Monero Claims to Be Hit by an ‘Incompetent Hacker’ Author: Sherlock Gomes Last Updated: 11 November 2020 Riccardo Spagni, the maintainer of the Monero network explained that an ‘incompetent hacker’ launched a Sybil attack on the network. He said that the attack aimed to observe the activity on the blockchain. An ineffective campaign According to a Reddit thread, a batch of malicious nodes that were actively managed by a hacker was trying to interfere with the Monero network. The attack, called a Sybil attack, was going on for 10 days and all the malicious nodes have been blacklisted. A Sybil attack is a hacking method used to subvert a network’s reputation. The hacker creates multiple pseudonymous identities and uses them to exert influence on the network. The fake identities on the network, combine together to make the blockchain harder for the operator. They can also be used to gain information on the network. However, the attack on Monero was unsuccessful. Monero maintainer and Tari Labs co-founder Riccardo Spagni tweeted about the event and wrote, “Recently, a largely incompetent attacker bumbled their way through a Sybil attack against Monero, trying to correlate transactions to the IP address of the node that broadcast it.” Monero remained unaffected Despite the attack on the network, Monero remained unaffected because of its on-chain privacy mechanisms. However, the attack can be launched against almost any blockchain network. The high level of privacy on Monero means that attackers have to put in much more effort to observe the on-chain activity. The malicious nodes involved in the Monero Sybil attack used at least six forms of misbehavior. This includes, purposely dropping transactions because of which they could not be broadcasted to the worked. This led to failed transactions on the network. The nodes also actively interjected into the peerlists of the good nodes. They also exploited a bug that helped in raising the chances of malicious nodes getting identified as friendly nodes. The malicious nodes recorded IP addresses on the network and tried to associate them with some transactions. Monero’s built-on Dandelion++ solution meant that the attack was far less effective than what it could have been.