Researchers say they can trace over 80% of Monero transactions
The privacy coin may not be as private as thought.
Update 26 May 2020:
This article refers to a probabilistic method of tracing Monero transactions. In other words, this method lets you accurately trace most but not all Monero transactions, but you have no way of knowing which transactions were accurately traced and which ones weren't.
So even with this issue, Monero is sufficiently private to do some things, such as introduce an element of reasonable doubt into questions of whether a specific person made a specific transaction. It's not completely untraceable, but it's still private in a way.
Unfortunately, this is just one technique among several, and it's possible to use multiple techniques simultaneously to trace Monero transactions with much greater certainty.
For a much more comprehensive and recent explanation of how to trace Monero transactions, straight from one of Monero's key contributors, you may want to read this article instead.
Otherwise, the article below has been left as originally published in March 2018.
In a 2018 paper, researchers claim to be able to trace around 80% of Monero transactions or to be able to trace transactions with over 80% certainty, depending on how you look at it. This traceability comes due to a potential vulnerability in Monero's privacy algorithm.
How Monero stays secret
Monero is just one of a number of privacy coins, and unlike bitcoin, these privacy coins claim to offer untraceable transactions that are truly anonymous and cannot be traced along the blockchain.
Monero uses a system of "mixins." These are coins that are mixed in as chaff with the actual transaction. The system essentially takes a number of other Monero transactions and lines them up alongside the real transaction. The idea is that this makes it impossible to tell which transaction is the real one.
The problem is that researchers say they can look at the line-up and pick out the real transfer among the mixins most of the time.
The first technique is to look at the age of each transaction. For about 80% of transactions, the one with the youngest coin age (time since last transaction) is the real one over 90% of the time. So when in doubt, they say one can simply pick the real transaction with much better-than-even odds simply by picking the "youngest" one.
The second vulnerability was fixed in an update at the start of 2017, but transactions made before then might still be traceable retroactively.
It revolves around no mixin transactions. Prior to an update, people were able to send transactions without any mixins. Transaction fees are priced according to the data size of a transaction, and more mixins means more data. As such, it was a sensible and popular option for those who didn't need anonymity for a given transaction.
The problem is that this weakens the strength of the system as a whole. Transactions made without mixins can be identified, so when such a transaction appears as a mixin in the line-up of a different transaction, it can be identified as a mixin and ruled out. Users could always choose how many mixins to use for a given transaction, but since the update, everyone needs to include a minimum of four mixins per transaction.
"Privacy isn't a thing you achieve, it's a constant cat-and-mouse battle," said Monero core developer Riccardo Spagni to Wired, saying that some of the flaws are offset by other security features. Regarding the second flaw concerning transaction timing, he added that the team needs to develop a new approach entirely: "There are steps we can take to continue to improve the sampling, but the reality is that this isn't a solvable problem by just pecking away at it."
The coin has seen frequent updates to stay ahead in its game of cat and mouse, helped considerably by outside researchers who find and publish vulnerabilities to be fixed. The coin is also making other updates to encourage decentralisation and resist other vulnerabilities in the network as a whole.
Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VEN, XLM, BTC and NANO.