Is Monero’s anonymity Broken?

Found an interesting post on Hive about XMRs anonymity being weakened due to the fact it’s vulnerable to Sybil attacks. How much truth is there to this?

“ All currently known non-centralized anonymity set mixing technologies other than Zerocash—including Cryptonote, CoinJoin/Dash, and Shadowcash—are vulnerable to the Sybil attack”

“ because they require explicit anonymity mix subsets. Zerocash is not susceptible because the anonymity set is always implicitly all of the UTXO (even those already spent), so spamming the UTXO gains the Sybil attacker no probabilistic advantage.”

Developers are forced to run away from this problem by improving some parameters and adding rings.

There is more recent information here, with some statistics (source in Russian).


I’m not sure how relevant that article from 2017 is in 2022, but I do know the protocol has changed some since then.

Basically, Monero and Zcash have different privacy attack vectors.

The Monero community have made a nice series of videos about different types of attacks possible against Monero:

Zcash is not susceptible to many of the protocol attacks mentioned in the Monero series but it is certainly not immune to attacks. The things that a Zcash user has to be concerned about are not necessarily base protocol attacks but user behaviors that can degrade privacy.

The biggest headlines you see about “tracing Zcash transactions” are never about tracking Z-Z transactions, they are about timing and correlation between Z and T transactions.

Both protocols have end-user recommendations that should be followed to maximize privacy:


All transactions that form Exchange → buyer → seller → exchange chain are traceable in Monero. Whether you call that broken or not is up to you :slight_smile:

I gave a talk showing this particular weakness in Monero and trying to generalize about it in terms of information theory so that people could understand more about when this kind of thing matters and how much “bandaid workarounds” can or can’t help: