Last Updated on
This week, Mimblewimble, a blockchain network that touts itself for prioritizing privacy, was exposed for being inherently flawed. Ivan Bogatyy, a researcher at venture capital firm Dragonfly Capital Partners, wrote in a blog post published on November 18 that he was able to gain access to the security protocols of GRIN, the cryptocurrency hosted on the Mimblewimble network.
— Alexander Zaidelson (@azaidelson) November 19, 2019
By spending just about $60 weekly on Amazon Web Services, the researcher claimed that he was able to access the wallet addresses of both senders and recipients on about 6 percent of the transactions conducted with the asset.
Ensuring privacy in crypto
In his blog post, Bogatty explained that this flaw was peculiar to Mimblewimble, and not other privacy-focused cryptocurrency networks like Monero and Zcash. He added that there is currently no solution for the privacy gaffe, thus effectively putting GRIN and Mimblewimble one rung lower on the ladder of privacy cryptocurrencies.
MimbleWimble Without the Scary Math – Qtum https://t.co/svAm8Bb3DX
— Gandalf (@Gandalf_Lord) November 19, 2019
The piece also saw Bogatty speak on how privacy in crypto is usually ensured, with most of them being based on anonymity tests. Essentially, patterns that aggregate several transactions into a set, such that they remain indistinguishable. Based on this, he pointed out three major approaches used by privacy coins. Of all privacy coins, his analysis showed that Zcash is the most effective in doing its job, since its anonymity set also includes shielded transactions.
As for Monero, users can pick their anonymity set between sizes 10 and 25 for existing on-chain unspent output from Bitcoin transactions (UTXO), while all transactions on Mimblewimble are aggregated into a single CoinJoin, leaving anonymity set as all the transactions being on one block.
This flaw was what made it possible for him to gain access to such a high percentage of transaction records. As he put it, the remaining 4 percent that he couldn’t get consisted of a few transactions which had already merged before most nodes could see them.
Privacy enthusiasts still love Monero
Although this research gives a lot of insight into how to go about building a privacy coin, its effects on the nature of the market probably won’t be so pronounced. GRIN ranks as 112 among crypto assets by market cap (value at $1.27), while both Monero (rank #13, worth $59.69) and Zcash (rank #31, worth $34.67) rank way higher (according to data from CoinMarketCap).
As for users who love privacy, it would seem like Monero is getting the job done as well. Given how regulatory authorities continue to find it easy to track transactions conducted on the Bitcoin network and with the currency, many have heralded Monero as the new king of privacy coins.
Sadly, a lot of these people have been criminals, as well. Several malware has been discovered this year, with most of them opting to either use brute force hacking or the popular cryptojacking method to mine Monero tokens and send them to the attackers.