Last week, privacy-focused crypto altcoin GRIN made news after the development team received a donation from an early Bitcoin whale interested in supporting future development of the budding technology built on a unique blockchain protocol called Mimblewimble, after Happy Potter lore.
Now this week, that whale may regret the donation, as a former Google engineer and computer scientist has discovered a new attack that “breaks Mimblewimble’s privacy model” and uncovers as much as 96% of the addresses associated with the privacy altcoin.
Former Google Engineer Publishes Successful Attack on Privacy Altcoin
Russian computer scientist and former Google engineer Ivan Bogatyy, has revealed via a detailed Medium post, that he has discovered an attack vector that allows the developer to expose the exact addresses of the senders and receivers of 96% of all GRIN transactions in “real-time.”
Related Reading | Road To Riches: The Ups and Downs Of Going All-In On Crypto
The developer claims that GRIN’s protocol, Mimblewimble, is “fundamentally flawed,” and unfixable, even going as far to say that the Mimblewimble-based cryptocurrency “should no longer be considered a viable alternative to Zcash or Monero when it comes to privacy.”
Bogatyy says he was able to use only $60 per week of spend on Amazon Web Services to use the attack to expose the addresses of the privacy coin.
I just published a new attack that breaks Mimblewimble’s privacy model. This attack traces 96% of all sender and recipient addresses in real time. Here’s a summary and what it means for the future of privacy coins:https://t.co/tsIDLyfpzp
— Ivan Bogatyy (@IvanBogatyy) November 18, 2019
He says that while GRIN “still affords a stronger privacy model than Bitcoin or other non-privacy coins” due to it obfuscating transaction amounts, just not addresses, “Mimblewimble should not be relied upon for robust privacy.”
Bogatyy has published a full technical breakdown of how the attack was…