On Nov. 10, 2020, the Monero blockchain was targeted by an attempted Sybil attack, as per a report from project leader Riccardo Spagni. The unknown attacker ran several nodes to compromise users’ privacy but ultimately failed.
Spagni explained that the attack exploited a Monero-specific bug to record IP addresses and associate them with certain transactions to compromise user privacy.
A Sybil attack essentially tries to hijack a network through multiple accounts, nodes, or computers. The malicious actors then capture most of the blockchain’s computing power and prevent transactions from being confirmed.
In a successful breach, attackers can outwit honest nodes by creating multiple fake IDs. After that, they can interfere with the receiving and forwarding of blocks, preventing other users from accessing the network.
Fortunately, the latest attack did not affect Monero’s privacy mechanisms, such as shielded transactions or ring signatures. Spagni described the attempted privacy breach as ineffective and incompetent, adding that the attackers would have needed to launch thousands of nodes.
Monero’s Primary Defence Helps Avert Sybil Attack
Monero has implemented multiple high level security features to ensure that nodes transmit transactions entirely anonymously. In fact, the privacy-based blockchain already incorporates solutions to prevent a possible Sybil attack.
The first layer of defense is Tor, an anonymous internet browser deployed to broadcast transactions on the network. XRM also uses Dandelion++, which made the latest mischievous tactic much less effective.
The security layer implemented in April of this year works by diffusing transaction broadcasts, as Spagni explained in his tweet below.
“This attack, whilst novel in that it is a live Sybil attack against a network, was simply not large enough to be broadly effective against Dandelion++. The attacker would have had to launch many thousands more nodes.”
Monero has now released a blacklist of addresses associated with the hackers and listed IP addresses that would have been intercepted with the Sybil attack on monero-badcaca.net.
XRM’s top project developer warned that a similar threat is possible on virtually all permissionless cryptocurrencies. He recommended that crypto enthusiasts concerned about the efficacy of a Sybil attack, whether they use BTC or XRM, should consider running their node behind Tor.
Spagni’s comments have raised the question whether software like Dandelion++ is necessary to protect other cryptocurrencies such as Bitcoin.
Who Was Behind the Attack?
While the attacker’s identity remains a mystery, some in the crypto community suggest that a surveillance company could be involved.
Indeed, the U.S. government has recently contracted two analysis firms to circumvent Monero’s privacy. It is thus possible that one of those firms was behind the failed privacy breach.
In the past, data analytics entities like Chainalysis have used similar techniques to monitor other blockchains such as Bitcoin.
However, Spagni dismissed such a scenario, noting that Chainalysis “already has a relationship” with crypto exchanges that can offer them info that a Sybil attack would provide.