Fixxx
Moder
- Joined
- 20.08.24
- Messages
- 224
- Reaction score
- 333
- Points
- 63
Monero is tracked... There are real people, hackers, drug cartel owners who have received real prison sentences, established precisely through payments in Monero.
How is XMR Tracked?
These people exchanged Bitcoin for Monero, Monero for Bitcoin and these payments were still traceable. In this article, I will explain how Monero is tracked and provide you with specific usage recommendations to complicate tracking as much as possible. To finally remove the rose-colored glasses, I will provide a few examples; these are real stories of hackers who could not be caught for 7 years, which speaks to their level as professionals. They are not drug couriers who used a Monero wallet obtained on the Binance exchange. Below are 3 sources on 3 different cases:- reddit.com/r/Monero/comments/19emsfe/finlands_national_bureau_of_investigation_claims
- An old case about WannaCry: https://medium.com/@nbax/tracing-the-wannacry-2-0-monero-transactions-d8c1e5129dc1
- And this year's case with a drug store: https://www.justice.gov/opa/media/1352571/dl
Examples of Monero tracking:
- Exchanges. All exchanges, such as Binance and others, quarterly provide information on ALL transactions within the exchange in the form of CSV lists, including all XMR information, including wallet addresses. They send these lists to everyone who deals with tracking and investigations in crypto, such as Chainalysis. This is obvious, but it needs to be stated: if you send or receive Monero using an exchange wallet, there can be no talk of anonymity at all. The exchange remembers the wallet address, amount, date and time, IP address and everything that can be remembered. Put an equal sign between Binance and all the exchangers listed on BestChange; all these exchangers are partners of some large or small exchange, and they save all information about you during the application process, including email, IP address, the wallet from which you send them money and the wallet to which you send it. This is worth remembering.
- Volumes, time, statistical probability. Now let's consider a few examples:
The first example: let's imagine that an XMR wallet to which $100 (equivalent) was sent is being tracked. Then the person exchanged XMR for Bitcoin somewhere on BestChange and after 1 hour, a deposit of $100 (equivalent) in BTC was made to Binance, and then withdrawn to their card. What is the probability that the owner of the XMR wallet will be identified this way? Very, very low, because thousands of other users made similar deposits in other cryptocurrencies on other exchanges, etc. But let's imagine that over the course of a month, this happened 25 times, 25 times a transfer of $50-150 was made to this wallet and 25 times a deposit was made to Binance in BTC. In this case, the statistical probability of such deposits being random becomes impossible and thus a connection is established between the XMR wallet and the Binance account.
The second example: a hacker demands a ransom of $250,000 in Bitcoin, which is 3.62 BTC and he is paid 3.62 BTC. He knows that Bitcoin is tracked and goes to an exchange that does not require KYC, any documents and exchanges his BTC for XMR in several transactions. Since he doesn't trust this exchange, he transfers XMR several times to cold wallets, and after that, he exchanges XMR for Bitcoin somewhere and sends it to Binance to withdraw these funds to his account. It seems like a complex chain: Bitcoin > XMR > XMR > Bitcoin and this can be tracked, all due to the volume and time interval. The volume of $250,000 is quite large, and even if it occurs over a week, there may be only 1 or 2 similar operations for that amount, which greatly simplifies tracking, as such operations stand out among the mass of others. - Nodes. There are bad XMR nodes that may be aimed at de-anonymizing users. I won’t go into too much detail; I will just say what information nodes can collect about you: your IP address, including even changes to your IP address, for example today and a week later, each time you access the wallet (for example, if you haven’t used the wallet for a week and opened it, it will request a blockchain update from the node from where it stopped a week ago, thus the node will understand that the user a week ago and now is the same person). Also, a bad node knows your time zone and your online time in the wallet, when you open and close it, thus collecting additional statistical information. This all concerns passive collection; there are also attacks that can be applied by bad nodes when conducting transactions for you. For example, when you want to send someone XMR, you request 11 addresses from the node, 10 of which are fake and when the transaction is made, the node does not know exactly which addresses are fake and to which you are sending XMR. The node can change 5-6 fake addresses, and if the transaction goes through successfully, then the addresses it changed are definitely fake, and accordingly, the true address is among the other 5-6 addresses. If it happens that the node changed the addresses of the real address to which you wanted to send XMR, then you will receive an error and the transaction will not go through; accordingly, the node will know that the address you wanted to send to was among those 5-6 addresses. A bad node can conduct such attacks many times until it knows for sure which of the 11 addresses is the real one.
- Your own node. Based on the reasons above, it can be concluded that you need to have your own node, but bad guys have also come to this conclusion and they started monitoring ALL nodes that appear, namely their date and time of appearance, as well as the time they operate and the transactions that go through them. For example, a hacker knows this, and from April 22 to April 29 he used it while making some deals and then it became unnecessary, and he deleted it from the server. Those who deal with investigations and tracking Monero also monitor other nodes and they will notice the appearance of new nodes just as they notice their shutdown. Imagine that a hacker only turned on his node at the moment he needed the wallet; how much would that stand out from the general mass? Regarding the anonymity of the node, if a specific connection between the wallet and the node is established, then there is a huge amount of information that the person provided when creating the node, such as email, IP addresses from which it was configured and payment details, logins to the panel. A separate story is the email provided during creation; how anonymous is it? And regarding the node, when creating it, you will have the option to make it accessible to everyone or to process only your transactions. If you make it accessible to everyone, you help not only the Monero network but also pass through your node other people's transactions, which makes it harder to identify YOUR transactions among the mass of others, which certainly increases our anonymity.
- Blockchain explorers. For example, you made a transaction and want to check whether it has been confirmed, whether your XMR has reached the recipient or if you are the recipient of this transaction. What do you do? You open a blockchain explorer and look for/check the details of the transaction. At this time, the blockchain explorer you are looking at records your IP address, time zone and may run scripts for active information collection about your system, fingerprints, etc., which builds a specific connection between you and this wallet.
- Mixers, crypto laundering services. Mixers have 2 problems: the first is what money you receive in your wallets. For example, someone put money into the mixer obtained from selling drugs or weapons in the USA, and this money from the mixer can end up in your wallet in exchange for the ones you give to the mixer, and those funds will come to you. The second problem is that most of these services are honeypots, specially created to collect information about users. Even if the service is not such initially, it can become one later, for example, if law enforcement visits it and forces it to cooperate. And I remind you, you leave these services your other wallets, which can be traced to you many times easier. I personally do not know what an adequate solution would be here; using several services is not the best idea, as they can all turn out to be honeypots, but at the same time, each will take its 5%-10% for the service.
- Bad convenient cold wallets: Atomic Wallet, Exodus. What’s the downside? Atomic Wallet is considered an unsafe wallet and Exodus has two reasons: it has problems with anonymity and currently XMR doesn't work there, meaning the wallet doesn't synchronize with the blockchain.
Recommendations:
- Use only verified cold wallets with open source, such as the official Monero GUI Wallet, Monero CLI Wallet and others like Feather, Cakewallet.
- Use only YOUR XMR node in the wallets, which will start working a week/month before you need it and will continue to work for another month/two/three after you no longer need it. Start your node NOW so that when you need it, it's already in the network. Create the node anonymously, using an anonymous VPS paid for in XMR and set it up anonymously.
- Connect to YOUR node at least with VPN + proxy + virtualization / Whonix. Our node is safe, but at the level of the host and provider, logs may be kept.
- The wallet MUST NOT connect to the node an hour before the transaction, as this is also tracked; the moment of synchronization of the wallet with the node is crucial. It's best if the wallet is always synchronized.
- Buy XMR anonymously using Tor + VPN/SOCKS (VPN/SOCKS to avoid getting a 403) through exchangers on BestChange. This depends on what you have at the start, but the essence is the same: anonymous email, clean IP, go in, create an application and exchange to receive XMR in your cold wallet. For example, buy LTC for fiat/cash and then exchange LTC > XMR. Unfortunately, BestChange is not the best idea to use, but it's definitely better than exchanges and cheaper. Buy in small volumes (up to $5k-$10k) and be prepared that you may be asked for a passport, although usually, they don't ask. If you find an exchange/exchanger that seems to be exactly what you need, maximally anonymous and never asks for any documents, then it's most likely a honeypot.
- After the funds arrive in your cold wallet, move them through other cold wallets at least 3-4 times; this will add anonymity and if things go very badly, it will help you in court and allow you to "truthfully deny" as this creates many fake transfers.
- Let the money sit; don't transfer it immediately; wait days or better weeks and months. This will significantly complicate analysis and tracking.
- Spend (withdraw) in parts; don't send everything at once to one wallet in a large volume. In the blockchain, most transactions range from 1 XMR to 100 XMR; other volumes will stand out significantly.
- Try to avoid any intersections with exchanges, especially large ones like Binance, Huobi, Yobit and others. At the same time, don't blindly trust "anonymous crypto exchange services".
- Systematically change your wallets; if you spend to zero, don't refill the old one; create a new one.
- Don't use blockchain explorers - these are honeypots.
- Services/Telegram bots for checking AML, etc. - these are honeypots.
Last edited: