leaks links between the TXOs despite the obfuscation attempts.

DHEBP, Dero's protocol, uses the account model. In a Dero transaction nothing new is produced onchain. No new accounts are created in a Dero transaction, and no new onchain metadata such as key images or nullifiers are published onchain. Instead, accounts are simply updated homomorphically. Dero's current 2 year old alpha iteration - heavily downgraded to give people time to understand it (cit. Captain) - creates sender and receiver rings to obfuscate the interacting parties. In other words, when account A sends money to account B, the sender can pick a ring size from 2 to 128. If the ring size is 128 the sender and receiver are hidden among 63 decoys each, all picked from the existing accounts onchain. Contrary to Monero, where the spender is hidden among existing TXOs but only the spender's key image is published onchain, in Dero the spender's balance is updated homomorphically and no additional information/receipt has to be leaked onchain, such as a key image or nullifier. This is why Dero proofs are superior to RingCT because they don't come with a key image. They are performed on the same encrypted values, both before and after the transaction. And this is the mind blowing aspect of Dero's privacy technology and what makes Dero's protocol the only non obsolete privacy protocol today: it relies on encryption rather than obfuscation.

Wownero, the memecoin, is a copy of Monero but with ring size of 1024 instead of 16. Rucknium, a developer from Monero Research Labs, has found a privacy vulnerability in Wownero's decoy selection algorithm. Understanding its vulnerability helps understand obfuscation and why it is obsolete. As discussed in my previous posts, in UTXO blockchains like Monero or Wownero, UTXOs can be spent only once and when spent their key image is published onchain. In Wownero, like in Monero, privacy depends on obfuscating the UTXO whose key image is published onchain with other UTXOs among those present onchain (decoys). The program that picks them is known as decoy selection algorithm. The core weakness of privacy through obfuscation (which is the tech of all UTXO privacy chains) is that decoy selection algorithms, no matter how advanced, can always be attacked by looking for patterns that are either created by the algorithm itself or by the TXOs being spent. In the recently disclosed Wownero vulnerability, the pattern that allows exposing the spender TXOs is that Wownero's algorithm seems to pick for decoys only TXOs created from September 27, 2022 and earlier. Therefore transactions spending TXOs created after this date have no privacy because they don't follow the age pattern of the decoy algo which picks only TXOs created up until September 27, 2022.

Monero's decoy selection algorithm picks decoys using log gamma distribution with respect to the time of the transaction. This means that the algorithm doesn't take into account any of the metadata of the TXO being spent, is more likely to pick recent TXOs than older TXOs. Even in Monero, if the TXO being spent doesn't follow the age pattern of the decoy algo then it can be identified as the real spender. A log gamma distribution is of course more advanced than a cut off date like that in Wownero (which because of its simplicity is seen as a vulnerability), the core weakness however remains the same. Decoy algo patterns can still be analyzed more deeply to spot TXOs that would normally have an extremely low chance of being picked.

Dero's breakthrough: Dero's current iteration also uses rings, but contrary to Monero (where TXOs can be spent only once and once spent, they are completely emptied) privacy on Dero doesn't rest on rings but on encryption because accounts are updated in encrypted state. This means that even if we find the real spender in a Dero transaction, we still have no way of knowing the direction of the flow because the spender simply updates its account, doesn't necessarily empty it like in a Monero TXO.

Bulletproofs together with overflow/underflow proofs are Achille's heel of every privacy blockchain. These proofs ensure that no new coins are created and that the max limit coded in the consensus is respected.

Bulletproofs are range proofs, they make sure that all outputs of a transaction have non negative values. Allowing negative balances effectively means allowing the creation of new coins. If Alice has a balance of 0 coins, but can send 5 coins to Bob because the system will accept a -5 output, then the total supply of coins has effectively increased by 5.

Overflow and underflow proofs on the other hand make sure that the sum of the balances of inputs, minus the transaction fee, is equal to that of outputs. What makes these vulnerabilities particularly critical in a privacy chain is that, contrary to transparent chains where the balances/amounts of all addresses and transactions can be seen, in a privacy chain these are hidden so if new coins are minted it's much more difficult to keep track of them.

A vulnerability in bulletproofs is what forced Haven to shut down, because after a supply audit they found out that the circulating supply was in excess of 500 million coins. The official circulating supply was 60m coins. After Haven, another Bulletproofs exploit was found in Zephyr where today they announced freezing of the blockchain for a supply audit after a researcher calculated the amount of extra coins to be created in the exploit transactions to be around 16 million. On Dec 31st another privacy blockchain, Xelis, hardforked because of an undisclosed critical security bug. The bug seems to have concerned overflow checks when substracting fees. In the hardfork 6000 blocks were orphaned, among them most likely there were transactions that exploited the bug.

Why am I going to such great lengths to cover so many experimental projects in a single posts? Because bulletproofs and security is why I don't gamble with privacy coins. Forking, copy pasting and betting on delusional devs may be rewarding in memecoins or transparent chains. But when it comes to privacy chains, proofs are a true minefield that without the required dev expertise may be exploited for entire years going undetected. Anyone who has read my article on the history of Dero and Monero knows that Dero's developers have shown unmatched skill in their design of bulletproofs. Dero Atlantis (Dero's first iteration was an implementation of Cryptonote) was the only Cryptonote implementation to not have Monero's bulletproofs vulnerabilities. This is why I will always stick with Dero, because we've had proof that devs don't rely on external audits but have the required expertise in the house to handle both privacy and security.

Privacy doesn't need crime to promote itself. Surveillance needs crime in order to present itself as a solution. For this reason, any entity that feeds on surveillance has a propensity to encourage criminality because more crime means more business for them. It's no surprise then that Monero, a Chainalysis honeypot, is promoted heavily through crime marketing (CM). Obsolete privacy tech attracts surveillance capitalists. The best way to make money from obsolete privacy tech is to market it aggressively as private through crime marketing, and then generate ROI by selling tracing services. Since many of these crimes wouldn't be committed in the first place without the push provided by CM, and a low crime rate would mean no demand for its tracing services, CM is a key piece of the puzzle. But what proof do we have that Monero is a honeypot? First and foremost, we know that Monero's technology is obsolete today and completely traceable. We know that Chainalysis is selling Monero tracing services to select government agencies such as the IRS (while its shills encourage people to use Monero to dodge taxes on X). Today we also know that the president of Magic Grants, which funds all Monero dev initiatives, is also a Chainalysis plant. Justin Ehrenhofer was VP of Operations at Cake when Chainalysis nodes were set as default nodes. Right after leaving Cake he started Moonstone Research which specialized in Monero tracing services. We all know Monero tracing requires a lot of CEX data that is reported to Chainalysis quarterly. It also requires good data processing resources. How was someone like Justin able to offer Monero tracing services then? The only explanation is that Justin was reselling Chainalysis tracing services. And with this we have come full circle. Chainalysis has already shown to be offering Monero tracing services which creates an incentive for Chainalysis to promote monero with crime marketing. We also have plenty of evidence Monero is marketed heavily with crime marketing (slide 1, slide 2), on social media but also in Darknet Forums. The final piece of the puzzle is Justin Ehrenhofer, which proves all development funding also comes from Chainalysis. In conclusion, Monero is obsolete privacy tech turned honeypot by Chainalysis.

Why is Zcash not delisted as much as Monero? Is there a backdoor in ZEC? Contrary to what Palantir terrorists will tell you, there is no backdoor and there are no trusted set ups in Zcash. The reason why Zcash isn't delisted is that it has both private and transparent transactions. This optionality makes it more regulation friendly. Even in CEXes with strict interpretation of KYC laws, ZEC can stay listed by allowing only transparent transactions. Monero is delisted because despite having weaker obfuscation mechanism than Zcash, obfuscation is not optional. Contrary to common belief, the one with the strongest obfuscation of the three is not even Zcash, but ARRR because in ARRR all transactions are obfuscated with zero knowledge proofs by default. Generally speaking, obfuscation boils down to trying to hide the spender among other potential spenders, and the receiver among other potential receivers. The set of "potential senders" among whom a real spend is obfuscated, or that of "potential receivers" among whom a receiver is obfuscated, is known as anonymity set. In Monero, an algorithm picks the set of potential senders among which the real sender is hidden. Monero's anonymity set in each transaction is fixed at 16, 1 real spender and 15 decoys. Decoys are picked from existing transaction outputs (TXOs) present onchain. The first issue with Monero's obfuscation is that the anonymity set is too small, which allows for filtering out of decoys via key image analysis. The second issue is that decoys are picked algorithmically (ie, deterministically). And since we know the algorithm, we can expose real spends by looking for ring members that the algorithm had a very low chance of picking on its own. This is an additional attack vector on top of key image analysis. On the receiver side, in Monero there is no anonymity set. In ARRR and Zcash, on the other hand, the anonymity set is equal to the transaction volume in a specific point in time. This is thanks to zero knowledge proofs and the fact that in ARRR and Zcash inputs are separated from outputs at the transaction level. In other words, each input when spent includes only proof that it is being spent in line with protocol rules. But it is not linked to any outputs. Each new output, when created, also contains only a zero knowledge proof proving that it is created because something else was spent, and no new coins were created from thin air. Contrary to Monero, ARRR and Zcash have both sender and receiver anonymity sets. This is why in bull markets, when onchain transaction activity typically picks up, obfuscation in Zcash and ARRR improves exponentially. In times of low transaction volume privacy is weaker. All three however share the same core weakness, which is obfuscation and the UTXO accounting model as result of which each TXOs can be spent only once and when spent a receipt is published onchain (key image or nullifier), and that new TXOs must be created in each transaction. In Zcash and ARRR obfuscation is attacked (onchain) via pattern analysis, in Monero obfuscation is attacked onchain not only via pattern analysis/key image analysis (to filter out decoy TXOs) but also by exploiting the decoy picking algorithm. Last but not least there's Dero, which isn't just another obfuscation coin. Dero, the true frontier privacy protocol today, uses an account-based model with homomorphic commitments, meaning it avoids all the key image and TXO-linkability issues that Monero, Zcash, and ARRR all share because of obfuscation and the UTXO accounting model. In Dero accounts are updated homomorphically in every transaction. This is an important difference with respect to UTXO chains where TXOs are always completely emptied when used, and instead of updating existing TXOs new TXOs are created in every transaction. This is how Dero's model avoids the structural metadata that the UTXO-based privacy chains inherently leak.

On December 30th, Xelis (an implementation of Dero in Rust without attribution) received a disclosure about a security bug that was deemed worthy of their bug bounty program. The bug was immediately patched in an emergency hardfork on December 31st.

As result of the hardfork, 6000+ blocks were orphaned.

Strangely though, no report was released about the patched bug for a while. On January 6th, I wrote about the Xelis hardfork and explained why proofs are the true Achille's heel of privacy chains because they can completely kill a project.

I also speculated that since the lead developers were hesitating to release the full bug report, it was most likely a proofs bug.

Proof bugs can be exploited first to mint new coins and even if the bug is later patched the extra coins will always remain in circulation breaking the tokenomics of the project. This is what makes them unpatchable.

Six days ago, on January 25th, Xelis' post mortem was finally released. Despite its vagueness, in the post mortem they finally admit it was a proofs bug that involved ZK proofs. Bulletproofs are a type of zero knowledge proofs, and while in the announcement they make no mention of bulletproofs they do mention it was related to source commitments and verification.

If it was bulletproofs, the choice of words was probably dictated by the necessity to hide the true nature of the bug further in a time where the word bulletproofs is strongly associated with the recent Haven and Zephyr disasters.

Worth mentioning how Xelis initially copied Dero's randomness reuse in their initial implementation. Dero's randomness reuse allows for early detection of bulletproof exploits, or an easy audit of circulating supply scanning all transaction amounts. Dero's randomness reuse was brazenly disclosed as a bug by Luke Parker, who was likely tipped as part of a coordinated market manipulation scheme.

As result of this, Xelis, contrary to Dero that still has randomness reuse in place, removed its removed randomness reuse in May right after Luke Parker's disclosure. That patch however effectively opened the door to a bulletproofs exploit to pass undetected.

In the weeks after the randomness reuse patch, Xelis experienced a significant pump and dump. Those weeks were the perfect time to mint extra coins to dump with impunity for 2 reasons.

First, because sell side liquidity was still extremely thin as Xelis was few weeks old. Second, because they were being widely praised by Luke Parker for their professionalism and timely patch of the bug.

Luke's profile received a huge boost in popularity in the time after his disclosure of the Dero bug, despite Captain's silence.

Considering Slixe's attempts to cover the bug today, I think it's highly likely that June 2024 is when the extra coins were minted and sold to the crypto crowds brought together by Luke Parker and BraverCrypto (one of the biggest Xelis shills).

While I've never touched Xelis myself, because I'm not an amateur and I don't like losing money, if I was a holder I'd want to at least hold Slixe accountable by requesting a supply audit.

If the proofs vulnerability was really exploited around June, then that would strongly suggest it was an insider like Slixe. Or maybe the entire Xelis core team.

Cryptography is war tech. Its history starts with the dawn of civilization and the coded signs those under submission used to plot rebellions or communicate escape routes while under the watchful eyes of ruthless rulers and their loyal servants. As soon as Monero was compromised around 2020, and loyal servants of the surveillance apparatus like Chainalysis were dancing on its grave, a group of God-tier cypherpunks came together to build Dero Stargate. Dero is cypherpunks' answer to the compromising of Monero. This realization kicks in once you know enough about both Dero and Monero to notice that Dero has none of Monero's deep protocol flaws. Like already discussed in my previous posts, Dero moves away from the UTXO model. This eliminates all the inherent onchain metadata that come with UTXO and which key image analysis exploits. Beware that key images/receipts and single use transaction outputs, are an unfixable vulnerability for all UTXO privacy chains not just Monero. Offchain metadata however play an even more important role in tracing Monero. The reason being that tracing through offchain metadata is cheaper, as it doesn't require analyzing the network for deep patterns. The Chainalysis leaked video shows how Monero's TCP p2p network communication protocol is an important source of offchain metadata. Because of TCP, Chainalysis can conduct mass network traffic analysis to attach at least 2 pieces of metadata to each Monero transaction: the IP address of the node they first saw broadcasting the transaction (OffchainType1, not possible in Dero because of UDP over TLS), and the lag between the first time we saw a specific transaction being broadcast and the second time (OffchainType2, not possible in Dero because of UDP over TLS). These metadata allow tracking the origin of most transactions despite Dandelion++ and despite good user OpSec such as running one's own node. They also can be triangulated with other metadata to conduct even deeper pattern analysis. Therefore, in Monero, because the network communication protocol is such that transaction data are broadcast in plaintext over TCP, passive surveillance attaches OffchainType1 and OffchainType2 metadata to each transaction. Contrary to Monero, Dero takes network communication protocol to an entirely different level by combining UDP with erasure coding on the transport layer, and TLS on the data layer. So first, Dero encrypts the communication between nodes via TLS. This means anyone not running a node has no idea what the exchanged packages contain. And then on top of TLS, Dero resorts to UDP combined with erasure coding in the transport layer. This means that the encrypted transaction data are split in redundant fragments that are shot around all over the network without requiring a prior connection/session with any other nodes. Since UDP is less reliable than TCP, erasure coding makes sure that even if some packages are lost, nodes that pick up the rest can still reconstruct all the underlying data correctly. So if the encrypted data is split into 10 parts, nodes can reconstruct everything even if they pick up only 7 parts out of 10. At the same time, because of UDP and fragments scattered in all directions, it's impossible to determine the origin of transactions and to attach metadata to each of them.

An application can be open source, with reproducible code, and still have a perfectly undetectable backdoor unbeknownst even to the application developers themselves. How so? Because, as explained in my previous post, machines run on binary code ('bytecode'). The human readable code in which the program was written, such as Python or Go, needs to be translated into binary code. This process goes through a compiler, which the developer is trusting to produce binaries that are faithful to the code he wrote. Compiler risk is a form of supply chain risk in app development. The Vyper compiler, which is the compiler used to convert python-like code into bytecode for the EVM, was found to have a vulnerability in 2023 which compromised re-entrancy locks. Reentrancy locks prevent re-entrancy attacks. Curve, Alchemix and other defi platforms suffered a loss of $70M as result of the Vyper vulnerabilities. Why am I explaining all this? Because now you should be able to visualize how aggressively with security in mind Dero was developed. Dero's virtual machine, the DVM, instead of being a compiler is the only VM in crypto today to be an interpreter. Dapps on Dero are coded in DVM-basic. And contrary to what happens on Eth where solidity or Vyper smart contracts must be compiled before the EVM can run on them, the DVM directly interprets DVM basic without need of compiling. Devs write what a smart contract is supposed to do, and the DVM reads the code line by line. Devs are no longer trusting a compiler. To be clear, compiler risk is not something new that came with crypto. In 1984, Ken Thompson showed how instead of putting a backdoor in the application source code, where it would get caught, one could change the compiler so that it would put backdoors in the login part of any code it compiled (Ken Thompson Hack). It also made the compiler recognize when it was compiling itself to make sure it always inserted the login backdoor even in future versions of itself. The backdoor would stay forever undetected, unless one could audit bytecode. Therefore, in a high stakes environment like crypto, compilers should be avoided altogether whenever possible. By using a compiler we're putting trust in a third party and its developers/auditors. Of all the chains out there, Dero is the only one designed with military grade security in mind. In other words, prepared to withstand an attack by an entire state army, if need be.