Ivan Bogatyy a member of the team at Dragonfly Research, has posted a publication on Medium, claiming that he successfully exploited the Mimblewimble (MW) privacy protocol, and had access to all the addresses in a whopping 96% of all Grin transactions run on the MW.
Bogatyy said that he did this using only $60 a week, via Amazon Web Services (AWS), a cloud computing service by Amazon. The MW protocol achieves its own privacy and anonymity by making use of CoinJoins, which is basically a way to merge several different transactions in a block to produce an ‘anonymity set.’ However Bogatyy’s findings prove show that there is a big enough problem with the protocol. He wrote:
“In my attack, I was able to link 96% of all transactions while only connecting to 200 peers out of the total 3000 peers in Grin’s network. But if I wanted to spend a bit more money, I could easily connect to 3000 nodes to disaggregate almost all transactions.”
The above excerpt means that if Bogatty decided to spend more than $60 a week on AWS, he could easily break the CoinJoin process of merging transactions in a block to achieve anonymity. Bogatty added however that the problem might be unfixable for MW, and further suggested that other privacy networks such as Zcash and Monero, are a lot better regarding privacy, than MW.
Back in January, a new line of miners was launched, targeted at the Grin digital currency.
Image Credits: Pixabay
The post Severe Mimblewimble Vulnerability Discovered With Just $60 A Week On AWS appeared first on Latest Crypto News.
This content is synced from the rightful owners. Copyright on text and images belong to the original source.
This article was first published on: Latest Crypto News