Guest
Lvl 0

0 / 0
Posted
X 1 X 1
23
Thoughts on the drastic transaction volume increase and how a flooding attack could work

Original Twitter thread: https://twitter.com/sethforprivacy/status/1418546981467738116?s=20
Nitter link: https://nitter.net/sethforprivacy/status/1418546981467738116#m

Over the last 24h the Monero network has seen doubled network volume with no obvious drivers.

Here is a quick thread on the stats around it and the potential of it being an attack known as "FloodXMR"

👇 2/ The network has been hovering around 25-30TX/block for the past few months, near ATHs for transactions and seeing good, organic growth.

For some reason that changed over the last 24h and we're now seeing ~60TX/block, by far a network all time high.

localmonero.co/blocks/stats Image 3/ No significant changes in hashrate, but the percentage of blocks above the initial median of 300k is also an ATH, and pushing block sizes over the median automatically (a great way that the Monero network handles temporary on-chain rushes algorithmically). Image 4/ You can see the drastic increase in mempool TXs starting on 7/22 here.

node.clearwater-trust.com/d/0ktA4KDGk/xm… Image 5/ Some more good stats for the past 24h can be seen here as well:

pooldata.xmrlab.com 6/ This, of course, could be organic and natural usage, but the drastic increase overnight is certainly unexpected and unprecedented (AFAIK).

Enter a potential attack known as FloodXMR which can be used to attempt to deanonymize transactions. 7/ For large scale deanonymization you'd have to own a massive amount of outputs for a long time as you have to always own the majority of spends in the recent network activity.

@JEhrenhofer has some great data here: https://twitter.com/JEhrenhofer/status/1126915724059054081?s=20

8/ It's important to note that the attacker has to own 65% of the TX activity on the network constantly to start to deanonymize transactions, and to have knowledge of >50% of spends would require owning 95% of outputs at all times. 9/ But if the attacker doesn't care that its visible, and doesn't mind paying massive amounts in fees (due to paying multiples of fees to bump block size), then its definitely a threat and would make using the chain privately practically impossible until the attack ends. 10/ It doesn't, however, reveal historical or future outputs after the weighted decoy-selection window is past, so would essentially give a bell curve visibility into true spends while active, and quickly taper off when stopped. 11/ If this is a flooding attack, it's incredibly clumsy and very easy to spot.

If it's not, there is some driver causing massively increased chain usage that I am not aware of. 12/12 What are your thoughts on this change? Anyone know of a potential driver for the increase being organic?

Hopefully this thread helps break it down a bit for you all.

       
25 exp X 1    50 exp X 1
Post a reply.
27

Can someone ELI5 why increased volume isn’t a good thing? Surely it doesn’t need a ‘catalyst’ and is just people using the network?

23

Assuming this is a FloodXMR attack, what would be the approximate hourly / daily cost to execute?

21

If one single entity is indeed capable of spamming the network for almost no cost wouldn't some Proof of Elapsed time help preventing or at least make such spam attacks much more inefficient?

I am inexperienced in blockchain programming and it's just an idea that occured to me spontaneously after seeing people suggesting raising the fees.

20

Exciting to watch ;) Although it's nothing new to me, thank you for summing that up!

17

I think u/Tystros has very early spotted a more possible explanation

The flood XMR attack is perpetually very costly, has to go on for ever to be effective, and has to increase on par with increase in real usage. Imhv, we can not exclude it, but this is not the case atm.

43

Has anyone wondered if it is someone trying to shield their own transactions by flooding the network? So no a “flooding attack” but instead a “flooding protec”?

17

The number of people latching on to my public node this morning was around an all time high.

IMO, a lot of Monero is on the move. One reason could be a ransomware attack against some entity, demanding a large sum of money in Monero. Not every ransomware attack is made public.

Stats
Post Views: 14
Comments: 7

Upvotes: 0
Downvotes: -2

Decay Rate: 1
Current Score: 0
Top Score: 23
Top Post Tips
Top Comment Tips