diff --git a/opsec/chainalysisattempts/1.5.png b/opsec/chainalysisattempts/1.5.png new file mode 100644 index 0000000..90aabc1 Binary files /dev/null and b/opsec/chainalysisattempts/1.5.png differ diff --git a/opsec/chainalysisattempts/1.png b/opsec/chainalysisattempts/1.png new file mode 100644 index 0000000..441653f Binary files /dev/null and b/opsec/chainalysisattempts/1.png differ diff --git a/opsec/chainalysisattempts/2.png b/opsec/chainalysisattempts/2.png new file mode 100644 index 0000000..8e01904 Binary files /dev/null and b/opsec/chainalysisattempts/2.png differ diff --git a/opsec/chainalysisattempts/index.html b/opsec/chainalysisattempts/index.html new file mode 100644 index 0000000..39e863a --- /dev/null +++ b/opsec/chainalysisattempts/index.html @@ -0,0 +1,175 @@ + + + + + + + + + + + Why can't I trust Centralised Exchanges, and random Monero nodes ? + + + + + + + + + + + + + + + + + + + +
+
+
+ + nihilist`s Blog +
+
+ +
+ +
+
+ + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-09-07

+

Why can't I trust Centralised Exchanges, and random Monero nodes ?

+

As of September 5, 2024 the sech1 posted on monero.town the following post, which was a repost of the following reddit post talking about a leaked Chainalysis meeting video about what was their progress on tracing monero transactions back in August 2023. This is a great opportunity to highlight the opsec weaknesses they are targeting so let's dive into it.

+ +
+
+
+
+ + +
+
+
+
+

Chainalysis are running malicious monero nodes

+

The main attack vector of Chainalysis is their honeypot monero nodes. Meaning there are monero nodes out there (even though their IPs didnt get mentionned in the meeting), that ARE malicious.

+ +

So the first thing to be aware of is that you can't just trust random remote nodes. Chainalysis IS running an unknown amount of malicious monero nodes out there, to spy on users that decide to trust them. Therefore, I strongly suggest that you run your own monero node, and use only that node. Run it from home, or from a remote server, but run your own!

+
+
+
+
+ +
+
+
+
+

Chainalysis targets IP addresses and behavior anomalies (such as non-default fees)



+ +

Now, if you decide to trust a random remote node that is not yours, and let's say you decide to trust one of their malicious nodes, you need to be aware that they can :

+
    +

  1. the timestamp of each transaction

    2. +

  2. The transaction behavioral characteristics (the number of inputs, outputs, the fee structure (1x, 10x, 100x, etc)

    3. +

  3. Which IP address is connecting there (clear attack on dandelion++), and it's latency.

    4. +
+

Therefore, if you decide to trust a remote monero node, at least keep Tor in between you and the malicious node to maintain your anonymity, use the .onion monero nodes preferably!, And I also recommend that you leave the default fee option when you want to send monero somewhere.

+

But so far they cannot tell how much you are sending or recieving, because you are not touching centralised exchanges (assuming you are using Haveno DEX to buy or sell Monero)).

+ +
+
+
+
+ + + +
+
+
+
+

Chainalysis targets centralised exchanges that have KYC procedures



+

As I have mentionned many times previously, Businesses can all be governmental proxies to do their bidding. Centralised exchanges are businesses too, they also comply with their requests. Or in their own words, they are "Subphoenable entities". But guess what, these very Centralised Exchanges are forced to use Chainalysis' malicious monero nodes too!

+ +

Therefore if you decide to trust one of those popular Centralised Exchanges to buy / sell monero, the implications are way, way worse than what we previously explained;

+

Those centralised exchanges all comply with the requests of governmental entities such as FBI, LA, Robinhood, IRS-CI, UNK and of course Chainalysis, and due to that fact alone you cannot trust them.

+

If you decide to trust a popular centralised exchange, you'll first see that it'll run you through KYC procedures (and if it doesn't, rest assured that they will eventually be forced to do so). That is to deanonymize you, and to know who to blame if ever asked by the authorities. NEVER KYC IF YOU WANT TO REMAIN ANONYMOUS!

+

This meeting of theirs has been preety revealing, not only do these centralised exchanges give out everything they have about their users to Chainalysis (as "Transactions of interest", mentionning the amount transacted and who transacted) But it's also naming a few of THOSE very centralised exchanges that are now confirmed to actually comply with their requests:

+

+Changenow,
+FixedFloat, 
+Morphtoken, 
+Exodus, 
+Swaplab, 
+Coinomi
+
+
+

The info of whatever you did so far, and will ever do on those centralised exchanges, be warned, is being handed over directly to the authorities. (Timestamp 26:02 to 26:47) in the video. This list is most likely (as of a year later, in september 2024) way bigger, they are eventually going to force every centralised exchange out there to implement KYC procedures and comply to their deanonymization requests.

+

My recommendation, once again is the same as i have mentionned previously: If you want to use a centralised exchange, you are shooting yourself in the foot. Stop using centralised exchanges and use decentralised exchanges, such as Haveno DEX.

+

If you want to use a centralised exchange anyway, remain anonymous when doing so (at least keep Tor in between you and the service, and never KYC yourself there), but remain aware that you will eventually have to move to decentralised exchanges sooner or later, because they are not going to stop until every centralised exchange out there complies with their demands.

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@contact.nowhere.moe (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/opsec/haveno-arbitrator/index.html b/opsec/haveno-arbitrator/index.html index 6d3869d..2467451 100644 --- a/opsec/haveno-arbitrator/index.html +++ b/opsec/haveno-arbitrator/index.html @@ -195,6 +195,8 @@

Check out my other tutorials on Decentralised Finances below:

  1. ✅ How to acquire and use Monero
    2. +
  2. ✅ Why can't I trust Centralised Exchanges, and random Monero nodes ?
    3. +
  3. ✅ Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
  4. ✅ Haveno DEX Dispute resolution (Fiat -> XMR)
  5. ✅ Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
    6. diff --git a/opsec/haveno-cashbymail/index.html b/opsec/haveno-cashbymail/index.html index 02f9a4e..cdde5ae 100644 --- a/opsec/haveno-cashbymail/index.html +++ b/opsec/haveno-cashbymail/index.html @@ -213,6 +213,7 @@ This will help you distinguish packages coming from different buyers and avoid c

    Check out my other tutorials on Decentralised Finances below:

    1. ✅ How to acquire and use Monero
      2. +
    2. ✅ Why can't I trust Centralised Exchanges, and random Monero nodes ?
    3. ✅ Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
    4. ✅ Haveno DEX Dispute resolution (Fiat -> XMR)
    5. ✅ Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
      6. diff --git a/opsec/haveno-client-f2f/index.html b/opsec/haveno-client-f2f/index.html index 073be66..4b78c63 100644 --- a/opsec/haveno-client-f2f/index.html +++ b/opsec/haveno-client-f2f/index.html @@ -397,6 +397,8 @@ Arbitrators are inherited from Bisq’s 2/3 protocol. They are a trusted role an

      Check out my other tutorials on Decentralised Finances below:

      1. ✅ How to acquire and use Monero
        2. +
      2. ✅ Why can't I trust Centralised Exchanges, and random Monero nodes ?
        3. +
      3. ✅ Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
      4. ✅ Haveno DEX Dispute resolution (Fiat -> XMR)
      5. ✅ Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
        6. diff --git a/opsec/haveno-sepa/index.html b/opsec/haveno-sepa/index.html index 06ff9a4..eada0a2 100644 --- a/opsec/haveno-sepa/index.html +++ b/opsec/haveno-sepa/index.html @@ -179,6 +179,8 @@ If you get banned from a physical bank, they may put your name on a fraud regist

        Check out my other tutorials on Decentralised Finances below:

        1. ✅ How to acquire and use Monero
          2. +
        2. ✅ Why can't I trust Centralised Exchanges, and random Monero nodes ?
          3. +
        3. ✅ Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
        4. ✅ Haveno DEX Dispute resolution (Fiat -> XMR)
        5. ✅ Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
          6. diff --git a/opsec/index.html b/opsec/index.html index 2f98b27..67366d8 100644 --- a/opsec/index.html +++ b/opsec/index.html @@ -174,6 +174,7 @@
          1. ✅ Why Financial decentralisation ? (Cryptocurrencies, Exchanges and KYC) ⭐
          2. ✅ How to acquire and use Monero
            3. +
          3. ✅ Why can't I trust Centralised Exchanges, and random Monero nodes ?
          4. ✅ Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
          5. ✅ Haveno DEX Dispute resolution (Fiat -> XMR)
          6. ✅ Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
            7. diff --git a/opsec/monero2024/index.html b/opsec/monero2024/index.html index 34a0bd2..27f6ecc 100644 --- a/opsec/monero2024/index.html +++ b/opsec/monero2024/index.html @@ -270,6 +270,7 @@ Important commands:

            Check out my other tutorials on Decentralised Finances below:

            1. ✅ How to acquire and use Monero
              2. +
            2. ✅ Why can't I trust Centralised Exchanges, and random Monero nodes ?
            3. ✅ Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
            4. ✅ Haveno DEX Dispute resolution (Fiat -> XMR)
            5. ✅ Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction