>If these cryptojackers were to mine Bitcoin or Ethereum, their transaction details would be open to the public, making it possible for law enforcement to track them down
That doesn't actually matter at all. Monero is used for these purposes probably just because it's mineable only on CPU, thus viable to mine on ordinary hardware. (Bitcoin requires ASIC and Ethereum high-end GPU)
Yep. Monero is explicitly designed to remain CPU mineable, so that theoretically it remains more decentralized and mined by individuals rather than an industrial complex like bitcoin and ethereum have become.
Counterintuitively, I think this also makes it more susceptible to nation state attacks, since you can easily deputize fleets of existing CPUs to 51% attack the network, whereas no nation state on the planet can easily get enough sha256 ASIC miners to attack bitcoin, not even accounting for the enormous electricity requirements to sustain a destructive attack.
Then again, the consolidation of bitcoin mining as an industry is also a systemic risk compared to millions of individuals in the network mining. Tradeoffs.
Supposedly one of the "worst kept secrets" of Monero is that a lot of the network is being "secured" by, essentially, botnets. Miners who are unaware that they are participating in the network.
I guess the controllers of these botnets seem to agree that there's no reason to kill the cash cow and (aside from the fact that they're running a botnet) don't tend to act maliciously towards the network.
Yeah, this is one of the big advantages of bitcoin's ASIC race that has long ago obsoleted CPUs and GPUs for mining. It means that bitcoin doesn't economically incentivize botnets stealing valuable generic computation cycles that could actually be put towards better use. Although you could still argue that it's crowding out chip foundries that could otherwise be producing different chips. But you could also argue it's funding greater economies of scales of chip foundries, making chip production cheaper for everyone in the long run.
It also means that bitcoin miners are completely tied to the success or failure of the bitcoin network, since their hardware is worthless for any other application, and therefore can't be easily coerced to harm the network. A network of miners who have generic chips could be more easily coerced to harm the network since their hardware wouldn't be a complete sunk cost.
ASICs have a hardware hash/watt race issue that GPUs (with memory hard algos) don't have (older GPUs are actually more ROI efficient). GPUs are also easier for a wider range of people to get with a much lower cost of entry. I'd argue that GPUs are still a better solution than ASICs, but this is an age old battle full of opinions.
Bitcoin hardware isn't worthless for any other application, any other sha256 based network works just fine (see BCH). The problem there is that it is just ripe for 51 attack because there can only be one top coin on each algo/compute layer. BTC = ASIC, ETH = GPU, Monero = CPU. The rest of them are all interesting datapoints on https://www.crypto51.app/
What's that attack cost supposed to represent? Just the electricity?
Seems like a misleading comparison, to get into a position to be able to do this you'd need significant investments in specialized hardware for the likes of Bitcoin and Ethereum. I've seen estimates of multiple billions of USD. And keep in mind that should the attack be discovered, which with coins running on open ledgers seems likely sooner rather than later, the price is going to tank, trust in Bitcoin will be broken and your special-purpose hardware will likely massively lose value. You'd have successfully destroyed billions of your own money.
On the other hand, the real cost of attacking some smaller coins may be even lower than that, because botnets are free or the electricity may simply be stolen, which happens a lot and can easily be done in less developed countries where the utility companies don't have sophisticated meters keeping track of where it all goes in the neighborhoods.
The site details the cost to attack using rented 3rd party compute. For some of the coins, there is enough compute out there that can simply be rented with no upfront capex/opex involved on the part of the person doing the renting.
The problem with that is that the rental market is an open bid supply/demand market. The second you start to rent out enough hashrate, the rental price also increases. That isn't factored into the numbers.
You are correct that the cost of capex/opex for ETH/BTC is in the billions, which is also what makes them so secure and attacking the network would also destroy the network. It is a brilliant feedback loop.
>Monero is explicitly designed to remain CPU mineable
You're not wrong, but it can be and is mined on GPUs. Not sure about the payback period though because it is very CPU sensitive and the top benchmarks are for AMD's EPYC processors which don't come cheap. An i9-12k handily mines several times more than an Nvidia GPU so GPU mining payback is also potentially slow.
At least according to the online guides it's also a losing proposition relative to the costs of electricity. So then allegedly the only way to profitably mine it is on someone else's energy and maybe their hardware too. For anyone truly seeking anonymity it seems like far less work to buy Monero from a localcoin vendor rather than mint your own, unless you have a lot of free time and hardware on your hands. Which may explain why antivirus software assumes if you're mining with xmrig, you've been pwned.
> no nation state on the planet can easily get enough sha256 ASIC miners to attack bitcoin
What if you set up several sock puppet mining pools, all supposedly independent and in competition with each other, and beat the existing pools on fees by enough that miners join you en masse? That would take some investment on your end as you would have to run pool infrastructure at a loss. But if you are a nation state, it's not a huge investment. You don't need to have any mining hardware of your own if you offer miners better returns for the use of their hardware than the other pools do.
Once your pools, taken together, have a dominant share of miners, I would think you could run a 51% attack without ever acquiring a single ASIC. The reputation of your pools will not survive but I think you could complete a 1 hour attack (reversing 6-conf transactions) before you lose the miners.
You're still relying on this pool of independent miners to not defect after you initiate your attack.
Also a 6 block re-org is not unheard of and does happen naturally with the standard consensus rules on rare occasion. That's not enough to cause massive destruction of confidence. Security and confidence in your transaction's immutability has always been a continuous function of how much work has been piled on top of it, and how much energy it would take to redo that work. If you are transacting a very large amount of money, it behooves you to give it even more than 6 blocks for real confidence.
If a pool were withholding blocks to attempt this the miners would notice super quickly, they would stop making money long before your attack was successful.
Even if this was a realistic way to cause a 6 block re org..it seems like tons of work for a relatively small attack
51% just doesn't feel like a meaningful threat model when governments can instead prevent exchanges offering monero pairs from accessing banking services in their country/currency.
The next natural step in that direction would be banning all exchanges from banking in hard money.
It would push people to p2p, at the expense of cryptocurrency prices. Big win for the environment and people hoping to use crypto as currency. Big loss for people holding for speculative gains.
That's based on the pretty big assumption that there's a lot of under-utilized hardware being slaved to some central government authority, which by definition it probably isn't.
I would bet more on cloud infrastructure providers being able to do better than nation-states in a CPU takeover of an ASIC-resistant network like Monero.
Motivations aside, it still comes down to cost though, and without any handwaving, Monero just isn't that important to take over.
I agree. If anything, a nation state would likely have to deputize AWS to run the attack.
But also, this would a purely destructive attack. A 51% attack isn't something that would ever allow a single entity to actually take control of the network, because you either a) obliterate public confidence and crash the value of the token, making mining a pure cost and the network worthless, or b) you incentivize the honest network participants to fork the network away from your computational dominance, leaving you with a ton of wasted money and possibly a worthless fleet of miners.
My employer does a pretty good job of giving us terrible hardware so the thought of mining on it is self-discouraging.
They have no problems giving us space heaters though.
As largely a joke, I sometimes fire up monero mining on my laptop at home because the average proceeds exceed electricity cost, even though it’ll take me about a decade to ever get a block. The heat is just cake icing.
I feel bad about this because I wrote an article[0] about how to hide Monero miners on Linux systems. Sometimes I ask myself if I should unpublish it as probably some of the criminals doing this type of attacks found it helpful.
Skimmed the article. Looks nice. Good colors and formatting throughout.
Don't delete it.
Hiding processes and tidying up the CPU time (adding it to System Idle Process on Windows, etc.) is Rootkits 101. This technique has been documented in books for 15+ years. If they don't get the info from you, they'll get it somewhere else just as easily.
I wouldn't feel bad about it. The article provides info for security experts about a potential attack vector that exists. That doesn't change if you unpublish the post.
You could remove references to crypto without changing the rest of the article. That way the cool educational bits remain, and helping bad people do bad things with very very little effort is gone.
I don't know exactly how much traffic it gets because I don't do any type of tracking.
I frequently receive emails from anonymous persons asking for help and even some of them are willing to pay me to set up it for them… so you can imagine what these last ones are using it for.
Title is somehow misleading. This is not about uncovering Monero users in the wild and exposing them which are criminals, as I first believed when reading the title. This is about detecting unwanted Monero miner on your system. But if you're already pwned that an unwanted process is already running on your system, a Monero miner is the least of your worries.
"We want to detect traces of RandomX (the CPU-intensive mining function for Monero) running on a cluster. "
This isn't for "Has someone rooted my laptop and started mining Monero on it", this is for "Have any of the nodes in my cluster (of potentially thousands of machines) been rooted and had Monero miners dropped on them." Your comment about being pwned totally applies to your container orchestration or hypervisor though...
I do not think it's possible to mine using RandomX and a browser.
From docs:
> Web mining is infeasible due to the large memory requirement and the lack of directed rounding support for floating point operations in both Javascript and WebAssembly.
So you can do whatever you want, but you will end with nothing.
One can mine Bitcoin on an IBM 1401 [1] from 63 years ago. Runs at 50 kHz and there are no binary operations so you have to simulate XOR using a subroutine operating on strings to represent bitstrings. Slow. As in seconds per hash not hashes per second. But it works!
Still. I am inclined to call that "impractical". In the same way softfloat-in-JS miners are impractical. A vast botnet of such might buy a coffee after a year or two.
At a certain point, slow enough turns into impractical, and then practically impossible.
> At a certain point, slow enough turns into impractical, and then practically impossible.
That is, after all, the whole idea behind asymmetric cryptography. You could perhaps crack some things by brute forcing until the heat death of the universe, but that's so slow as to be impossible for all practical purposes.
It's been over half a decade since that stopped mattering, for me.
I've bought goods and services directly with Monero plenty of times. I've paid invoices that the merchant put in Bitcoin, while using a third party to pay in Monero, which the third party then paid in Bitcoin.
Now in the 2020s I can swap Monero directly to SECRET network, a Tindermint/Cosmos blockchain where all smart contract executions are private (such as the amount and quantity of your erc20-style wrapped Monero), allowing further bridging over to the EVM ecosystem for all the liquid DeFi trading activities, and Tornado cash if desired.
and the times when I use KYC to convert it to fiat, I haven't cared either. I like that the OTC desk or exchange doesn't even receive the address I sent from, much more similar to wiring from another bank account, where the receiving bank can't look at all your prior records and balances at the source of money and just has to assume the other place is compliant. it should be obvious that someone with an illicit source of their Monero will need to reintegrate their value into the broader economy first, so that they can account for it properly. with access to the entire DeFi ecosystem now, that is extremely easy.
all crypto users should restore that level of privacy.
> It's been over half a decade since that stopped mattering, for me.
It's certainly going to matter come tax season to businesses which are/will be forced to convert Monero to local fiat.
> I've bought goods and services directly with Monero plenty of times. I've paid invoices that the merchant put in Bitcoin, while using a third party to pay in Monero, which the third party then paid in Bitcoin.
US businesses and persons pay tax in income no matter what asset it was received in, and report capital gains or losses as well upon liquidation into another asset such as fiat
There is nothing unique about crypto or monero in that regard, what did you have in mind?
What are advantages of doing all those steps using Monero instead Fiat?
I understand that you can hide your trances but if you buy legits things, who cares?
> What are advantages of doing all those steps using Monero instead Fiat? I understand that you can hide your trances but if you buy legits things, who cares?
I had a balance of Monero. It was convenient. Online payments are a lot easier when you don't have to fill in a bunch of information, what "steps" were you imagining? I didn't have to go get Monero, I had already accumulated it. Just like the Miners in the article have already accumulated it, just like anybody earning for Monero by providing a service had already accumulated it.
in any case, compared to attempting to pay with fiat, a crypto payment form typically lacks:
- First Name,
- Last name,
- Company Name,
- Street Address,
- City,
- State,
- Postal Code
- [] Is Billing Address the Same or Different.
- Card Number
- Security Code
- Expiration Date
Similar to how convenient Apple Pay is this decade. Crypto users had that last decade, Monero users had that and less leaking of their finances.
Aside from the pared-down user experience, I also like that the merchant isn't storing all that personal information just to process a transaction, but thats just icing on the cake, not really a motivating factor.
Any reading you could recommend on Monero? Beyond wiki, subreddit, etc. Looking for more of an economics angle than cryptography angle, without generic crypto hype.
I have no insightful information to give you with regards to Monero, but to me what you're looking for is a good fit for Marginalia's text-centric search engine [0]. I get interesting results when I'm looking for authentic and elaborate opinions on given subjects outside the beaten path, which seems to be your goal. And especially useful when trying to flee the cesspool of results Google gives you when looking for topics with heavily financial undertones - good effing luck getting to a genuine article speaking of cryptocurrencies, stocks or any topic with financial incentives.
It is easy to sell your Monero for fiat anonymously using a service like localmonero.co
There is also a growing parallel economy where you can buy goods and services directly with your Monero and avoid selling anything for fiat. For example, I have bought domain names using XMR on nja.la.
You provide them accounting from your fake business which accepts only monero payments for digital goods and doesn’t keep access logs?
This is really basic stuff. You will never be caught unless other evidence leads them from the original crime to you.
Unless you fuck up it’s not possible to link incoming Moneroj to any specific source, this means that you can fairly easily hide your money laundering activities even from somebody with full visibility into your business.
You live in some fantasy land if you think you can just say "oh, I just received 100 dollars worth of Monero from 1 million unknown entities, my $100 million is totally legit, fuck off".
Unlike criminal law where you are "innocent until proven guilty", in most AML/KYC situations you are "guilty until proven innocent".
You’re being ridiculous. Nobody is going to look at you twice for selling 1000x$5000 cryptocurrency trading courses a year, or even double that.
I’ve dealt with AML/KYC for cryptocurrency businesses with much higher volumes, nobody ever asked for anything crazy. Just basic accounting, website urls, linkedin profiles.
> You live in some fantasy land if you think you can just say "oh, I just received 100 dollars worth of Monero from 1 million unknown entities, my $100 million is totally legit, fuck off"
I think the only takeaway here is that “323” is too stupid and greedy to survive as a money launderer. Don’t try to cash out $100M in monero at once, live a wonderful life with $5-10M a year.
Legal businesses, receiving much larger individual payments from a limited number of clients.
> It makes a difference because there's more than just you and the KYC exchanges reporting, and it's survivor bias to assume they appear the same.
Exchanges are usually the least of your problems, it’s the banks.
Even very high risk businesses don’t face scrutiny which isn’t easily overcome when all of your incoming payments are anonymous and untraceable. It’s really not hard to create a fake ecommerce business that would be entirely indistinguishable from a real one.
If you watch the other economic activity and internet activity of that e-commerce business, you could deduce how much activity it might be generating. No real e-commerce biz doesn’t have ad spend or other marketing activities, no e-commerce biz doesn’t have a sell rate that is %100, etc. Much like how the irs audits laundromats via their water and power usage. Are they consuming enough water and electricity to justify their revenue?
nobody actually cares enough to bust money laundering if it's not causing publicly visible problems.
White collar law enforcement is an illusion, backed by the occasional example.
There are 13k FBI special agents and most have case loads focused on things like "murder" than some e-commerce website with traffic numbers that don't add up.
A one hour cursory look on public clearnet hacking forums will surface hundreds of felonies by people with poor opsec, Feds scroll past them on a daily basis. It's not what they're after.
And no, the IRS has been trimmed to bones for decades, they probably audit <10 laundromats via water and power analysis a year, the same way Apple built literally two iPhone recycling robots (that do a thousand devices a year) but spend millions on marketing.
> nobody actually cares enough to bust money laundering if it's not causing publicly visible problems.
That's the harsh truth.
Where I live, THC is illegal, and its distribution usually ends with time served.
Interestingly, CBD (more accurately THC-less) stores are everywhere, taking prime locations in city centers, blaring thousands of positive reviews on Google Maps. Their top product is CBD oil (or rather, THC-less cannabis oil). Prices of their products are suspiciously similar to that of their illegal counterparts.
Yet when you pass in front of such stores, there's usually just a single person tending, sometimes with a friend because it gets boring as there's virtually no customer.
It's basically the caffeine pills + decaffeinated coffee product split, where caffeine is illegal.
Following the supply chain would not only find the laundering, but also the distribution and production of a substance considered illegal.
But cops stick to chasing dealers, and the fisc doesn't really chase businesses that seem to pay their taxes.
First, nobody cares that much unless they know you’re guilty.
Second, just obviously spend a little money and time on those things? It’s a minor cost to run shitty ad campaigns.
The business doesn’t need to be good, it just has to look real. Do things a real business would do, except unlike a real business you will have a 100% chance of success.
Because of the "nor shall be compelled in any criminal case to be a witness against himself" part? How does that stop the IRS from telling law enforcement that you've suddenly come into millions of unexplained dollars?
You already have to be in trouble. The cops can have the IRS release your tax returns, the IRS doesn't call the cops(they have their own).
>IRC 6103(i)(1) provides that, pursuant to court order, return information may be shared with law enforcement agencies for investigation and prosecution of non-tax criminal laws.
That doesn't actually matter at all. Monero is used for these purposes probably just because it's mineable only on CPU, thus viable to mine on ordinary hardware. (Bitcoin requires ASIC and Ethereum high-end GPU)