Flaws in Monero Could Make Transactions Traceable


The cryptocurrency world is evolving at a speed that leaves many newcomers lost in a haze of uncertainty. A team of researchers from various institutions — including Princeton, Carnegie Mellon, Boston University, MIT, and the University of Illinois at Urbana-Champaign have found flaws in Monero cryptocurrency which could lead to the identification of clients.

What is Monero?

According to its website , Monero is a secure, private and untraceable currency system. It uses a special kind of cryptography to ensure that all of its transactions remain untraceable. But a group of researchers has discovered that Monero’s security assurances, while superior to anything Bitcoin’s, still aren’t the shroud of imperceptibility they may appear. Let’s take a look at what they found.


Monero is a privacy-centric cryptocurrency based on the Cryptonote  protocol. Researchers found two flaws. In Monero, new transactions “mix” with other previous transactions in the blockchain in the way the protocol itself dictates. In other services, users “mix” their coins with other users’ coins to make one transaction with many inputs and outputs. They are as follows:

Flaw 1: Most Monero transaction inputs prior to February 2017 contain deducible mixins, and can be traced to prior transactions via analysis.

Researchers first discovered that minute observations enable anyone to recognize a portion of the bait mixins used to cover for a genuine coin being spent. In Monero’s first year, for example, it enabled clients to quit its security assurances and go through coins with no mixins by any means. (Today, Monero requires at least four mixin imitations for each exchange.) The issue with that quit framework: When an officially spent and distinguished coin is later as a mixin, it can be effortlessly culled out of the blend to help recognize the rest of the coins. In the event that outcomes in another coin being distinguished, and that coin is itself utilized as a mixin in a resulting exchange, it can decrease the stealth of those later exchanges, as well.

According to this paper, “The Monero software allows users to configure the default number of mixins to include in each transaction. Most Monero transaction inputs (64.04% of all transaction inputs) do not contain any mixins at all (“0-mixin transactions”), but instead explicitly identify the prior transaction output (TXO) they spend, much like ordinary Bitcoin transactions”

Flaw 2: Monero mixins are sampled in such away that they can be easily distinguished from the real coins by their age distribution; in short, the real input is usually the “newest” input.

In any mix of one genuine coin and an arrangement of fake coins packaged up in an exchange, the genuine one is probably going to have been the latest coin to have moved preceding that exchange. Prior to a current change from Monero’s designers, that planning investigation effectively recognized the real coin in excess of 90 percent of the time, essentially invalidating Monero’s security shields.

In short, when the Monero client spends a coin, it samples mixins to include by choosing randomly from a triangular distribution over the ordered set of available TXOs with the same denomination as the coin being spent. How-ever, when users spend coins, the coins they spend are not chosen randomly from the blockchain, but instead appear (based on our empirical observations) as though drawn from a highly skewed distribution.


Researchers have suggested three recommendations so that privacy can be improved for legitimate uses in the future

  • The mixing sampling distribution should be modified to closer match the real distribution
  • Avoid including publicly deanonymized transaction outputs as mixins
  • Monero users should be warned that their prior transactions are likely vulnerable to tracing analysis