How to Mitigate EAE attacks on Monero, an article

How to deal with EAE attacks on Monero

What is an EAE attack ?

An attack used when an actor knows many outputs that belongs to someone specifically. With this knowledge, you can detect consolidations made by someone or completely de-anonymize Ring-Signatures if it was made by two malicious actors like KYC exchanges.

How to solve this ?

We can’t give a 100% guarantee that a poisoned output will be “de-poisoned”, however theres ways mitigate the attack.

Do random amount transactions

On a random timing with random amounts and inputs/outputs to make difficult to understand what was done trough heuristics.

Make long peel-chains

Monero does pretty cheap transactions so simply peel your UTXOs and never consolidate them.

Use Ring-Signatures on your advantage

Before doing anything said before, do nothing ! It can seem weird but other Monero users will select your UTXOs as decoys so it fakes where outputs goes. Then on every transaction, you wait in first a random number of times you got selected by people and then you follow patterns explained. To do that you can use the decoy scanner made by Pokkst (I2P link to the repository) to know how many outputs used your UTXOs in their decoy selection. At the end you have random peel-chain executed on a random times, and you can’t detect the pattern because it got obfuscated by other Ring-Signatures before every hop.

Do not use KYC exchanges !

Services collecting personal data and metadata can be used against the user ! MajesticBank Hidden-Service will fixes theses cases because: We have a hidden-service and we’re account-less swaps. Something other exchanges don’t support unlike us is supporting privacy and anonymity tools like the MWEB Litecoin layer and the Whirlpool CoinJoins or StoneWallX2 Bitcoin cahoots support, so we have to chance to know who’s swapping what.