I recently explored the tracability of monero and found a monero tracing tool made by Ciphertrace. It's a really neat visualizer of the monero blockchain with a way to trace transactions through it using a set of techniques broadly known as "decoy elimination." And I wanted to make something similar. So I did! Please help me improve it and make it better by contributing to my github.
pull down to refresh
How it works:
Mostly it gives you the basic info about a transaction and buttons for eliminating "decoy senders" whom you are mostly expected to identify using off chain data. I have a way to manually identify ringsig members as decoys but I haven't automated it yet. What I want to do is use known "view keys" to identify decoys, because if you have the view key you know the "true" tx in which you spent your own coin, so if you've been used as a decoy you can automatically filter that out.
Right now it also has two automated heuristics: merge analysis and recency bias. If you received coins in two very close blocks and then spend them together, your ring, which should contain keys from semi-random blocks, will have two suspiciously close blocks where you held both inputs. So you can identify those as the real spender's coins.
Recency bias takes advantage of the fact that most decoy selection algorithms are biased toward selecting keys from recently created utxos (on the principle that actively circulating coins are more likely to be spent than old ones). When you have a group of "new coin" decoys, coins that are significantly older stick out like a sore thumb, and you can plausibly identify them as the real spender's coins.
Other metrics I want to add include bot detection (which is based on identifying txs with many outputs, since these tend to be created by automated software rather than a real person) and taint tree analysis (which creates trees of possible senders fanning out backward in time from a known destination). I also think I can fingerprint wallets by their coin selection algorithm and then identify change when it shows up in a tx that uses the same algorithm.
One thing I learned while making this is that tracing monero is possible but it seems to take a considerable amount of manual work, a large set of off chain data about addresses that you know the view keys for, and regularly creating xmr transactions yourself so that you can identify your outputs as decoys when they show up in other people's transactions
My two automated heuristics right now only identify the sender in about 1 in 15 cases, so most of the time when looking at a transaction all you see is a tool for manually filtering out decoys on your own, which is still useful, but more automation is desirable
I hope to add about four more automated heuristics but I still think you'll need a considerable amount of off chain data entry to get really good data
@CHADBot /eli5
You have summoned CHADBot. Please zap this post 21 sats to receive service.
Made with ๐งก by CASCDR
supertestnet shared a tool they made that makes it possible to follow transactions in Monero, a type of online money that's supposed to be super secret and untraceable. The tool uses a method they call "decoy elimination." It's like a big detective game, to see which transactions are real and which ones are fake or "decoys".
They explain how the tool works. It's a bit like a jigsaw puzzle; they have some pieces but are still trying to figure out where the other pieces go. The tool spots clues like when someone spends money really soon after getting it (merge analysis) or uses super new digital coins when older ones are more common (recency bias). These clues can help identify the real transactions.
The tool also has other cool features in the works, like spotting automated bots (imagine finding robots hiding among humans) and tracing possible senders. It's a bit like a big tree that starts from someone who got money and reaches back to find out where that money could have come from.
But it's not easy. Even with this genius tool, you still need more information that isn't given in the transaction itself, like keys to secret lockers where the coins are stored. The tool also needs to witness a lot of transactions in action to understand the patterns. Right now, it can only find the sender in about 1 out of 15 cases.
So, even though it does a good job playing detective, there
Made with ๐งก by CASCDR
You should implement exchange - buyer - seller - exchange chain tracing into your tool:
https://ryo-currency.medium.com/how-buying-pot-with-monero-will-get-you-busted-knacc-attack-on-cryptonote-coins-a4a860c7bafc
Ignore the brainwashed fanbois that do not realize IRS bounty was paid out 4 years ago
https://cointelegraph.com/news/chainalysis-and-texas-firm-win-million-dollar-irs-contract-to-crack-monero
https://m.stacker.news/43475
๐๐๐
I just tried it. This tool does not trace anything.
"This hammer didn't hammer by itself"
It doesn't work. Nice try maybe next time you can get the IRS bounty.
Then show me a transaction it got wrong
I suspect it probably does get some wrong but just saying so without evidence won't cut it
What a savage, love it.
You got some kind of vendetta going on right now huh?
โMonero is superior to LNโ. LMAO
๐
Nice try.
The reason it's so hard for you to scan for the recipient address is because it is a stealth address that will never be seen on the blockchain again. These stealth addresses are randomly generated and can only be linked back to the recipient by the recipient private keys. Please read the Monero docs or source code.
That is not true, stealth addresses are identified on the blockchain multiple times. For example, this stealth address:
2c8e2c071f0a6bc9551edce19348d1ae9fa97a08e8aea4baa7a3de9cdfa2d337
appears in these TWO transactions:
05577b668dc39861fcb3353803d493c63c31214fc743a8061b3a2147cd79aad9
d3ec3ab8c7f92d229e256329dd7bdb44776ad2651dccfb9934ae69175b3a920d
Please learn how monero works. Stealth addresses don't work if they only appear once, they must appear as decoys later or you can precisely identify the "true" spend transaction where that output is spent
oh no super...not like this
https://m.stacker.news/43516
Maybe we should rather help Monero (and Bitcoin/LN of course) being more untraceable instead helping the fucking feds?
I suspect the monero community will quite like this tool and help me improve it
To make a great shield, you must first make a great spear
Post this in monero.town They would love to hear your feedback
It's better to expose existing vulnerabilities. If the good guys don't create tools like this, the bad guys will.
No.
Monero is an attack on Bitcoin. Besides, only criminals use it. If I am not buying drugs I have nothing to hide so that means I don't need Monero.
Monero doesn't care about Bitcoin.
Monero is in competition with Bitcoin
Improvements in bitcoin privacy destroys monero's use case.
There will never be privacy on-chain on Bitcoin.
We already have on chain privacy on Bitcoin with coinjoins: https://mempool.space/tx/fc13786aa9a350d06e7f63c69e7989917981c689f284a7eba3130cde958e23bb
Is not effective
Ok, prove your claim: Which inputs of the coinjoin transaction created each output of the coinjoin?
You guys don't understand that there is no perfect privacy. But there are tools to increase your privacy levels. Use your energy and improve Bitcoins privacy. Because mass adaption will fail if not. People will use currencies with more privacy than Bitcoin. Mark my words.
Find one
Monero
Not good for Monero, but at the end of the day we need smart people to create things like this to find inefficiencies. How else can one improve?
Great now you can grab the IRS bounty;)
Big yikes if true ๐
https://m.stacker.news/43477
https://supertestnet.github.io/examiner/examiner-example.gif
https://m.stacker.news/43536
where can he get the address of the picture I circled? If it could be implemented, surely everyone would try it.
I hadn't uploaded it to github yet so what you're looking at is a locally hosted url. The same tool is now available here: supertestnet.github.io/examiner
You gonna break the hearts of all 'privacy freaks'.
You can use it to manually trace monero transactions and sometimes it even automatically identifies the sender for you. That's pretty neat. Try to do that with LN, I suspect you can't!
Bro you are one of my favorite devs out there, hats off
Nice.
deleted by author
That is not my experience. I ask people to help me improve my stuff here all the time and in my experience bitcoiners are very generous with their time and talent
Bitcoiners hate anything not Bitcoin. You can get non-biased feedback from Monero users on Nostr.
They are generally generous but not in the case for a shitcoin.
In what way is Monero a shitcoin? And no, saying "it's not Bitcoin" isn't a fucking answer.
It claims to be a privacy coin while publishing everything except the amount on a transparent blockchain
And even with the amount, it discloses partial information about that too
Lightning is better
Lightning is the best! ๐
Sorry, I didn't know but I wrote something weird 8 hours ago, it was already 2 O' clock in the morning here, I was half asleep.
Props for an actual answer, even if not from the person it was asked from.
Enjoy the sats.