Blowing the lid off the CryptoNote/Bytecoin scam (with the exception of Monero)

[illodin]

2. No it's not, it is a huge security risk. Even if the BCN Devs planned on doing it to thwart attackers, it paints a huge and centralized target for law enforcement--once they had them, they would have the whole network. Intentional or by accident this would be one of the worst ways to secure a coin's anonymity.

Did you have chance to read my post on this page above? Removing untraceability does not destroy anonymity since the unlinkability property holds. What it does is allow to link exact inputs to exact outputs. However good luck identifying the people behind the transactions with stealth addresses for each output.

An observer would not be able to even link any two transactions that were made to the same wallet (even if it the recipient and the sender are the same), not saying about the balance. How is that a security risk exactly?

If you can link inputs to outputs, then you can track the money. The public wallet address is irrelevant.

Say you're the police and bust a drug dealer and see his wallet has incoming money in an address (output of a drug money transaction). Now if you can link to an input of the transaction that created that output, you have one of the buyer's addresses (behind the wallet's stealth address).

Then, you check Poloniex's wallet which user (KYC) has withdrawn to that address, and you can go make another bust.

Or am I missing something?

[1715053566]

1715053566

[1715053566]

1715053566

[1715053566]

1715053566

[Wanderlust]

Here's my analysis:

NOBODY HERE KNOWS WHAT THE HELL THE HISTORY OF CN OR BCN IS.
NOBODY HERE KNOWS WHO CREATED CN OR BCN.
NOBODY HERE KNOWS SPECIFIC INFO REGARDING DATES OF LAUNCH FOR EITHER CN OR BCN.
NOBODY HERE KNOWS THE EXACT RELATIONSHIP BETWEEN CN AND BCN DEVS.

BOTH CN AND BCN DEVS REMAIN ANONYMOUS.



WHAT WE DO KNOW IS THAT BCN WAS THE FIRST CN COIN.

and it took you days of trolling to realize something so obvious?

"herr, lass hirn regnen!"

If my statements are obvious to you it flummoxes me how XMR can call out BCN as a scam as though it were the gospel truth. Far too little is known to make definitive comments one way or the other.

So to you those in search of truth/answers are trolls? Sorry to burst your bubble brosef.

[GingerAle]

2. No it's not, it is a huge security risk. Even if the BCN Devs planned on doing it to thwart attackers, it paints a huge and centralized target for law enforcement--once they had them, they would have the whole network. Intentional or by accident this would be one of the worst ways to secure a coin's anonymity.

Did you have chance to read my post on this page above? Removing untraceability does not destroy anonymity since the unlinkability property holds. What it does is allow to link exact inputs to exact outputs. However good luck identifying the people behind the transactions with stealth addresses for each output.

An observer would not be able to even link any two transactions that were made to the same wallet (even if it the recipient and the sender are the same), not saying about the balance. How is that a security risk exactly?

If you can link inputs to outputs, then you can track the money. The public wallet address is irrelevant.

Say you're the police and bust a drug dealer and see his wallet has incoming money in an address (output of a drug money transaction). Now if you can link to an input of the transaction that created that output, you have one of the buyer's addresses (behind the wallet's stealth address).

Then, you check Poloniex's wallet which user (KYC) has withdrawn to that address, and you can go make another bust.

Or am I missing something?

yes (as far as I understand it) because each time you make a transaction, it goes to a one-time stealth address, coming from one-time stealth address ring signatures. So when I'm sending you money, I take one of the outputs that I own and sign it with my private key and some other private keys in a ring signature, but all of these signatures are obfuscated through one-time stealth addressing, and then I send it to your stealth address. So, as mentioned by Rias (and the monero labs research bulletin)

. If the unspent transaction output (UTXO) set is filled with a lot of transactions that
aren’t really anonymous, there are fewer ways to make untraceable ring signatures.
At this point it must be noted that, even in this scenario, the one-time key pairs
(so-called “stealth addresses”) used in CryptoNote protocols are not violated in
this scenario, and so the anonymity of users is still not directly violated. Rather,
this attack violates the untraceability between one-time ring signatures, but this
development is still somewhat worrying. Hence, even non-malicious entities can
execute this attack on accident, malicious entities can spam the network to own
lots of the UTXO set, and malicious entities can break untraceability for others.

So I think it'd be interesting to have it explained why traceability between one-time key pairs .... means anything. My head goes in and out of this game so refreshers are always useful.

And again my nascent understanding of all things crypto shines brightly here, but in my mind, if I send money from stealth address b to stealth address d, and then d's new owner sends it from stealth address f to stealth address g..... still, no one knows what the hell is going on. Right? Gah. I need to do more reading.

[smooth]

2. No it's not, it is a huge security risk. Even if the BCN Devs planned on doing it to thwart attackers, it paints a huge and centralized target for law enforcement--once they had them, they would have the whole network. Intentional or by accident this would be one of the worst ways to secure a coin's anonymity.

Did you have chance to read my post on this page above? Removing untraceability does not destroy anonymity since the unlinkability property holds. What it does is allow to link exact inputs to exact outputs. However good luck identifying the people behind the transactions with stealth addresses for each output.

An observer would not be able to even link any two transactions that were made to the same wallet (even if it the recipient and the sender are the same), not saying about the balance. How is that a security risk exactly?

If you can link inputs to outputs, then you can track the money. The public wallet address is irrelevant.

Say you're the police and bust a drug dealer and see his wallet has incoming money in an address (output of a drug money transaction). Now if you can link to an input of the transaction that created that output, you have one of the buyer's addresses (behind the wallet's stealth address).

Then, you check Poloniex's wallet which user (KYC) has withdrawn to that address, and you can go make another bust.

Or am I missing something?

The main thing is that someone who buys coins from KYC and then sends them to a drug dealer should be doing one of two things:

1. Using an higher mix factor (e.g. 100) that will be extremely difficult to ever trace even if nearly all of the coin is compromised (see calculation above). It has always been stated that "high risk" transactions should do this, and not rely on the routine small mixes.

2. Sending the coins to himself a few times to create multiple steps of mixing. This will be extremely difficult to trace even if nearly all of the coin is compromised (using essentially the same calculation as #1).

The second has the advantage that these transactions don't look strange on the blockchain potentially making them more suspicious and inviting greater scrutiny as does the first (though that scrutiny would still not lead to tracing it).

The second is also the major benefit of the technology overall since this happens every time a routine transaction is used for anything. So coins that were used by a drug dealer a few steps back (or forward) are going to be difficult or impossible to tie to an innocent user. This preserves fungibility and greatly frustrates large scale blockchain analysis (a distinct threat to privacy from particular individual transactions being traced).

[smooth]

First of all, it's not exactly the matter of the sum that the attacker holds. It's about outputs that he controls. That means that even though you may have not more than 20% of the emission, you may be able to create a lot of smaller outputs, which would significantly diminish the barrier.

This isn't necessarily useful, because the outputs have to be of a particular size to matter. If you want to try to attack transactions using 1000 denominations, you have to have a lot of outputs of size 1000. That requires holdings of many times 1000. Likewise for other amounts, such as 100, 10000, etc.

Creating a huge number of outputs of size 0.1 would give you some ability to try to trace transactions involving outputs of that particular size, but not other sizes. There are also naturally many, many more of these outputs (compared with say 10000) being created in normal usage, so whether trying to focus on these smaller sizes actually makes an attack any easier is unclear.

Due to unlinkability property it is impossible to tell your balance at all even if the ringsig did not exist. Destination address can not be learned due to the very same reason (each output is sent to a unique stealth address). The tx amount is also not identifiable as CN protocol sends more money than the tx requires (which is returned as change and obfuscates the transferred sum).

Mostly agree but blockchain analysis is an issue. Being able to trace means being able to see certain patterns of spending (such as change being created and then spent). This could in turn be used to link addresses. That can be done probabilistically even with mixing but without effective mixing the analysis becomes much more effective. Untraceability and unlinkability are synergistic so that strengthening one strengthens the other and likewise for weakening.

[Wanderlust]

We know from the copyright that Andrey N. Sabelnikov is the epee author, and we can say with reasonable certainty that he was involved in Bytecoin's creation and is the dev behind Boolberry.

I think you missed something here. The names Andrey N. Sabelnikov and Nicolas van Saberhagen

-both names related to CN/BCN
-both names can be turned to N.S.A

and

Sabel is the dutch word for Saber. van Saberhagen is a fake dutch name.
(And Niko is short for Nikolai/Nicholas.)

You gotta admit that's pretty crazy niko v saber



ps I remain unconvinced your thesis is correct
pps

Immediate Red Flags

The first thing that is a red flag in all of this is that nobody, and I mean no-fucking-body, is a known entity

correction. see above. actually you contradict yourself.


btw i noted that Microsoft's lawsuit was in Jan 2012, a few months before stated launch

[Wanderlust]

^on greater reflection I find the coincidence that a russian guy connected to BCN having a name which translates to the name of the CN author too great to dismiss.

I think it's fair to say that Sabelnikov is van Saberhagen (or part of van Saberhagen if a group)

If true this has massive ramifications.

[X68N]

@ rethink-your-strategy
thx for your work, maybe you could repeat that on Goldcoin and Dash?
maybe you can publish it, some kind of bachelor work to get a scientific degree.

If people want a anonymous coin which is 2 Years old they should go with Anoncoin,
it was the true first anonymous coin and does not rely on cryptonote as far as i know.

greetings

[Oscilson]

@ rethink-your-strategy
thx for your work, maybe you could repeat that on Goldcoin and Dash?
maybe you can publish it, some kind of bachelor work to get a scientific degree.

If people want a anonymous coin which is 2 Years old they should go with Anoncoin,
it was the true first anonymous coin and does not rely on cryptonote as far as i know.

greetings

Dash is not so dramatic. It is instmined coin. There are a lot of exposing materials out there already.

[Wanderlust]

@ rethink-your-strategy
thx for your work, maybe you could repeat that on Goldcoin and Dash?
maybe you can publish it, some kind of bachelor work to get a scientific degree.

If people want a anonymous coin which is 2 Years old they should go with Anoncoin,
it was the true first anonymous coin and does not rely on cryptonote as far as i know.

greetings

perhaps u missed my point. Sabelnikov is likely Sabenhagen which places the Russian at the heart of BCN and Cryptonote. Whether you question his ethics or not it points to a potentially strong BCN future assuming he is still actively developing…  Sabelnikov is presumably a highly gifted individual whose skills outmatch those of smooth and fluffypony combined, and then some.

[X68N]

perhaps u missed my point.

yep maybe, it can happen 

[rangedriver]

Sabelnikov is presumably a highly gifted individual whose skills outmatch those of smooth and fluffypony combined, and then some.

To entertain you for just a nanosecond...

If he was truly gifted he would understand that a movement by the people always triumphs over a movement from a dictator. Perhaps this is a concept that eludes hardcore Russians in the Putin era. Nonetheless, he's welcome to join the Monero community whenever he feels ready to convert his 'talents' into a 21st Century format.

[X68N]

Sabelnikov is presumably a highly gifted individual whose skills outmatch those of smooth and fluffypony combined, and then some.

To entertain you for just a nanosecond...

If he was truly gifted he would understand that a movement by the people always triumphs over a movement from a dictator. Perhaps this is a concept that eludes hardcore Russians in the Putin era. Nonetheless, he's welcome to join the Monero community whenever he feels ready to convert his 'talents' into a 21st Century format.

one thing i learned in my self study of humans is this:
don't confusion the intelligence (IQ) of a human with his wisdom (EQ=emotional inettigence/ empathy).
Even the smartest people can make the worst mistakes when psychology comes into play.

Only because someone is smart doesn't mean he is free of emotions like greed or narcism.
The opposite isn't true either.

[jwinterm]

@ rethink-your-strategy
thx for your work, maybe you could repeat that on Goldcoin and Dash?
maybe you can publish it, some kind of bachelor work to get a scientific degree.

If people want a anonymous coin which is 2 Years old they should go with Anoncoin,
it was the true first anonymous coin and does not rely on cryptonote as far as i know.

greetings

Too bad Anoncoin has zero privacy features added compared to BTC. The only anon thing about it is its misleading moniker.

[child_harold]

Sabelnikov is presumably a highly gifted individual whose skills outmatch those of smooth and fluffypony combined, and then some.

To entertain you for just a nanosecond...

If he was truly gifted he would understand that a movement by the people always triumphs over a movement from a dictator. Perhaps this is a concept that eludes hardcore Russians in the Putin era. Nonetheless, he's welcome to join the Monero community whenever he feels ready to convert his 'talents' into a 21st Century format.

one thing i learned in my self study of humans is this:
don't confusion the intelligence (IQ) of a human with his wisdom (EQ=emotional inettigence/ empathy).
Even the smartest people can make the worst mistakes when psychology comes into play.

Only because someone is smart doesn't mean he is free of emotions like greed or narcism.
The opposite isn't true either.

with respect, you're possibly talking about the guy who wrote cryptonote. BCN market cap still just a few million…

* child_harold rolls dice

[Este Nuno]

@ rethink-your-strategy
thx for your work, maybe you could repeat that on Goldcoin and Dash?
maybe you can publish it, some kind of bachelor work to get a scientific degree.

If people want a anonymous coin which is 2 Years old they should go with Anoncoin,
it was the true first anonymous coin and does not rely on cryptonote as far as i know.

greetings

perhaps u missed my point. Sabelnikov is likely Sabenhagen which places the Russian at the heart of BCN and Cryptonote. Whether you question his ethics or not it points to a potentially strong BCN future assuming he is still actively developing…  Sabelnikov is presumably a highly gifted individual whose skills outmatch those of smooth and fluffypony combined, and then some.

I'm guessing you're not really aware of Cryptozoidberg and Boolberry else your mind would probably be spinning right now.

Not that I necessarily think CZ = Sabelnikov . It's quite possible, and I wouldn't really be surprised. Doesn't really matter *too* much though. Suppose he is though, it would appear that he rejected the BCN scam full stop and moved on to create a new legitimate non scam CN cryptocurrency.

Anyways, this stuff was all discussed ad nauseam back when this was originally posted. Nothing ever came of Sabelnikov and the botnet stuff anyway, it turned out he wrote the code but was not involved in the operation of the botnet at all. So that's a whole other philosophical debate right there and you can take your own moral stance on the ethics of writing code like that. People had various opinions.

[smooth]

Interesting development.

It seems rethink-your-strategy was well ahead of the curve with his investigations here, but over time more of the story/scamming is coming to light (and it now appears likely that it reaches well beyond the Bytecoin/Cryptonote saga to elsewhere in the cryptosphere, as I have long suspected)

Bytecoin trying to discredit CN competitors by funding Coin Telegraph and dictating artciles published.  It turns out the same scammers are behind most of the failed CN coin launches.

...

https://www.reddit.com/r/Monero/comments/3g1x60/who_owns_and_runs_cointelegraph_madbitcoins_live/
https://www.reddit.com/r/Bitcoin/comments/3g1rpx/mad_bitcoins_on_twitter_the_truth_behind/

[mmortal03]

He's written an article, as well: https://www.zapchain.com/a/h27LEGVJ4J

[btc-mike]

He's written an article, as well: https://www.zapchain.com/a/h27LEGVJ4J

Very interesting.

I believe CoinTelegraph bought my website CPU Coin List. https://bitcointalk.org/index.php?topic=483976.0

After i released control, the only update ever made was to add CoinTelegraph banners.

[Oscilson]

Bytecoin has a huge premine and benefits the developer a lot. Monero is fairer. However, the Bytecoin has much bigger market capitalization than Monero.