🤖 AI Summary
This study addresses a critical structural vulnerability in Monero’s use of the Tor network, wherein transactions risk leaking users’ source IP addresses due to reliance on only two outbound hidden services for transaction relaying, thereby enabling linkage to real-world identities. The work presents ProxyMark, a novel three-stage de-anonymization framework that integrates Tor traffic analysis, node role identification, and transaction traceback to effectively correlate Monero transactions with their originating IPs. Evaluated on both the live Tor network and Monero’s mainnet and testnet, ProxyMark demonstrates practical feasibility as the first known de-anonymization attack specifically targeting Monero nodes operating over Tor, significantly undermining the protocol’s anonymity guarantees.
📝 Abstract
Monero is a privacy-focused cryptocurrency that deploys the Dandelion++ protocol and incorporates anonymity networks (such as Tor and I2P) to prevent malicious attackers from linking transactions with their source IPs. In this paper, we demonstrate that Monero's integration of the Tor network introduces a fundamental vulnerability: a Monero Tor node's originated transactions are exclusively forwarded to two outgoing Tor hidden service nodes (proxy nodes) prior to clearnet propagation, enabling an adversary to capture originated transactions by occupying the target node's outgoing connections. Based on this observation, we propose \textit{ProxyMark}, a three-stage deanonymization framework for the Monero Tor network, comprising node role identification, originated transaction identification, and node location deanonymization. Through experiments on the live Tor network, Monero mainnet, and testnet, we empirically demonstrate the effectiveness of \textit{ProxyMark} in successfully deanonymizing transactions originating from Monero nodes over Tor.