Friday, February 3, 2023

Anonymous No More? Monero Exploit Reveals User Identities to Hackers

Anonymous No More? Monero Exploit Reveals User Identities to Hackers

An independent researcher claims he has discovered a vulnerability in Monero that allows malicious actors to locate the IP addresses of users on the network. This exploit could mean the end of anonymity for Monero if used by the wrong people, ultimately erasing the cryptocurrency’s biggest feature.

Also read: It’s Happening: Bitcoin Cash Is Set to Hard Fork on November 13

Monero Vulnerability Threatens Users’ Identities

The researcher, Anthony Russell, says that he can actually locate Monero users through transaction broadcasts.

When users open up their Monero wallets, they connect to the peer-to-peer network, which allows users to then connect to individual wallets.

According to Russell, If the users of those wallets aren’t using TOR or I2P, you can easily determine their IPs.

One potential problem with this method is that it doesn’t necessarily differentiate between server nodes and peers. However, Russell says that this can be overcome by doing a simple whois search.

Script Made To Automate the Process


Russell created a script to automate the process of locating users’ IP addresses after he initially discovered the vulnerability.

Anyone can download and view the script as he made it publicly available on GitHub.

He also gave a simplified version of the script:

netstat -ant | awk ‘{ print $5 }’ | cut -d: -f1,2 | sort -u | grep 18080 | cut -d ‘:’ -f1

What this command does is calls netstat, searches for connections and then cuts out the IP address.

However, Russel said that while the script itself doesn’t eliminate server nodes, the user can easily infer through a process of elimination which of the IP addresses belong to servers and which ones belong to individuals.

Russell goes on to make commentary regarding the implications of such a discovery, including how hackers and the government could use it either blackmail users or go after people who use Monero to evade taxes.

What do you think of the researcher’s claim? How secure do you think Monero actually is? Let us hear your thoughts.

Images via Monero

Bitsonline Email Newsletter