Tag Archives: Monero

Bitmain Announces New Monero-Mining Antminer X3

March 18 update: In a confusing decision, Bitmain has updated their sales page again for the batches 3 and 4 of the Antminer X3 to read “No shipping to Hong Kong,” while only yesterday the description for these batches denoted that they would “only” be shipped to Hong Kong.

Bitmain’s just-released ASIC-powered Antminer X3, designed to mine the CryptoNight hashing algorithm used by Monero (XMR), may not be effective by its first release in May 2018, according to an article by The Next Web published yesterday, March 16.

The new Antminer, announced on Bitmain’s Twitter on March 15, comes at two price points: $11,999 for the first round in delivered May, and $7,599 for the second batch, delivered in June.

Reference: https://cointelegraph.com/news/bitmain-announces-new-monero-mining-antminer-x3-cryptos-devs-say-will-not-work

How does Monero’s privacy work?

Stealth addressing and unlinkability
When you send someone money, they can’t tell it came from you (unless you tell them). When you tell someone your Monero wallet ‘address’ to allow someone to send money to you, no one else can know how many or if any payments at all have been sent to you. If someone sends money to you twice, no one can even tell that two payments were sent to the same person.

Confidential transaction amounts
People observing the Monero network can’t see the value of funds that are being anonymously transferred.

Even if someone knew about specific anonymous funds that you control, they cannot tell if or when you spend those funds. They cannot tell whom you’ve sent those funds to, because it will look to the world as if people may be using your funds in their own transactions all the time. (This is achieved through a cryptographic mechanism called a ring signature).

The Monero dance
Because of the untraceability mechanism described above, other Monero users will start randomly including your anonymously received funds as a plausible source of funds in their own transactions.

Think of Monero as a dance floor, where other people are wearing facemasks mimicking the appearance of randomly selected multiple other dancers including you. No one can claim they saw you dancing with any particular person, because they know they could just as easily have been observing someone else dancing while wearing a facemask of you.

So much ‘dancing’ happens within the Monero network over time that it will look to observers as if most people may have transacted with most other people. When attempting to create a list of who may have transacted with any particular person, the answer will be ‘almost everyone!’.

This underscores the importance of Monero’s design decision to enforce untraceability for all transactions. If untraceability were optional, as it is with Bitcoin or Zcash, then the size of the ‘dance floor’ would be much smaller. What’s the point of being anonymous within a crowd if that crowd is only very small and the people in that crowd are only temporarily turning up when they have something to hide? Monero ensures that all users constantly participate on the dance floor at all times. Even when you’re not sending or receiving, the Monero network is constantly making it look like you’re participating on the dance floor.

Bitcoin vs Monero confidentiality
Note that Bitcoin is not designed to be able to meet any of the above requirements of a private cryptocurrency. Bitcoin does not have stealth addresses. Bitcoin payments are easily traceable to the sender’s address. Multiple Bitcoin payments to the same address can be linked unless the Bitcoin recipient creates new wallet addresses for each transaction (which is impractical e.g. for donation addresses and is problematic if the recipient wants to merge the amounts while maintaining privacy). Bitcoin observers can easily see the amounts of payments that occur.

Near future: Invisible internet project (I2P) integration
I2P will protect you from passive network monitoring, so that not only are your payments untraceable, but people snooping the network cannot tell you are even using Monero at all. I2P is considered by the Monero developers to be superior to Tor because of its support for decentralized routing and asymmetric connections which mitigate ‘timing attacks’.

World class privacy research
One of the most exciting aspects of Monero is the world class research that goes into ensuring that all privacy angles are discovered and addressed. The Monero Research Lab is a team of voluntary researchers, scientists and academics. The majority of their research findings have been implemented into the Monero codebase.

How Hacked Widgets Help Criminals Mine Monero

Covert cryptocurrency mining is shaping up to be the new mainstay of cybercrime. Crooks hack servers, personal computers, and mobile devices and take advantage of the infected hosts’ CPU or GPU to generate virtual coins without victims’ awareness. Even botnets consisting of numerous zombie machines are now used to perpetrate illegal mining activity on a large scale rather than spew out spam or hit online services with DDoS attacks.

This malicious moneymaking vector got a boost with the emergence of in-browser mining scripts, such as Coinhive. The following incidents that took place recently illustrate how serious this issue is becoming and how booby-trapped website widgets play into threat actors’ hands.

A massive cryptojacking wave took root on February 11, 2018, exploiting a popular widget called BrowseAloud. The malefactors were able to inject a surreptitious Monero miner into more than 4,200 Internet resources, including high-profile ones like the UK, U.S., and Australian government websites. In the aftermath of this compromise, the malicious script harnessed the processing power of visitors’ machines to mine cryptocurrency behind the scenes.

For the record, BrowseAloud is a tool by Texthelp Ltd. designed to enhance website accessibility for broader audiences via speech, reading and translation features. By adding this widget to sites, webmasters make sure people with dyslexia, visual disorders and poor English skills can participate and use their services to the fullest. Furthermore, the software helps site owners comply with various legal obligations, so no wonder it is widely used across the world and has become hackers’ target.

Reference: https://www.ccn.com/hacked-widgets-help-criminals-mine-monero/

News Outlet Salon is Mining Monero as an Alternate Revenue Source

Salon is the latest company to utilize CoinHive’s Monero mining script on their website. On Sunday, when readers utilizing ad-blockers visited popular news site Salon, they were faced with an interesting choice, foreign to the usual inquiry about disabling their ad-blocker. They could either disable their ad-blocker to continue to view content or opt-in to allow Salon to utilize their computer processing power to mine cryptocurrency. This is done using CoinHive’s embeddable script on their website, which is a JavaScript miner for Monero. In a blog post published the other day, Salon explains that diminishing ad revenue due to ad-blockers has led them to seek alternative means of monetizing their content. They also see the power in utilizing computer processing power over “reader’s eyeballs” for value-driven returns.

Reference: https://www.ccn.com/news-outlet-salon-mining-monero-alternate-revenue-source/

Hackers Injected Cryptocurrency Mining Malware

Earlier this week, hackers infiltrated Browsealoud, a free text-to-translation tool, and injected the Coinhive cryptocurrency mining malware script into the tool’s JavaScript codebase. Consequently, the estimated 4,275 websites using Browsealoud — including some operated by government agencies in the US and UK — became unwitting pawns in a cryptocurrency mining malware gambit, believed to be the largest-scale attack of its kind. When users visited the website, the Coinhive mining script automatically began harnessing the visitor’s computer processing power to mine anonymity-centric cryptocurrency Monero. However, perhaps due to the massive scale of the breach — and the fact that it targeted prominent government websites — the exploit was quickly discovered, and by the end of the day, Browsealoud creator Texthelp had suspended the service.

Reference: https://www.ccn.com/hackers-injected-cryptocurrency-mining-malware-into-4275-government-websites-they-only-made-24/