Last week, privacy-focused crypto altcoin GRIN made news after the development team received a donation from an early Bitcoin whale interested in supporting future development of the budding technology built on a unique blockchain protocol called Mimblewimble, after Happy Potter lore.
Now this week, that whale may regret the donation, as a former Google engineer and computer scientist has discovered a new attack that “breaks Mimblewimble’s privacy model” and uncovers as much as 96% of the addresses associated with the privacy altcoin.
Former Google Engineer Publishes Successful Attack on Privacy Altcoin
Russian computer scientist and former Google engineer Ivan Bogatyy, has revealed via a detailed Medium post, that he has discovered an attack vector that allows the developer to expose the exact addresses of the senders and receivers of 96% of all GRIN transactions in “real-time.”
Related Reading | Road To Riches: The Ups and Downs Of Going All-In On Crypto
The developer claims that GRIN’s protocol, Mimblewimble, is “fundamentally flawed,” and unfixable, even going as far to say that the Mimblewimble-based cryptocurrency “should no longer be considered a viable alternative to Zcash or Monero when it comes to privacy.”
Bogatyy says he was able to use only $60 per week of spend on Amazon Web Services to use the attack to expose the addresses of the privacy coin.
I just published a new attack that breaks Mimblewimble's privacy model. This attack traces 96% of all sender and recipient addresses in real time. Here's a summary and what it means for the future of privacy coins:https://t.co/tsIDLyfpzp
— Ivan Bogatyy (@IvanBogatyy) November 18, 2019
He says that while GRIN “still affords a stronger privacy model than Bitcoin or other non-privacy coins” due to it obfuscating transaction amounts, just not addresses, “Mimblewimble should not be relied upon for robust privacy.”
Bogatyy has published a full technical breakdown of how the attack was successfully implemented and how the developer was able to reveal the addresses of as much as 96% of GRIN transactions.
Turn That GRIN Upside Down: Early Bitcoin Whale Likely Not Happy With Attack
GRIN has already fallen from roughly 12.5% from a local high of $1.60 following last week’s news that an early Bitcoin whale had made a 50 BTC donation to support further development of the privacy altcoin, to as low as $1.40 at the time of this writing.
Related Reading | Early Bitcoin Adopter Supports Privacy Altcoin Grin
The early Bitcoin whale is likely none-to-thrilled that this attack was revealed only days after making a 50 BTC donation to a project that a Google engineer is now saying may not even be “salvageable” and not at all suitable for privacy transactions – which was much of the altcoin’s use case.
The GRIN team will likely need to rely on that 50 BTC donation in order to try and develop a fix for the attack, or the longevity of the project could be at risk in the face of more private protocols like Monero or Zcash, as the engineer has pointed out in his report.
Featured image from Shutterstock