Only the red arrow leads to the real coin, the rest are fake duplicates
Monero is a leading privacy-focused cryptocurrency. It is based on the CryptoNote 2.0 protocol from 2013. It fixes the shortcomings of Bitcoin, including the obvious connection between the input and output of a transaction (lack of anonymity). In Monero, “mixins” are added to real inputs, which makes it impossible to determine who exactly is transferring a specific coin.
But in 2018, it turned out that everything is also easily tracked in Monero. But transactions are forever stored in the blockchain - and they can be used to de-anonymize specific people even many years later. For example, the owner of Bitcoin Fog was given away by a blockchain analysis from 2011.
Three years ago, a team of researchers from Princeton, Carnegie Mellon, Boston University, MIT, and the University of Illinois at Urbana-Champaign pointed out flaws in Monero’s mixer that allows specific inputs and outputs to be linked.
The researchers note that simple tricks allow an observer to spot some of the fake mixins. For example, until February 2017, the system allowed users to opt out of privacy protection and spend coins without any mixins at all . So 64.04% of all transactions on the blockchain during that period were conducted without mixins, meaning they were completely without Bitcoin-style privacy protection. (Since the protocol change, Monero now requires a minimum of four mixins to be installed for each transaction). The problem is that those 64% of identified coins are then added to other mixins, which helps identify the rest of the coins. Analysis has shown that 63% of the rest can be identified in this way.
The second problem is related to the timing of transactions. The algorithm was supposed to distribute the mixins randomly. But an analysis of real transactions in the blockchain showed that it placed the real coin in first place among mixins in 92.33% of cases. According to the simulation, this figure is 80%, practically nullifying Monero's privacy guarantees.
Monero developers make constant improvements to the protocol to reduce this percentage of detecting real inputs in transactions. The graph shows how it decreased over several years, up to April 15, 2017. The progress is noticeable, it was possible to reduce the level of deanonymization to 20%. But this is far from zero, and we can assume that now it is somewhere in the range of 5-15%.
It is also clear from the graph that the probability of detecting real transactions strongly depends on the number of mixins.
It is important to note that all this helps to identify only the sender of the coin, but not the recipient, since Monero hides the recipients' addresses using another technique.
Since Monero was created specifically to ensure privacy, users counted on this anonymity. And many have used Monero to make confidential and sensitive transactions, including those related to illegal activities... The simplest example is the purchase of goods prohibited by Russian law, such as marijuana or weapons, in underground stores. Or transactions by opposition activists in authoritarian countries. There are many examples, because according to the UN, anonymity is an inalienable human right.
It is understandable why users count on privacy in Monero. After all, this company officially states on its website that transactions are “untraceable”.
It now turns out that Monero users can be deanonymized in the same way as Bitcoin users. You can read about methods for deanonymizing Bitcoiners, for example, in the scientific paper Deanonymisation of Clients in Bitcoin P2P Network (Alex Biryukov, Dmitry Khovratovich, Ivan Pustogarov, CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014, pp. 15–29, DOI: 10.1145/2660267.2660379), or in the real criminal case against Roman Sterlingov, the owner of the Bitcoin Fog mixer mentioned at the beginning.
Interestingly, Andrew Miller, an advisor to Zcash, another privacy-oriented cryptocurrency, is listed among the authors of this scientific paper .
Source
