Attacker Targeted IP Addresses
As explained by Spagni, an unknown attacker ran several nodes in an attempt to compromise Monero users’ privacy. In essence, the attacker tried to record IP addresses and associate them with certain transactions to compromise user privacy.
The attack exploited a Monero-specific bug that increased the attacker’s chances of ending up in a legitimate node’s list of peers.
The attack ultimately failed, though: Spagni describes the attacker’s attempts as “largely incompetent” and “clumsy,” adding that the attacker did not exploit any of Monero’s on-chain privacy features, such as shielded transactions or ring signatures.
Spagni says that, though the precise line of attack was novel, similar attacks could be performed against most cryptocurrencies and privacy coins. As such, Spagni recommends that Monero users broadcast their transactions through Tor or i2p. Monero has also released a blacklist of addresses associated with the attacker, which will reduce further risks.
It should be noted that the attack only affects Monero users who are running a full node, not users who have a light wallet.
Who Carried Out the Attack?
It is not clear who is responsible for the attack. One possibility is that a surveillance company carried out the attack. Given that the U.S. government has contracted two analysis firms to circumvent Monero’s privacy, it is plausible that one of those firms was responsible for the attempted attack.
Spagni alleges that firms such as Chainalysis have used similar techniques to monitor other blockchains such as Bitcoin.
However, he doesn’t believe that was the case in this attack.
Spagni says that Chainalysis “already has a relationship” with exchanges and says it can ask for information that the Sybil attack would have provided. “I don’t think they’d even bother,” he concludes.
Ultimately, the identity of the attacker remains a mystery.