Monero targeted by Sybil attack- Flufflypony warns Bitcoin users

  • Monero’s network receives failed Sybil attack that seeked to violate its privacy mechanisms.
  • Developer Ricardo Spagni revealed Monero updated to have extra measures against future similar attacks.

Monero’s former lead maintainer, Ricardo “Flufflypony” Spagni,” has reported via Twitter that the network was targeted by a Sybil attack. Spagni clarified that the attack was novel, but inefficient and was unable to affect on chain transactions on the Monero network or violate its privacy mechanisms.

Specifically, the attack attempted to correlate the IP address of a node transmitting a transaction. However, in April of this year Monero implemented a method to “hide” and prevent the anonymity of transaction data from being breached by interfering with node communications. This method or set of techniques is called Dandelion++ and was developed by researchers at the University of Illinois, USA. Spagni explained:

Dandelion++ works by randomly “diffusing” transaction broadcasts. This means that for a Sybil attack to link a transaction to a node’s IP address it has to be intercepted at the very first node in the “stem” phase of a Dandelion++ broadcast.

The developer added that the attack received by Monero was inefficient because it did not have the required extension to be “broadly effective against Dandelion++”. The attacker should have “launched thousands of nodes”, but still would have been unable to violate the privacy of the transactions in Monero.

The attack was ineffective against users connected to a Monero lightnode (like MyMonero), against users who have a Tor/i2p to connect to their nodes or a VPN. In addition, users with a pushtx in a Monero block explorer were also not affected, according to Spagni, nor were most users who have a remote node such as Monerujo or GUI. However, Spagni said:

(…) it did teach us some valuable lessons as the Sybil nodes also tried to disrupt the flow of transactions (by not rebroadcasting them), and tried to disrupt nodes syncing up by not serving them blocks. Thus, the latest Monero release ( has fine-tuned the way a node deals with misbehaving peers.

An attack that could have affected Bitcoin

“Flufflypony,” as it is popularly known in the crypto community, warned that a Sybil attack with the described characteristics can affect Bitcoin or any other cryptocurrency, such as Ethereum, Litecoin, among others. In addition, the attack could be “less clumsy”, more subtle or more sophisticated if the attacker had more money. Spagni outlined:

If you are truly concerned about the efficacy of a Sybil attack (whether you’re a Bitcoin or a Monero user) then I strongly recommend you run your node behind Tor, or at least broadcast your transactions on a block explorer’s pushtx functionality (also accessible via Tor).