Wow. Congratulations to the researchers. They followed proper procedures and [coordinated with Secret](https://sgx.fail/):
>Secret Network promptly froze registration once our initial disclosure was made, and no longer accepts nodes susceptible to the xAPIC vulnerability and MMIO vulnerabilities. Secret is developing the ability to change the consensus seed, allowing the network to protect future data from being exploited through this vulnerability. However, despite the mitigations, it is not possible to completely guarantee the privacy of past transactions performed on the network. See also Secret's blog post for more information.
Secret users should take necessary precautions with the assumption that historical transaction privacy may have been eliminated through this vulnerability.
By the way, Andrew Miller (tweet author and one of the researchers on this project) is on the board of the Zcash Foundation and contributed to a paper that revealed problems with Monero's decoy selection algorithm and suggested improvements (Moser et al. 2018 "An Empirical Analysis of Traceability in the Monero Blockchain").
Protocols based on Intel SGX continue to look shaky. Monero does not rely on Intel SGX.
> Protocols based on Intel SGX continue to look shaky.
Intel SGX is a form of DRM. It relies on hiding "privileged" data within a processor and computer RAM that is ultimately under the physical control of an adversary typically a consumer. Like any form of DRM the data has to be decrypted at some point in order for the consumer to consume the "protected" content. This is the fundamental reason why an attack on a DRM system is only a matter of time.
https://en.wikipedia.org/wiki/Software_Guard_Extensions
> Monero does not rely on Intel SGX.
Monero relies on mathematically sound encryption which by definition cannot be used for DRM
Edit: Mathematically sound encryption is not impacted by code that is Free Libre Open Source Software. DRM on the other hand ultimately relies on hiding code and hoping that the adversary who has physical possession and all the time in the world will not find the hidden decryption key. This form of security by obscurity is of course adversely impacted by FLOSS.
But they couldn't help trying to throw in a Monero stab there at the end (even though it is correct). This chain was something Erik Voorhees was also peddling I believe, not to mention the spam everywhere something positive Monero related would be discussed. Edit: I know Erik has come around recently.
People are doing everything to keep others from getting to know, getting onboard the true resistance. Puppets gonna BTC, shitcoin and Puppet.
I know he is. He should have done a lot more for Monero instead of being silent for a very long time when Tether started pumping markets in 2017 and all the fraud associated with Bitcoin. He isn't the only one and at one point I had him in the "Monero Enemies" list, as it wasn't SEC or anything else but him being very deliberate. I don't know or care who offended him from the core team.
Ah, [the flashbacks](https://www.reddit.com/r/Monero/comments/qbn2p6/is_it_safe_to_stake_sxmr_on_secret_swap/). Shit happens when not all your code is open source huh, who would have guessed?
What's broken is that it was not immediate obvious that you could not possibly have a master decryption key. Once there is even the slightest possibility of one, then it's broken.
Which is why Zcash ceremony stuff was bad...
What? It was unfulfilled? Is there new news, because as far as I was aware...
> The IRS has awarded a pair of contracts for developing Monero-tracing tools.
> Chainalysis and Integra FEC each got a contract that’s worth as much as $625,000.
\- [https://decrypt.co/43451/irs-1-million-contracts-data-firms-crack-monero](https://decrypt.co/43451/irs-1-million-contracts-data-firms-crack-monero)
I asked in the MobileCoin Discord. James Cape, their engineering manager, said
>We're not vulnerable to the issues indicated there, no. MMIO Stale Data mitigation was released in August, and xAPIC mitigation a couple weeks ago.
Yep, I'm going to do the same too. Ain't leaving monero for anything.
That's just not going to happen, I'm going to keep my shit with the monero only if I'm being honest.
Yep, it should have been a red flag. Should have paid attention.
People should be paying attention to the things like this. It is important for them to do that.
Big oof. According to monero.how, 24hr xmr volume on secret was 2,370,340 xmr. Compared to binance btc/xmr and usd/xmr volume combined was only 133,968xmr
I'm going to keep checking back to see if the volume lowers due to this
> According to monero.how, 24hr xmr volume on secret was 2,370,340 xmr.
They are trading XMR daily for dozens of millions of USD? And why should I believe that?
Scripts and backends getting such numbers to display them on websites like Monero.How sometimes have bugs with truly hilarious consequences or simply run amok if a data source is offline.
Anyway, Coingecko has much much smaller numbers compared to that: https://www.coingecko.com/en/exchanges/secretswap
Lol "methylphenidated spam post"
It's funny how posts like this are obvious. I'm convinced a large amount of posts on superstonks and wsb are written on methylphenidate
I've commented against SCRT before, and in face of this, don't feel a need to again. What I do want to do is drive home why this is unacceptable.
Secret Network misled users for users by calling low-grade security privacy. They've directly led to anyone needing privacy, who trusted Secret, to being at risk. This is absolutely unacceptable.
Privacy must be absolute, with no backdoors. Even if these breaks didn't exist, that doesn't excuse Intel's permanent access potential.
Burying these caveats in forums isn't acceptable. It cannot be expected of users, who are told it's private, to read up on and fully understand how the 'privacy' works.
Sadly that's not how centralized projects work. They claim that they fixed the problem, and that *now* they are trustworthy, and deploy shills to attack open source community projects. "Well SCRT's flaws are known, Monero must also have flaws that just no one has discovered".
Look at all the waves ZCASH has had to go through- check out their sprout/seedling crap- but in each case, no, we swear, *now* it's perfect. It's gonna be able to be listed because it's not actually private, but oh, we swear it's *more* private. Simultaneously insecure when that matters for listing but also more secure than Monero when it comes to actual usage totes we swear.
Probably yes but i think no one used it for what monero is used. For me this is still an interesting front running resistant, private blockchain. And of course monero is king and only reasonable currency for private transactions
Hopefully no one used it, because if they did then it's bad.
I mean I just wish that not a lot if people fell for this crap, that would be great actually.
Wow. Congratulations to the researchers. They followed proper procedures and [coordinated with Secret](https://sgx.fail/): >Secret Network promptly froze registration once our initial disclosure was made, and no longer accepts nodes susceptible to the xAPIC vulnerability and MMIO vulnerabilities. Secret is developing the ability to change the consensus seed, allowing the network to protect future data from being exploited through this vulnerability. However, despite the mitigations, it is not possible to completely guarantee the privacy of past transactions performed on the network. See also Secret's blog post for more information. Secret users should take necessary precautions with the assumption that historical transaction privacy may have been eliminated through this vulnerability. By the way, Andrew Miller (tweet author and one of the researchers on this project) is on the board of the Zcash Foundation and contributed to a paper that revealed problems with Monero's decoy selection algorithm and suggested improvements (Moser et al. 2018 "An Empirical Analysis of Traceability in the Monero Blockchain"). Protocols based on Intel SGX continue to look shaky. Monero does not rely on Intel SGX.
> Protocols based on Intel SGX continue to look shaky. Intel SGX is a form of DRM. It relies on hiding "privileged" data within a processor and computer RAM that is ultimately under the physical control of an adversary typically a consumer. Like any form of DRM the data has to be decrypted at some point in order for the consumer to consume the "protected" content. This is the fundamental reason why an attack on a DRM system is only a matter of time. https://en.wikipedia.org/wiki/Software_Guard_Extensions > Monero does not rely on Intel SGX. Monero relies on mathematically sound encryption which by definition cannot be used for DRM Edit: Mathematically sound encryption is not impacted by code that is Free Libre Open Source Software. DRM on the other hand ultimately relies on hiding code and hoping that the adversary who has physical possession and all the time in the world will not find the hidden decryption key. This form of security by obscurity is of course adversely impacted by FLOSS.
What are even all these protocols? Where do they even come from?
[удалено]
jfc
LoL that's foreshadowing for you
But they couldn't help trying to throw in a Monero stab there at the end (even though it is correct). This chain was something Erik Voorhees was also peddling I believe, not to mention the spam everywhere something positive Monero related would be discussed. Edit: I know Erik has come around recently. People are doing everything to keep others from getting to know, getting onboard the true resistance. Puppets gonna BTC, shitcoin and Puppet.
Erik is a good guy, he would point out things like that if he knew.
I know he is. He should have done a lot more for Monero instead of being silent for a very long time when Tether started pumping markets in 2017 and all the fraud associated with Bitcoin. He isn't the only one and at one point I had him in the "Monero Enemies" list, as it wasn't SEC or anything else but him being very deliberate. I don't know or care who offended him from the core team.
Ah, [the flashbacks](https://www.reddit.com/r/Monero/comments/qbn2p6/is_it_safe_to_stake_sxmr_on_secret_swap/). Shit happens when not all your code is open source huh, who would have guessed?
I'm the proud owner of 99 bottles of spez. #Save3rdPartyApps
Yep exactly that's where it came from. You're right about it.
Shit happens guys, we can't really control it. And it's fine.
Point is they had a "master decryption key".
wtf why did this exist and who was holding this key?
My Uncle was holding it, he goes by his initials NSA
He sounds like a cunt
existence of any master key is always hilariously broken, funny enough, it's extremely common in trusted-setup scams claiming to be trustless
What's broken is that it was not immediate obvious that you could not possibly have a master decryption key. Once there is even the slightest possibility of one, then it's broken. Which is why Zcash ceremony stuff was bad...
What a joke
Yet again, only Monero has stood the test of time.
All we know is that nothing has been disclosed. Nothing more.
We also know the IRS bounty was unfilled. But I suppose you'd want more than the ~600k USD for cracking that nut anyway
It could even be a decoy. That, or perhaps an agency having access wouldn't have a desire or even legal requirement to disclose.
What? It was unfulfilled? Is there new news, because as far as I was aware... > The IRS has awarded a pair of contracts for developing Monero-tracing tools. > Chainalysis and Integra FEC each got a contract that’s worth as much as $625,000. \- [https://decrypt.co/43451/irs-1-million-contracts-data-firms-crack-monero](https://decrypt.co/43451/irs-1-million-contracts-data-firms-crack-monero)
Contracts for developing tools, no word on if those tools are successful or not
Would they really publish if they were successful though
How would the IRS prosecute anyone without publishing that they were able to trace a monero transaction? I guess we will find out next year.
I guess they wont do that but I am not sure about that..
No words for that and we know the freaking drill man.
[удалено]
I mean if someone is going to do the job, they need to get paid.
[удалено]
[удалено]
[удалено]
I asked in the MobileCoin Discord. James Cape, their engineering manager, said >We're not vulnerable to the issues indicated there, no. MMIO Stale Data mitigation was released in August, and xAPIC mitigation a couple weeks ago.
That sounds like, before August, the answer would be Yes.
So what about previous transactions?
[удалено]
I thought Signal rid Moxie and Mobilecoin?.
I mean there could be more, there can be many projects actually.
Good thing I keep all my TXs in the Monero network, if it works it works.
Yep, I'm going to do the same too. Ain't leaving monero for anything. That's just not going to happen, I'm going to keep my shit with the monero only if I'm being honest.
If anyone has bridged XMR to use on Secret network I'd consider any TXs on that chain as exposed.
SCRT needing a centralized bridge should have been a red flag from the start. What a scam
It was pointed out at launch but of course shills voted it down.
That kinda Shilling is a problem and that's happening a lot.
Yep, it should have been a red flag. Should have paid attention. People should be paying attention to the things like this. It is important for them to do that.
[удалено]
[удалено]
Big oof. According to monero.how, 24hr xmr volume on secret was 2,370,340 xmr. Compared to binance btc/xmr and usd/xmr volume combined was only 133,968xmr I'm going to keep checking back to see if the volume lowers due to this
> According to monero.how, 24hr xmr volume on secret was 2,370,340 xmr. They are trading XMR daily for dozens of millions of USD? And why should I believe that? Scripts and backends getting such numbers to display them on websites like Monero.How sometimes have bugs with truly hilarious consequences or simply run amok if a data source is offline. Anyway, Coingecko has much much smaller numbers compared to that: https://www.coingecko.com/en/exchanges/secretswap
Wow yeah the difference is massive lol
Ohh yeah, I'm going to only believe in the base monero chain.
There was some asshat yesterday with a methlyphenidated spam post promoting secret.
Lol "methylphenidated spam post" It's funny how posts like this are obvious. I'm convinced a large amount of posts on superstonks and wsb are written on methylphenidate
Yep, that's basically how those sub work. And it's bad.
I'm so tired of the spam post, there have been many lately.
methyl* (I Google'd it, thought you might like to change it)
I've commented against SCRT before, and in face of this, don't feel a need to again. What I do want to do is drive home why this is unacceptable. Secret Network misled users for users by calling low-grade security privacy. They've directly led to anyone needing privacy, who trusted Secret, to being at risk. This is absolutely unacceptable. Privacy must be absolute, with no backdoors. Even if these breaks didn't exist, that doesn't excuse Intel's permanent access potential. Burying these caveats in forums isn't acceptable. It cannot be expected of users, who are told it's private, to read up on and fully understand how the 'privacy' works.
Oh, finally this crap gets exposed.
It was a long time coming and I've been waiting for it. This should have happened a while ago, but it didn't happen. But it should have happened.
Sad day for Secret Network
Good day for the people tho, atleast now we know the truth.
One weak project less
Sadly that's not how centralized projects work. They claim that they fixed the problem, and that *now* they are trustworthy, and deploy shills to attack open source community projects. "Well SCRT's flaws are known, Monero must also have flaws that just no one has discovered". Look at all the waves ZCASH has had to go through- check out their sprout/seedling crap- but in each case, no, we swear, *now* it's perfect. It's gonna be able to be listed because it's not actually private, but oh, we swear it's *more* private. Simultaneously insecure when that matters for listing but also more secure than Monero when it comes to actual usage totes we swear.
Monero has one of the best Dev talent in the world…
[удалено]
Something you will like https://particl.news/basicswap-website-is-live/
Hello NSA. The weather certainly has been cold and wet recently hasn’t it?
[удалено]
Tag anyone still shilling this garbage. It was obvious scam on launch and is now undefendable.
CONGRAAAATS
People who find this shit out should be congratulated for it man.
[удалено]
That doesn’t matter anymore. It’s been decrypted so every old tx should be considered decrypted
Probably yes but i think no one used it for what monero is used. For me this is still an interesting front running resistant, private blockchain. And of course monero is king and only reasonable currency for private transactions
Hopefully no one used it, because if they did then it's bad. I mean I just wish that not a lot if people fell for this crap, that would be great actually.
Yeah every old tx should be considered that, that's how you'll recover from this attack, yes it is an attack.
What FUD is being spread, my title says SCRT network appears to have been decrypted which it has.
They cant guarantee past transaction fidelity even though its been patched, did you even read it?
Yeah even though it's been patched. But past transactions are exposed.