🧵/1
So, I think in general, not too much news regarding cryptos (other than $BTC and $ETH) reaches the ears of #cosmonauts. And in some ways, thats probably a good thing. But today i want to queue everyone in on whats happening with $XMR #Monero, why its important, and maybe get
🧵/2 some input from some $SCRT people that know more than me about how #SecretNetwork might deal with similar possabilites.

So starting from the top, on the off chance you haven't heard of Monero, I consider it to be one of the 5 OG coins along with ETH & BTC, DOGE and LTC.
🧵/3 Although the price action wouldn't lead you to believe it, it's seen very favorably in the eyes of many people who value what crypto is at its core. Many people even argue that Satoshi's full vision for Bitcoin was something a lot closer to Monero than what BTC is now.
🧵/4
(Some say) Its the best example of digital cash, in that its everything bitcoin is, but (very) private by default. However, its really only used on dark net marketplaces because of this, and hence, its price has languished and it's seemed to fade into crypto history.
🧵/5
To be clear, I neither own, nor mine, nor have anything to do with monero, aside from the fact that for me, its not something thats faded into history. It's still relevant and important, the US gov is putting out bounties on cracking it ffs, to no avail of course.
🧵/6
And despite other privacy options being available now in 2022, its still the default and most trusted payment method when anonymity is paramount. That says something.
So if you're an entity that refuses to lose, whether that be the US government, or a determined hacker,
🧵/7
And the underlying tech of the blockchain you're trying to attack is seemingly impenetrable, then what's your next best move?
A 51% attack or similar of course.

This is the threat Monero is currently facing, and I'm going to show how it may have already happened.
🧵/8
So long story short, as Monero has faded from the public view, mining has trended toward centralization in one main pool called mineXMR. For a few months now I've seen the Monero community try and bring attention to this issue, but to no real success.
🧵/9
Speaking of the Monero community, and I should have mentioned this earlier, (Twitter makes it so hard to go back and add anything,) but I'm not part of that community, and I'm not an expert on Monero. Everything in this thread should be taken with a grain of salt.
🧵/10
So anyways, a couple weeks ago, overall hashrate started falling, nothing too crazy, we've seen bigger swings before (not shown) but the difference here was that mineXMR's hash rate (which was already uncomfortably high) stayed the same or even grew during this time. Image
🧵/11
Which ofc started pushing them real close to that 51% threshold. And as I'll show, as of maybe yesterday, they may have briefly breached it. Now, there's two purposes to me making this thread, 1. To explore one theory behind how things got here that I find interesting and
🧵/12
relevant to the cosmos. And 2. To talk about how this problem/attack vector has unqiue implications for private chains.

Before we tackle those however, let me explain why the Monero network may have already suffered an attack.
🧵/13
Unfortunately, with Monero being an older and exceptionally decentralized project, theres not as much infrastructure built around it as far as stats and analytics. For example, I can't find a chart or other data about mineXMR's historical hash rate as a % of the network.
🧵/14
But what I can find is a tiny 7-Day chart of all pools raw hashrate. I'll attach this image later in the 🧵 and break it down.

But first, lets get on the same page. I've seen posts across the internet of people claiming they saw it be as high as 53% at some point,
🧵/15
Now even if we discount the fact these people could just be lying or fudding, I see varying numbers depending on where you look when it comes to mineXMR's Network dominance, so it's technically possible they saw an inaccurate number and we never breached that 51% mark.
🧵/16
I haven't found any solid proof of this myself, aside from the image I'm going to show you, and I don't want to just be spreading fear and Fud. But to be honest, I don't really care if the network was compromised or not, outside of its implications for crypto as a whole.
🧵/17
By this I just mean that the specifics of exactly how and what may have been compromised on chain is less interesting to me as a non monero user, then the fact that it may have been compromised at all, and the vector they may have attacked through.
🧵/18
Here we see the 7 day hashrate for all pools, and we can see MineXMR is currently sitting at under 40%! Thats good right?! Even if something happened, it looks like we survived it, no?"
No. This goes back to the part where private chains are unqiue. I'll come back to this. Image
🧵/19
In the image you can also see where I believe the 51% attack could have possibly happened, at a time when all other pools were at a relative low point, yet mineXMR was well above its 7d average. So even if it was just for a few minutes/blocks, we may have breached 51%.
🧵/20
So now that you have all of the context, lets bring everything together. One Theory I've seen, and the one partially inspiring this thread, was that it was a form of Sybil attack. The idea is that whoever may be behind this attack (if it even is one), not only slowly built
🧵/21
up mineXMRs hashing power overtime, but ALSO built up a significant share of OTHER top pools hash rate. This connects back with the first chart I posted. The theory states that starting a couple weeks ago the bad actor started pulling their hashing power from other pools
🧵/22
And reallocating it into the already dominant mineXMR. This would be to ensure the push to 51% dominance could be done so quickly that other, legit miners, couldn't react in a meaningful enough way.

Now the second part I find interesting.
🧵/23
Ive seen people post today to the effect of "hash rate is dropping now, stop fudding, everythings fine"
And only a few people seem raise the point in return that "you literally cannot know that everything is fine"
Assuming a 51% did happen, even just as a thought experiment
🧵/24
Monero's private nature makes it so that we can't see what an attacker may have done during a 51% attack. And subsequently, unless they make it obvious in the following weeks by dumping unlimited coins or something, we can never even be sure that one occurred at all.
🧵/25
Now, this is with my understanding of how the chain works. I may be wrong, and there may be some way to still query chain states that could give insight into this stuff despite its privacy features. But from my understanding, there isnt, and if there is, its limited.
🧵/26
So an interesting question emerges. IF (and I really wish I could confirm or deny this) mineXMR did, for even one block, have 51% of the network under its control oh, do we have to effectively throw out the entire chain at this point? If there's no way to be sure the ledger
🧵/27
remained accurate.

Am I totally missing something? Or is this a glaring issue with privacy chains, in that in the case of potential vulnerabilities, since you may never be able to be sure, do you just play it safe and assume the worst? Or?

I'm not sure.
🧵/28
But I am particularly interested in hearing some $SCRT peoples takes on this. From my understanding, this type of thing might not be the same considering the base layer chain is not private by default. But my question would arise for tokens that exist only within the
🧵/27
Private chain, like $SEFI or $SIENNA? If their supply or Ledger history or ever to be somehow compromised, would anyone even be able to tell until it was too late? I really don't know the answers here, and I'm hoping someone else could shed some light.
🧵/28
Beyond the privacy specific question, I think the attack vector was interesting, and I wonder how tendermint based chains may be more resistant to it. Again this is a serious question, and it mainly applies to smaller chains.
🧵/29
Because while an attack like this is actually a great argument in favor of liquid staking, which is soon being implemented for $ATOM, and in turn also for interchange security through a big, highly staked chain like the Hub.

But for smaller chains who opt out
🧵/30
of shared security, would they not be open to a similar attack Vector, assuming the bad actor was patient enough?

Because while a chain like The Hub may have enough tokens bonded from good actors to negate this type of attack from even the best funded source,
🧵/31
we can't say the same about smaller chains, correct? Especially those in their infancy.

This is where I turn it over to you guys, and I'm looking for any input or discourse on why or why not these issues may be relevant to the #cosmos 🌌

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Tendermint Timmy⚛️🌒⛓️

Tendermint Timmy⚛️🌒⛓️ Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

:(