Monero targeted by Sybil attack – Flufflypony warns Bitcoin users

• Monero’s network receives a failed Sybil attack that attempted to breach its privacy mechanisms.
• Developer Ricardo Spagni revealed that Monero has been updated to have additional measures against future similar attacks.

Monero’s former chief maintainer, Ricardo “Flufflypony” Spagni, ”did so reported via Twitter that the network was targeted by a Sybil attack. Spagni made it clear that the attack was new, but inefficient and was unable to affect chain transactions on the Monero network or breach its privacy mechanisms.

Specifically, the attack attempted to correlate the IP address of a node transmitting a transaction. However, in April this year, Monero implemented a method to “hide” and prevent the anonymity of transaction data from being breached by interfering with node communications. This method or set of techniques is called Dandelion ++ and was developed by researchers from the University of Illinois in the United States. Spagni explained:

Dandelion ++ works by randomly “broadcasting” transaction broadcasts. This means that for a Sybil attack to link a transaction to a node’s IP address, it must be intercepted at the first node in the “root” phase of a Dandelion ++ transmission.

The developer added that the attack Monero received was inefficient because it did not have the required extension to be “widely effective against Dandelion ++”. The attacker was supposed to “launch thousands of nodes”, but still would not have been able to violate the privacy of transactions in Monero.

The attack was ineffective against users connected to a Monero lightnode (like MyMonero), against users who have a Tor / i2p to connect to their nodes or a VPN. Furthermore, according to Spagni, even users with a pushtx in a Monero block explorer were not affected, nor were most users who have a remote node such as Monerujo or GUI. However, Spagni said:

(…) It taught us some valuable lessons as Sybil nodes also tried to interrupt the flow of transactions (by not retransmitting them) and tried to break the synchronization of the nodes by not serving them blocks. Therefore, the latest version of Monero (0.17.1.3) fine-tuned how a node handles misbehaving peers.

An attack that may have hit Bitcoin

“Flufflypony”, as it is popularly known in the crypto community, has warned that a Sybil attack with the described characteristics can affect Bitcoin or any other cryptocurrency, such as Ethereum, Litecoin, among others. Also, the attack could be “less clumsy”, more subtle or more sophisticated if the attacker had more money. Spagni outlined:

If you are truly concerned about the effectiveness of a Sybil attack (whether you are a Bitcoin or Monero user), then I highly recommend running your node behind Tor, or at least broadcasting your transactions on the pushtx functionality of a block explorer ( also accessible via Tor).