I recently explored the tracability of monero and found a monero tracing tool made by Ciphertrace. It's a really neat visualizer of the monero blockchain with a way to trace transactions through it using a set of techniques broadly known as "decoy elimination." And I wanted to make something similar. So I did! Please help me improve it and make it better by contributing to my github.
1087 sats \ 8 replies \ @supertestnet OP 5 Aug
How it works:
Mostly it gives you the basic info about a transaction and buttons for eliminating "decoy senders" whom you are mostly expected to identify using off chain data. I have a way to manually identify ringsig members as decoys but I haven't automated it yet. What I want to do is use known "view keys" to identify decoys, because if you have the view key you know the "true" tx in which you spent your own coin, so if you've been used as a decoy you can automatically filter that out.
Right now it also has two automated heuristics: merge analysis and recency bias. If you received coins in two very close blocks and then spend them together, your ring, which should contain keys from semi-random blocks, will have two suspiciously close blocks where you held both inputs. So you can identify those as the real spender's coins.
Recency bias takes advantage of the fact that most decoy selection algorithms are biased toward selecting keys from recently created utxos (on the principle that actively circulating coins are more likely to be spent than old ones). When you have a group of "new coin" decoys, coins that are significantly older stick out like a sore thumb, and you can plausibly identify them as the real spender's coins.
Other metrics I want to add include bot detection (which is based on identifying txs with many outputs, since these tend to be created by automated software rather than a real person) and taint tree analysis (which creates trees of possible senders fanning out backward in time from a known destination). I also think I can fingerprint wallets by their coin selection algorithm and then identify change when it shows up in a tx that uses the same algorithm.
One thing I learned while making this is that tracing monero is possible but it seems to take a considerable amount of manual work, a large set of off chain data about addresses that you know the view keys for, and regularly creating xmr transactions yourself so that you can identify your outputs as decoys when they show up in other people's transactions
My two automated heuristics right now only identify the sender in about 1 in 15 cases, so most of the time when looking at a transaction all you see is a tool for manually filtering out decoys on your own, which is still useful, but more automation is desirable
I hope to add about four more automated heuristics but I still think you'll need a considerable amount of off chain data entry to get really good data
reply
0 sats \ 2 replies \ @cascdr 16 Aug
@CHADBot /eli5
reply
21 sats \ 0 replies \ @CHADBot 16 Aug bot
You have summoned CHADBot. Please zap this post 21 sats to receive service.
Made with 𧑠by CASCDR
reply
0 sats \ 0 replies \ @CHADBot 16 Aug bot
supertestnet shared a tool they made that makes it possible to follow transactions in Monero, a type of online money that's supposed to be super secret and untraceable. The tool uses a method they call "decoy elimination." It's like a big detective game, to see which transactions are real and which ones are fake or "decoys".
They explain how the tool works. It's a bit like a jigsaw puzzle; they have some pieces but are still trying to figure out where the other pieces go. The tool spots clues like when someone spends money really soon after getting it (merge analysis) or uses super new digital coins when older ones are more common (recency bias). These clues can help identify the real transactions.
The tool also has other cool features in the works, like spotting automated bots (imagine finding robots hiding among humans) and tracing possible senders. It's a bit like a big tree that starts from someone who got money and reaches back to find out where that money could have come from.
But it's not easy. Even with this genius tool, you still need more information that isn't given in the transaction itself, like keys to secret lockers where the coins are stored. The tool also needs to witness a lot of transactions in action to understand the patterns. Right now, it can only find the sender in about 1 out of 15 cases.
So, even though it does a good job playing detective, there
Made with 𧑠by CASCDR
reply
0 sats \ 4 replies \ @96576f19db 5 Aug freebie
You should implement exchange - buyer - seller - exchange chain tracing into your tool:
https://ryo-currency.medium.com/how-buying-pot-with-monero-will-get-you-busted-knacc-attack-on-cryptonote-coins-a4a860c7bafc
Ignore the brainwashed fanbois that do not realize IRS bounty was paid out 4 years ago
https://cointelegraph.com/news/chainalysis-and-texas-firm-win-million-dollar-irs-contract-to-crack-monero
722 sats \ 1 reply \ @justin_shocknet 4 Aug
https://m.stacker.news/43475
reply
2 sats \ 0 replies \ @BlokchainB 4 Aug
πππ
reply
253 sats \ 1 reply \ @1440000bytes 4 Aug
I just tried it. This tool does not trace anything.
reply
193 sats \ 0 replies \ @supertestnet OP 4 Aug
"This hammer didn't hammer by itself"
reply
13 sats \ 1 reply \ @guts 4 Aug
It doesn't work. Nice try maybe next time you can get the IRS bounty.
reply
88 sats \ 0 replies \ @supertestnet OP 5 Aug
Then show me a transaction it got wrong
I suspect it probably does get some wrong but just saying so without evidence won't cut it
reply
10 sats \ 0 replies \ @OneOneSeven 4 Aug
What a savage, love it.
reply
10 sats \ 0 replies \ @joda 4 Aug
You got some kind of vendetta going on right now huh?
reply
242 sats \ 1 reply \ @Rsync25 4 Aug
βMonero is superior to LNβ. LMAO
reply
0 sats \ 0 replies \ @BlokchainB 4 Aug
π
reply
5 sats \ 1 reply \ @032d74705c 5 Aug
Nice try.
The reason it's so hard for you to scan for the recipient address is because it is a stealth address that will never be seen on the blockchain again. These stealth addresses are randomly generated and can only be linked back to the recipient by the recipient private keys. Please read the Monero docs or source code.
reply
17 sats \ 0 replies \ @supertestnet OP 5 Aug
That is not true, stealth addresses are identified on the blockchain multiple times. For example, this stealth address:
2c8e2c071f0a6bc9551edce19348d1ae9fa97a08e8aea4baa7a3de9cdfa2d337
appears in these TWO transactions:
05577b668dc39861fcb3353803d493c63c31214fc743a8061b3a2147cd79aad9
d3ec3ab8c7f92d229e256329dd7bdb44776ad2651dccfb9934ae69175b3a920d
Please learn how monero works. Stealth addresses don't work if they only appear once, they must appear as decoys later or you can precisely identify the "true" spend transaction where that output is spent
reply
42 sats \ 0 replies \ @Car 4 Aug
oh no super...not like this
https://m.stacker.news/43516
reply
138 sats \ 16 replies \ @anon 4 Aug
Maybe we should rather help Monero (and Bitcoin/LN of course) being more untraceable instead helping the fucking feds?
reply
1306 sats \ 1 reply \ @supertestnet OP 4 Aug
I suspect the monero community will quite like this tool and help me improve it
To make a great shield, you must first make a great spear
reply
25 sats \ 0 replies \ @guts 4 Aug
Post this in monero.town
They would love to hear your feedback
reply
32 sats \ 0 replies \ @SpaceHodler 4 Aug
It's better to expose existing vulnerabilities. If the good guys don't create tools like this, the bad guys will.
reply
42 sats \ 0 replies \ @JuanMiguel 4 Aug
No.
reply
0 sats \ 11 replies \ @anon 5 Aug
Monero is an attack on Bitcoin. Besides, only criminals use it. If I am not buying drugs I have nothing to hide so that means I don't need Monero.
reply
12 sats \ 10 replies \ @guts 5 Aug
Monero doesn't care about Bitcoin.
reply
0 sats \ 9 replies \ @TheWildHustle 5 Aug
Monero is in competition with Bitcoin
Improvements in bitcoin privacy destroys monero's use case.
reply
0 sats \ 8 replies \ @guts 5 Aug
There will never be privacy on-chain on Bitcoin.
reply
0 sats \ 7 replies \ @kruw 11 Aug
We already have on chain privacy on Bitcoin with coinjoins: https://mempool.space/tx/fc13786aa9a350d06e7f63c69e7989917981c689f284a7eba3130cde958e23bb
reply
0 sats \ 6 replies \ @guts 11 Aug
Is not effective
reply
0 sats \ 5 replies \ @kruw 11 Aug
Ok, prove your claim: Which inputs of the coinjoin transaction created each output of the coinjoin?
view replies
2 sats \ 2 replies \ @032d74705c 5 Aug
You guys don't understand that there is no perfect privacy. But there are tools to increase your privacy levels. Use your energy and improve Bitcoins privacy. Because mass adaption will fail if not. People will use currencies with more privacy than Bitcoin. Mark my words.
reply
0 sats \ 1 reply \ @supertestnet OP 5 Aug
Find one
reply
1 sat \ 0 replies \ @guts 5 Aug
Monero
reply
25 sats \ 0 replies \ @SatsMate 4 Aug
Not good for Monero, but at the end of the day we need smart people to create things like this to find inefficiencies. How else can one improve?
reply
21 sats \ 0 replies \ @techonsapevole 4 Aug
Great now you can grab the IRS bounty;)
reply
1 sat \ 0 replies \ @Skipper 4 Aug
Big yikes if true π
reply
1 sat \ 0 replies \ @TNStacker 4 Aug
https://m.stacker.news/43477
reply
0 sats \ 0 replies \ @supertestnet OP 5 Aug
https://supertestnet.github.io/examiner/examiner-example.gif
reply
0 sats \ 1 reply \ @sangekrypto 5 Aug
https://m.stacker.news/43536
where can he get the address of the picture I circled? If it could be implemented, surely everyone would try it.
reply
10 sats \ 0 replies \ @supertestnet OP 5 Aug
I hadn't uploaded it to github yet so what you're looking at is a locally hosted url. The same tool is now available here: supertestnet.github.io/examiner
reply
0 sats \ 2 replies \ @IamSINGLE 5 Aug
You gonna break the hearts of all 'privacy freaks'.
reply
1 sat \ 1 reply \ @032d74705c 5 Aug
reply
31 sats \ 0 replies \ @supertestnet OP 5 Aug
You can use it to manually trace monero transactions and sometimes it even automatically identifies the sender for you. That's pretty neat. Try to do that with LN, I suspect you can't!
reply
0 sats \ 0 replies \ @itsTomekK 4 Aug
Bro you are one of my favorite devs out there, hats off
reply
0 sats \ 0 replies \ @jgbtc 4 Aug
Nice.
reply
1 sat \ 7 replies \ @Coinsreporter 4 Aug
deleted by author
reply
121 sats \ 6 replies \ @supertestnet OP 4 Aug
That is not my experience. I ask people to help me improve my stuff here all the time and in my experience bitcoiners are very generous with their time and talent
reply
0 sats \ 0 replies \ @guts 5 Aug
Bitcoiners hate anything not Bitcoin. You can get non-biased feedback from Monero users on Nostr.
reply
0 sats \ 4 replies \ @Coinsreporter 4 Aug
They are generally generous but not in the case for a shitcoin.
reply
0 sats \ 3 replies \ @ryu 4 Aug
In what way is Monero a shitcoin? And no, saying "it's not Bitcoin" isn't a fucking answer.
reply
50 sats \ 2 replies \ @supertestnet OP 5 Aug
It claims to be a privacy coin while publishing everything except the amount on a transparent blockchain
And even with the amount, it discloses partial information about that too
Lightning is better
reply
11 sats \ 0 replies \ @Coinsreporter 5 Aug
Lightning is the best! π
Sorry, I didn't know but I wrote something weird 8 hours ago, it was already 2 O' clock in the morning here, I was half asleep.
reply
0 sats \ 0 replies \ @ryu 6 Aug
Props for an actual answer, even if not from the person it was asked from.
Enjoy the sats.
reply