A common talking point in Monero is that heuristics like OSPEAD can be applied to any chain that uses rings, because rings are a weakness. This is false. For example Dero also uses rings, but Dero's rings are not OFAC-able because there is no way, even statistically speaking, to profile high risk transactions with OSPEAD. An OSPEAD type of analysis does not work with Dero accounts. The reason for this is that TXO age in Monero bears much more behavioral significance than in Dero. TXO age in Monero corresponds to the last time when these TXOs received money, since each TXO can be spent only once. Therefore age analysis of TXOs differentiates between money that was just received (high probability that it will be spent soon) and money that was received long ago (high probability that it was already spent). The age of Dero accounts, on the other hand, corresponds to when a user entered the Dero network and bears no indication whatsoever of when was the last time that the account received money. In other words, the age of Dero accounts bears no behavioral significance. As result statistical analysis like OSPEAD (based on onchain data) cannot reduce anonymity set in no shape or form on Dero. The weakness in Monero are not rings but single use outputs (that give behavioral significance to TXO age) and key images (that allow definitively ruling out decoys reducing anonymity set with 100% certainty).

As the world is catching up with Monero's obsolescence, it's time to critically assess the promise of FCMP. Like explained in my previous posts on key image analysis and OSPEAD, behavioral analysis is key to deanonymizing Monero today. On one hand it allows the creation of sets of related TXOs, and on the other can be used to attack the decoy selection algorithm (eg: OSPEAD). With the introduction of FCMP a few things change, but Monero remains traceable. How? Because in FCMP each TXO still has onchain metadata and offchain metadata. Post-FCMP, onchain metadata lined to each TXO include: merkle root height (age) to which its FCMP(s) refer to (i), number of key images in the transaction that created it (ii), fee structure (iii), onchain metadata by the wallet version such as the way the transaction was built (iv) and any offchain metadata such as IP address. What happens is that these metadata allow the creation of sets of related TXOs whose key images can be exposed by looking for behavioral patterns. For example, it's well known that new TXOs tend to be spent sooner rather than later. If we have 5 TXOs that are marked as related, and a 5 input transaction appears shortly after the most recent of these 5 related TXOs has been created, then we can be fairly certain that those TXOs are being spent if there are no other 5 related TXO combinations with a recent output among them. This example shows how exposing key images of TXOs via pattern analysis continues post FCMP. A merkle root is like a container of all TXOs created up to that point. For every user transaction, CEX TXOs can be visualized as black marbles that don't contribute to the anonymity set. The remaining colorful marbles can be imagined as of different shades of colors, where related marbles share the same shade. We know that a user cannot co-spend marbles of different colors. A FCMP transaction is a zero knowledge transaction that tells the network 3 marbles of the same color are being spent. By looking at related TXO sets we can start looking for possible fits among sets of same color marbles where the third one joined the set recently and find high probability fits depending on the uniqueness of the pattern. For example, if there is only one set of 3 related marbles where one was created recently, then the probability is high that those 3 are being spent. If there are 2 possible combinations, then the probability is split among those 2 combinations. However, as more patterns are analyzed more combinations can be ruled out even in edge scenarios. The conclusion is the same, FCMP doesn't stop behavioral analysis that allows profiling of Monero TXOs and makes possible zero knowledge mapping of input TXOs to FCMP transactions by looking for complementary patterns and time proximity.

The issue isn't even about decoys anymore, maybe in 2022 filtering decoys was the way to trace Monero. Now it's behavioral. Behavioral analysis means that just by knowing the amount of inputs being spent and timestamp of a transaction, you can tell which set is most likely being spent by analyzing existing sets of related TXOs onchain and their respective ages. Because guess what? There aren't many sets that fit a specific pattern. For example, if a 4 input transaction was just created, then you look onchain for related TXO sets with 4 members where one member is recent. How many such sets do you think you're going to find in a specific point in time? Very few, and once you find such set you know that set is being spent. In this case you leverage a well known behavioral pattern, that recent txo are highly likely to be spent and drag behind old TXOs the same user owns. But there are many more patterns like these an AI can identify, behavioral patterns we aren't even aware of. AIs are likely being trained under RingCT for behavioral patterns to trace XMR post FCMP. Decoy analysis today is used only to backtest these patterns for accuracy. Here is an exercise: We let the AI analyze the chain for related TXO sets live. The AI cannot see transactions, it is fed only TXO data as new TXOs are created. Then when a 2 input transaction is formed, we give the AI the timestamp of the transaction and the number of inputs and ask the AI to try and guess which TXOs were spent without looking at rings. The AI gives a result, we look at the ring members in the ringct transaction to verify if the AI got it right. We train the AI this way, after a while the AI can do this consistently because of behavioral patterns. This is how Monero is traced post FCMP.

The so called two-wallet strategy, actually makes your Monero easier to trace. According to this strategy, you should have one wallet for spending and one for receiving. What happens if you do this? In the receiving wallet you create a pool of TXOs (txo1, txo2, txo3 etc) all owned by you. Some of these TXOs will have been earmarked as yours by outside observers (if for example you received money from a CEX). If you don't spend TXOs as you receive them, but accumulate them first, then when at some point you will have to consolidate this high number of TXOs into 1 new TXO, the flagged TXOs will signal that you are consolidating your TXOs (even if you have many more TXOs than the ones that have been flagged). When you do that, an observer will know that all the money you ever received, even from TXOs that they couldn't trace as yours, is now consolidated into the new TXO-S(end wallet). Because of the high number of inputs flagged as yours, TXO-S is provably 100% yours. Since TXO-S is 100% yours, and that's now in your spending wallet, an outside observer will know where the rest of your balance is after each transaction. Because if you always use 1 TXO to spend, and Monero user transactions have 2 outputs, then from TXO-S your balance will move into TXO-S2 and TXO-CEX. TXO-CEX is the TXO of the exchange (the amount you deposited), while TXO-S2 is your change TXO. The exchange (receiver) knows exactly where the rest of your balance is. If from TXO-S2 you deposit into another centralized party, then that centralized party will know that, again, the change contains your remaining balance (so is still tied to the dozens of transactions you received in your receiving wallet weeks/months ago). In other words, if you adopt the two wallet strategy you tie with 100% certainty your receiving transactions to your outgoing transactions. Does that sound like privacy to you? Monero is not private, stop using it. If you want privacy then stop believing the memes and start doing research on how privacy tech works.

Salvium's supply audit was completed last week and has found that 10M extra coins were minted by the 'exploiter' of their proofs bug. In other words, 1 in four coins has been illegally minted. In the audit they've also sneaked in a completely unsubstantiated claim that these extra coins were 'sold via exchanges'. Considering that Salvium never had the liquidity to absorb a malicious dump of 10M coins, the most likely scenario is that these coins were minted by their team which is now holding the coins hoping to recover user trust and then start dumping them. In other words, Salvium is a confirmed scam. Xelis is conducting a similar scam, except that there they are even refusing to conduct a supply audit.

The real reason why Tornado Cash was delisted is that today mixed transactions can be unmixed. Privacy through mixing is technically known as obfuscation, which is the inherent privacy model of Monero and all private UTXO chains. Today obfuscation is obsolete and can be broken even in its strongest form (FCMP++, ZKPs) thanks to AI. For example as explained here, FMCP transactions can still be attacked by timing & pattern analysis, despite the seemingly perfect tech. The same attack model (that analyses output/commitment age and groups them with other related outputs based on metadata to predict & detect when they're spent) can be applied also to Zcash shielded transactions and ARRR. Obfuscation simply doesn't work and is no longer enough. Yet many are calling the delisting of Tornado Cash a win for privacy. In reality, privacy has lost. We're living in privacy's darkest age in human history.

The Monero Chainalysis video still doesn't get the attention it deserves. By the way, Chainalysis CEO Michael Gronager stepped away few weeks after the video was leaked, it was 'unclear whether his sudden leave is related to health issues, internal tensions at the company' (The Block). A new CEO stepped in in December 2024. This chart summarizes what happens in the video. On the left there are the outputs of the swap service (target TXOs). These TXOs enter a chain of 3 subsequent transactions (because in XMR outputs can be spent only once & when spent they are emptied). No metadata were leaked in these 3 downstream transactions. In the 5th transaction a residential IP is leaked. That IP is then connected to the target outputs from TX1 (despite the perfect op-sec in the 3 hops in between). How was it possible to link the IP in TX5 to the outputs from TX1? The reason is that monero is broken and the 3 transactions in between are traceable just by looking at onchain data (key image analysis & OSPEAD).

In every private UTXO chain, not just Monero, there is an important asymmetry created between an actor that has a holistic view of the network and the user. Let's consider Monero and an actor like Chainalysis that has access to quarterly filings from CEXes/centralised parties as well as other transaction data (if for example Chainalysis is spamming the network or controls other centralized shadow entities). The network seen from Chainalysis consists mainly of known TXOs. In other words, TXOs they own or TXOs whose owners report to Chainalysis when spent. From user's POV, OTOH, all TXOs in the network are unknown because a user doesn't aggregate data. This is why from user's POV it may seem that increasing the ring size, or getting rid of rings, will improve privacy. From Chainalysis' POV OTOH, it's clear that user's TXOs are part of a small pool of unknown TXOs and traceable regardless of ring size, and even if rings were to be removed completely (FCMP).

To add more to my previous post, the core weaknesses of all UTXO privacy chains (TXOchains) are that 1) user balances are split among different outputs that can be spent only once and when spent a receipt is published onchain, 2) in every transaction new outputs (or commitments) are created and 3) related outputs (or commitments) can be detected via onchain or offchain heuristics. This kind of blockchain (TXOchain) cannot be private beyond obfuscation, and its privacy is broken through pattern analysis. The vast majority of users (in any blockchain user pool) always spends shortly after receiving. This behavioral trait deanonymizes most outputs in a TXOchain because most transactions combine a recent output with old outputs the same user controls. Each multi-input transaction (number of inputs is known) is checked against recent TXOs that have a related set that could fit that specific transaction. Additional metadata such as fees, IPs and other user behavioral traits make the process even more accurate. Since most TXOs (or commitments) are mapped to their spending transactions this way then outliers (outputs that are not spent shortly after being created, or outputs of users with impeccable opsec) become a small minority traceable by exclusion or extrapolation. And for a TXOchain that uses rings (Monero), which limits the possibility of real spends only among the TXOs present in the rings, the deanymization process becomes completely trivial.

In a new interview to Coindesk, Chainalysis's lead cybercrime researcher Eric Jardine has come out to admit that Bitcoin has become again the primary cryptocurrency of Darknet markets. This means Chainalysis crime marketing has officially failed. It is great news for all those of us who care about privacy because it definitively refutes Palantir's narrative that only criminals care about privacy. In case you missed it, Chainalysis is being sued by the Celsius Network debtors over their fraudulent $3.3bn audit of Celsius. In this channel I've also presented multiple pieces of evidence of how InQTel funded Chainalysis funds Monero's dead end development (through Magic Grants) and also engages in crime marketing (eg: 1, 2, 3) aggressively encouraging users to commit crimes on Monero. Chainalysis is a cancer that wants to antagonize privacy by associating it with crime. The fact that even low IQ DNM criminals are no longer falling for its Monero honeypot (probably because of stories of other Monero only users getting arrested), proves the number 1 privacy coin by market cap (as Chainalysis funded shills love to label Monero) might be ready to implode.

Understanding the different privacy protocols can be challenging for the average person because optics are often distorted by inflated market caps that gloss over fundamentals. In this cheat sheet I have summarized the raw reality of privacy protocols today beyond any narratives driven by agendas that prioritize corporate profitability over individual privacy and freedom.

Monero privacy: You've received money from one of these 5 Venmo usernames. The transaction lists 5 usernames. (UTXO + RingCT)

Zcash privacy: You've received money from an existing Venmo user. The transaction doesn't contain any usernames. (UTXO + zero knowledge proofs)

Dero privacy: You've received money from a person outside Venmo that goes by the monicker BOB98. (Account Model + HE)

396 XMR raised in less than 24h, "by our generous community". That's $100k. If you believe all that, then I got a bridge to sell you. Where does the money really come from though? The money comes from the government contracts Chainalysis gets to trace all the brainwormed Monero users that have fallen for Palantir's crime marketing that "Monero is the best privacy coin". Chainalysis/Palantir funnel their marketing funds into Monero through their proxy Magic Grants. Justin Ehrenhofer is the proof of connection between Magic Grants and Palantir/Chainalysis.