- The attack was trying to gain information about users on the Monero blockchain.
- Monero maintainer Riccardo Spagni says it was largely ineffective.
- Recent Monero updates have made it more resistant to such attacks.
Decrypt’s Art, Fashion, and Entertainment Hub.
A batch of malicious nodes that are “actively managed”—according to a thread on Reddit—have been trying to interfere and disrupt the Monero network, in what’s known as a Sybil attack. The attack has been ongoing over the last 10 days and the nodes have since been blacklisted.
A Sybil attack is a way for an attacker to try to subvert the reputation of a network by creating multiple pseudonymous identities, and using them to garner influence in the network itself. These attacks harness fake identities that, when combined, can frustrate a blockchain and make it harder to operate. Or they can be used to gather information from the blockchain. Yet this attack was largely unsuccessful.
“Recently, a largely incompetent attacker bumbled their way through a Sybil attack against Monero, trying to correlate transactions to the IP address of the node that broadcast it,” Riccardo Spagni, a maintainer of Monero and co-founder of Tari Labs, tweeted today.
The attack, which Spagni said had no effect on any of Monero’s on-chain privacy mechanisms, could be executed against almost any cryptocurrency. But Monero’s high level of privacy means that those trying to observe the network need to put in much more effort.
Monero’s Sybil attack
The malicious nodes involved in this Sybil attack demonstrated at least six forms of misbehavior.
These actions included: active injection into the peerlists of honest nodes; exploiting a bug that raised the chances of malicious nodes ending up in a list of friendly nodes; and purposely dropping transactions so they were not broadcasted to the network, which resulted in transactions getting stuck, or failing.
Lastly, these malicious nodes recorded IP addresses and attempted to associate them with certain transactions. Yet, Monero had a built in solution—Dandelion++—that made this tactic far less effective than it otherwise could have been.
What Monero got right: Dandelion++ and Tor
Monero’s primary defence against a Sybil attack is the support of Tor, an anonymous internet browser, which is being used to broadcast transactions. However, as a second layer of security, Monero uses Dandelion++.
Dandelion++—which Monero implemented in April of this year—is a defence mechanism that diffuses transaction broadcasts, according to one of Spagni’s recent tweets. This means that any Sybil attack that intended to link a transaction to a node’s IP address would have to intercept this data at the very first stage of a transaction broadcast.
Recently, a largely incompetent attacker bumbled their way through a Sybil attack against Monero, trying to correlate transactions to the IP address of the node that broadcast it. Whilst novel in that it is the 1st Sybil attack of this sort, it was also quite ineffective. 1/n
— Riccardo Spagni (@fluffypony) November 10, 2020
“This attack, whilst novel in that it is a live Sybil attack against a network, was simply not large enough to be broadly effective against Dandelion++,” tweeted Spagni, adding that “the attacker would have had to launch many thousands more nodes.”
With that said, Dandelion++ is not a guaranteed fix all solution. Spagni told Decrypt that the software is meant to be effective against casual monitoring, and it is “not meant to stop a persistent, sophisticated attacker from mounting a Sybil attack.”
It is true that a sophisticated attacker could gain dominance in the network, and thus enjoy a relatively high chance of having access to the node that receives a transaction broadcast, but Dandelion++ remains a useful tool regardless.
“Dandelion++ will still be useful on top of those nodes. It just makes data analysis that much harder,” Spagni added.
In any case, this attack was simply not large enough to give Dandelion++ much trouble, but it did provide some useful lessons. “It is important to be aware that Sybil attacks can be more subtle and less clumsy than this,” Spagni tweeted.
This is an important point, as Sybil attacks can occur on any blockchain.
Sybil attacks, regulators and Bitcoin
As Sybil attacks are theoretically possible on any network, this has led to debate about the merits of software like Dandelion++ for other cryptocurrencies.
Bitcoin—the world’s most famous cryptocurrency—“hasn’t implemented Dandelion++ because they have concerns about DoS resistance,” Spagni said.
According to a bitcoin.stackexchange forum, because transactions are relayed prior to acceptance into a node’s mempool, Dandelion++ results in “potential DoS vectors if transactions can be systematically relayed via Dandelion but ultimately not be accepted to any node’s mempool.” In other words, transactions would get stuck, almost permanently, without every being accepted.
Bitcoin is not the only key crypto player to have not implemented or made use of Dandelion software.
Entities like Chainalysis, a blockchain analysis company, have also not dedicated many resources to Sybil attacks. “They’ve perfected blockchain analysis, so why bother with the much more expensive Sybil attack when they can just ingest data sources for correlation,” Spagni said.
This just serves as another reminder that nearly all blockchain data is publicly available—and surprisingly unsuitable for criminal activity.