Reading: Dash FastPass Rollout Across Top Cryptocurrency Exchanges Sparks Bullish Surge

Arbismart Logo
News

Mimblewimble Attacked Using $60 Per Week on AWS

Avatar

Osato Avan-Nomayo · @OsatoNomayo | Nov 18, 2019 | 13:55

mimblewimble hacked for less than $60 on AWS News

Mimblewimble Attacked Using $60 Per Week on AWS

Avatar

Osato Avan-Nomayo · @OsatoNomayo | Nov 18, 2019 | 13:55

Advertisement
Send
Share

Ivan Bogatyy of Dragonfly Research says he was able to use as little as $60 per week on Amazon Web Services (AWS) to expose a critical vulnerability on the Mimblewimble (MW) privacy architecture. This flaw in the MW protocol may dent the network’s aspiration of being a viable alternative to other privacy-focused blockchains like ZCash and Monero.

Massive Mimblewimble Flaw Uncovered

In a Medium post published on Monday (November 18, 2019), Bogatty revealed that he was able to expose the participating addresses in 96% of Grin transactions on MW. According to Bogatyy, this exploit of the MW protocol only cost $60 per week on AWS — Amazon’s cloud computing platform.

An excerpt from Bogatyy’s post showing the severity of the problem and the ease with which attackers can exploit vulnerability reads:

In my attack, I was able to link 96% of all transactions while only connecting to 200 peers out of the total 3000 peers in Grin’s network. But if I wanted to spend a bit more money, I could easily connect to 3000 nodes to disaggregate almost all transactions.

By “disaggregate,” Bogatyy is referring to the process of preventing transactions from coupling together in MW’s CoinJoin which ensures anonymity.

While other privacy-focused cryptos use decoy UTXOs or shielded transactions, MW achieves anonymity by means of massive CoinJoins. Each CoinJoin is an amalgamation of multiple transactions in a single block to create the ‘anonymity set.’

Still A Viable Alternative to ZEC and XMR?

Bogatyy did remark that the vulnerability was known to the MW developers. However, his findings prove that it requires little capital outlay to exploit the weakness in MW’s privacy architecture.

For Bogatyy, the presence of and ease with which attackers can take advantage of the vulnerability also makes MW a poor alternative to the likes of Zcash (ZEC) and Monero (XMR). According to Bogatyy:

The problem is inherent to Mimblewimble, and I don’t believe there’s a way to fix it. This means Mimblewimble should no longer be considered a viable alternative to Zcash or Monero when it comes to privacy.

The presence of this vulnerability may also affect Litecoin’s proposed MW integration. Back in early 2019, the Litecoin Foundation announced that it was looking to incorporate extension blocks on Litecoin to ensure privacy and anonymity.

What do you think about the vulnerability exposed in the Mimblewimble privacy architecture? Let us know in the comments below.

Images via Twitter @IvanBogatyy.

BitStarz Player Lands $2,459,124 Record Win! Could you be next big winner?

Tags: , , , , ,
Send
Share
Show comments
News

Evolve Fund Files for Ethereum ETF after Bitcoin Approval in Canada

Just weeks after opening a Bitcoin (BTC) exchange-traded fund, Evolve Fund has opted to file for a similar ETF product based on Ethereum (ETH). With $1.7 billion assets under...

San Lee | 4 days ago
News

Cryptos Rally off Equity Markets and Institutional Interest

The Crypto market rose on Monday as new macro factors and institutional interest weighed in. Cryptos Recover from Selloff Following last week’s sell-off, Bitcoin and the broader...

San Lee | 5 days ago
bitcoin tulip mania
News

New Indicators Point to Bitcoin Sell-off Slowing Down

New Indicators Point to Bitcoin Sell-off Slow Down  As Bitcoin recovers from recent lows of $43,500, new indicators have shown that the sell-off may be slowing down. SOPR dips in...

San Lee | 5 days ago