Oddbean new post about | logout
SimplifiedPrivacy.com Podcast | 2 months ago (raw) | export | reply | flag +15 
 Chainalysis Hijacked DNS to compromise Monero nodes!
 
Ok here's the situation,

First, a video from Chainalysis leaked of them running malicious nodes to try to identify users/transactions

Then, the community noticed a particular domain in the video, and when asking the owner, he said he stopped paying the VPS used in the video long ago.  MoneroBull explained to me, that they are using a DNS hijacking technique where:

a) The domain owner points their domain to a VPS
b) The domain owner stops paying the VPS and leaves.
c) Chainanalysis rents that VPS and controls the domain, because the zone record isn't reflecting the change.
d) Then popular wallets have these nodes in their lists, and that's how Chainalysis gets "trusted" nodes.

So what are the lessons learned?  Well, for one you can run your own node.  And second, upgrades to Monero are coming, probably now sooner than later.  Including full membership proofs, where it includes the entire chain as possible decoys.  This will hopefully be a huge step for everyone.  

But in my subjective view, until both Nostr and Monero stop the reliance on government domains, we're gonna have issues.

Sources:
https://www.digilol.net/blog/chainanalysis-malicious-xmr.html
https://nitter.aosus.link/monerobull/status/1832807857332330843#m
https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/
Sovereign Bear | 2 months ago (raw) | root | parent | reply | flag 
 Fucking bankers have their fingers in everything. We have to keep adapting
m0xie | 2 months ago (raw) | root | parent | reply | flag 
 Great post.  Its oddly comforting that they are so diligent - Monero is a threat.  Problem is that they won't stop.  Be better.  Stay strong. Run your own node.
Concord Knight | 2 months ago (raw) | root | parent | reply | flag 
 It's always about control.
People will accept a CBDC only if there is no choice. People accept tyranny when they think there is no alternative. If there is even one Blockchain which is secure, there will be an alternative and the CBCD will fail.
mister_monster | 2 months ago (raw) | root | parent | reply | flag 
 That's wild man. I'm curious how hard it is to get a particular IP. I'm thinking, it wouldn't change much with or without DNS is they're getting their hands on the same IP addresses as shuttered nodes.

It is a huge security flaw that records just sit there unless they're updated, and it is a bit sophisticated for an actor to leverage that fact for such an attack.

I don't think nostr and Monero rely explicitly on DNS, you can use them inside the Tor network as an example, but that DNS lookup of IP addresses is just a "user friendly" feature baked into clients and relays for nostr and Monero wallet apps for remote node connections.