Ivan Bogatyy a member of the team at Dragonfly Research, has posted a publication on Medium, claiming that he successfully exploited the Mimblewimble (MW) privacy protocol, and had access to all the addresses in a whopping 96% of all Grin transactions run on the MW.

Bogatyy said that he did this using only $60 a week, via Amazon Web Services (AWS), a cloud computing service by Amazon. The MW protocol achieves its own privacy and anonymity by making use of CoinJoins, which is basically a way to merge several different transactions in a block to produce an ‘anonymity set.’ However Bogatyy’s findings prove show that there is a big enough problem with the protocol. He wrote:

“In my attack, I was able to link 96% of all transactions while only connecting to 200 peers out of the total 3000 peers in Grin’s network. But if I wanted to spend a bit more money, I could easily connect to 3000 nodes to disaggregate almost all transactions.”

The above excerpt means that if Bogatty decided to spend more than $60 a week on AWS, he could easily break the CoinJoin process of merging transactions in a block to achieve anonymity. Bogatty added however that the problem might be unfixable for MW, and further suggested that other privacy networks such as Zcash and Monero, are a lot better regarding privacy, than MW.

Back in January, a new line of miners was launched, targeted at the Grin digital currency.

Image Credits: Pixabay

The post Severe Mimblewimble Vulnerability Discovered With Just $60 A Week On AWS appeared first on Latest Crypto News.



This content is synced from the rightful owners. Copyright on text and images belong to the original source.

--
This article was first published on: Latest Crypto News