GRIN may not be as private or secure as we’re led to believe. One user says that he was able to uncover 96% of all sending and receiving addresses in real-time.
One major exploit may call into question Grin’s entire promise of a private, anonymous blockchain. A user has managed to break the protocol on Grin, Mimblewimble, and demonstrate it is partly broken. He says he was able to uncover the vast majority of ‘anonymous’ addresses through just a simple trick.
Grin’s Privacy May Be Broken
In a blogpost titled Breaking Mimblewimble’s Privacy Model, Ivan Bogatyy concludes that Grin’s privacy is fundamentally flawed. “I was able to uncover the exact addresses of senders and recipients for 96% of Grin transactions in real time,” he writes. He was able to do so by paying just $60-per-week on Amazon Web Services.
The issue lies in Mimblewimble’s anonymity set including all transactions in the same log. This means that one can track transactions using just a single address. By default, each Grin node is able to connect to 8 other peers. However, Bogatyy was able to connect his customized node to every other node on the network. This effectively made him a supernode and allowed him to uncover transactions with almost perfect precision.
Bogatyy says that, although Grin still offers a stronger privacy model than Bitcoin, it has been proven to now be fundamentally flawed. “This makes it insufficient for many real-world privacy use cases,” he says.
Is Mimblewimble Salvageable?
According to Bogatyy, it depends.
The Mimblewimble protocol still boasts some unique properties, However, it needs to be combined with other protocols because as a stand-alone, it simply does not have robust enough privacy protections.
Devastating bugs have been discovered in Zcash (ZEC) and Monero (XMR) before. So, these things happen. However, if Grin wants to stay relevant in the privacy world of cryptocurrencies, it cannot continue existing as it does.
Images are courtesy of Shutterstock.
Did you know you can trade sign-up to trade Bitcoin and many leading altcoins with a multiplier of up to 100x on a safe and secure exchange with the lowest fees — with only an email address? Well, now you do! Click here to get started on StormGain!