Contributors: Isthmus (Mitchell P. Krawiec-Thayer), Neptune, Rucknium, Jberman, Carrington
Correspondence: [email protected]Introduction
In the second half of July 2021, there was an anomalous increase in transaction volume on the Monero network. This is marked by the red line in this plot of daily transaction volume:
One cannot help but wonder about the sudden uptick, and a few questions naturally come to mind about the “source” of the excess transaction volume:Is the source one or multiple entities? What are the software fingerprints and behavioral signatures of anomalous transactions? How many transactions did the source generate, and how much did that cost?
Thankfully, we have the data to explore all of these questions about the anomaly and its source, courtesy of Neptune and the Noncesense Research Lab database.
If you want to jump straight to the answers, feel free to skip ahead to the conclusions section. If you want to get deep in the data and see exactly how we analyzed the activity, all the nitty gritty details are below. Note: this article assumes familiarity with the concept of ring signatures as a privacy mechanism. The relevant background is covered in chapter 3 of Mastering Monero, which is a free resource thanks to generous community crowdfunding.Principles and limits of analysis
Before we go any further, let’s talk about the fundamental idea underlying this analysis (and its limits). The following analysis is not capable of deanonymizing arbitrary individual transactions, and is only statistically viable for wallets with a large transaction volume (hundreds to thousands of transactions per day). In other words, this aggregate profiling should not alarm day-to-day users. To help clarify its limitations, this section provides a nontechnical analogy for the key concept behind this aggregate analysis.
How is the upcoming anomaly profiling accomplished without tracking individual transac...