Monero's "Big Tent" culture w/ Monero Matteo (MT 362)

TODAY'S 🎙SHOW: Douglas Tuman sits down with Monero Matteo for a discussion on Monero and its future. Matteo shares why he seldom does interviews, his work as an accountant specializing in Monero, and the challenges of helping businesses adopt privacy-focused tools. They dive into Monero’s potential for decentralized capital markets, business-friendly features like view keys and transaction tagging, and hurdles such as accessibility and accounting integration. The discussion also explores Monero’s philosophy—privacy as resistance to surveillance, the role of proof-of-work, and the community’s “big tent” culture. The episode closes with reflections on freedom, ethics, and Monero’s role in protecting human autonomy

Watch Here (YouTube)➡️ https://youtube.com/live/El9sTxt9tFI Listen Here 🎧: https://www.monerotalk.live/monerotalk-362

Coffee & Monero, Go to Gratuitas.org today!

FOLLOW US https://monero.town/u/monerotalk & https://mastodon.social/@monerotalk

Thank you to sponsors, u/cakelabs and u/Stealthex_io as well as u/sunchakr for making these interviews possible! And of course our listeners and supporters for making Monero Talk possible!

Podcasts 🎧 :

iTunes: https://podcasts.apple.com/us/podcast/monero-talk/id1445930212 Spotify: https://open.spotify.com/show/60lQ05X8lcuXv71fhi6hl7

If you enjoy our show please Subscribe, Like, Share, Rate our YouTube Channel & Podcasts. This will help us grow and spread Monero content!

Greetings Monero Town !

A couple of updates concerning Haveno Dawnswap;

• Increased attachment max file size from 200KB to 1MB
• Fix Windows release files naming
• Commit to an arbitrator response time of 3 days, down from the default of 6 days
• Updated Simplex group links including on our contact page of our websites

Latest release: https://github.com/dawn-collective/haveno-dawn/releases/tag/v1.2.1a

Website: https://www.dawnswap.com/

Onion website : http://dawnswap33kxl55mpkakx626xydcxq2kcxvaur4tridlyxhsmu2b5syd.onion/

Overview

The FCMP++ and Carrot alpha stressnet is scheduled to hard fork from the current testnet on October 3rd, 2025, at block 2847330! Included below is the software you can use to participate in the alpha stressnet.

FCMP++ is a proposed upgrade to replace ring signatures with membership proofs that span the whole chain. When spending Monero, instead of making a ring signature proving you own 1 of 16 Monero outputs, you make a proof that you own 1 of the 150 million+ Monero outputs from across the entire Monero blockchain.

Carrot is a proposed upgrade to Monero's addressing protocol, bringing new security, privacy, and usability features, while maintaining backwards compatibility with existing addresses.

Both FCMP++ and Carrot have been in development for over a year, while research, security reviews, and audits have progressed in tandem. This alpha stressnet will be the first live network testing the FCMP++ and Carrot integration open to the public.

Alpha Stressnet Information

To participate, please follow the instructions below. If you encounter any issues/bugs/annoyances, please share a detailed issue here. We want as many people testing and reporting issues as possible to help prepare for a smooth launch of FCMP++ and Carrot. Be warned: this is ALPHA software, and will likely have bugs. Please share bug reports that are as detailed as possible! Try to describe the exact set of steps to reproduce any errors you encounter, and if possible, share wallet and daemon logs using log level 2. Detailed bug reports will help us solve bugs right away.

Some things to keep in mind:

• Your FCMP++ wallet MUST point to an FCMP++ compatible daemon.
• Constructing many input transactions takes some time.
• The following features are not yet functional:
  • Watch-only wallets & cold wallets.
  • Hardware wallet support.
  • Multisig.
  • Transaction proofs.
  • The block explorer.

Thank you and happy testing!

Download daemon/CLI/RPC binaries

This alpha release includes binaries you can download. Just find your machine below, and download the zip file. You will find the binaries inside.

Using daemon/CLI/RPC/GUI wallet

You can run use these like normally, just remember to provide the --testnet flag for the daemon, CLI, and RPC. Note that if you start with a populated data directory, the database migration will take a very long time (possibly multiple hours).

For GUI, select the "testnet" network type from the drop-down menu in "advanced settings". The daemon port should be 28081.

Compiling from source

Here is a simple python script you can execute to compile and build from source yourself.

Connecting with other Stressnet users

The "official" meeting place for discussing the stressnet is the #monero-stressnet:monero.social Matrix room.

Redesigned Monfluo (a pure Monero wallet for Android forked from Mysu) 0.9.0 was just released.
Available from Codeberg and F-Droid repository.

This post originally appeared on my website.

On September 14, 2025, a malicious mining pool successfully performed an 18-block "blockchain reorganization" of the Monero blockchain. Qubic, the mining pool, used its mining hashpower to generate an alternative blockchain history and replaced about 70 minutes of the honest chain's most recent history.

The main effect of the reorganization ("reorg" for short) was the invalidation of 115 transactions that had been included in the original honest chain. The coins in the transactions that were invalidated did not disappear. It is simply as if the transactions never occurred at all. The coins sent by the invalidated transactions returned to the sender's wallet and it is as if the recipients' wallets never received the coins.

Monero's protocol requires that users wait for 10 blocks before spending coins that they have just received. Since blocks are produced at a rate of one every 2 minutes on average, that's a 20 minute wait, on average. The wait is an annoyance for users, but it serves an important purpose.

In normal circumstances, Monero's "10 block lock" prevents transaction invalidation, but in this extreme case of an 18-block reorg, the 10 block lock was overwhelmed and did not prevent the 115 transactions from being invalidated. In this post, will see how the much-hated, but misunderstood, 10 block lock on spending newly-received Monero coins can prevent transaction invalidation on short reorgs and how things go wrong when the reorgs are deeper.

We will say that a transaction is "valid" if it has been included in a block on the main blockchain or it is eligible to be mined into a new block on the blockchain. A transaction is "invalid" if it cannot be mined into a new block.

We will compare the validity rules for bitcoin transactions and Monero transactions. Monero transactions need to obey the same basic rules as bitcoin transactions, but with some twists that make Monero special.

How bitcoin does it

A fundamental concept of many cryptocurrencies, including bitcoin and Monero, are transaction outputs. An output is a quantity of the currency inside of a transaction that is spendable. To provide a refresher on the concept of a bitcoin transaction output, I will quote my earlier article analyzing the Bitcoin Cash hard fork:

An output is a concept closely related to – but distinct from – address. An output is identified by its transaction ID plus its position in the transaction outputs, i.e. first position, second position, third position, etc. Once an output is spent by another transaction, it is spent permanently and cannot be reused. However, an address can be re-used repeatedly.

Transactions usually have more than one output because even a payment to a single recipient usually does not use up all of the output being spent. The remaining value, "change" like metal coins returned to a customer in a brick-and-motor store, is sent back to the sender's address in a second output in the same transaction.

A new bitcoin transaction that is eligible for inclusion in a new block will contain the transaction ID and the output position (first, second, third, or...) of the output being spent. The output position is the local output index. The index only refers to the position inside of its own transaction. This will be different from how Monero does it.

In bitcoin and Monero, a single blockchain is a consistent version of history. Transactions must appear on the blockchain in the correct order or else users could spend the same coins multiple times or create coins out of thin air.

In a single bitcoin blockchain (i.e. single version of history) a valid transaction must obey these rules that are relevant to our analysis:

1. An output that has already been spent cannot be spent again.
2. A transaction can only spend an output that has already been included in a prior block or in the same block as the transaction. Spending outputs from thin air is not allowed.
3. The spender must prove that they are authorized to spend the output by producing a cryptographic signature with their private key that matches the public key associated with the output.

The only exception to rule #2 is when miners are paid in completely new coins as payment for their service of mining new blocks.

A cryptographic signature is the result of a specific mathematical operation that combines the user's private key (which is never shared publicly) and the message that authorizes spending.

How Monero does it

Monero has many privacy features. One of them is "ring signatures". In bitcoin, every signature spends a single output. There is a one-to-one relationship between the output being spent and the transaction that spends it. There is no ambiguity about which output is spent, so the flow of funds is easily traced.

In Monero, a ring signature declares that any one of several outputs are being spent in a given transaction. An external observer cannot know which of the outputs in the ring is actually being spent. Monero's current ring size is 16, which means that there is one "real spend" hidden in the ring with 15 "decoy" outputs.

How does Monero fulfill the conditions that bitcoin requires of its transactions?

Bitcoin's rule #1 was "An output that has already been spent cannot be spent again." Monero makes sure that an output is only spent once by requiring that transactions include the key image of the output that is being spent. Each output has a unique key image that cannot be faked, yet in normal circumstances an observer cannot know which specific output is spent in a ring signature. Once a key image inside a transaction is included in a block, no other transactions with that key image are allowed inside the blockchain.

Bitcoin's rule #2 was "A transaction can only spend an output that has already been included in a prior block or in the same block as the transaction." Monero's rule is similar, with an important difference: Monero transactions can only spend an output that has already been included in a block at least 10 blocks ago. This rule is known as the "10 block lock". Since decoys and real spends are treated the same in the transaction validation process, all 15 of the decoy ring members must also follow this rule.

Bitcoin's rule #3 was "The spender must prove that they are authorized to spend the output by producing a cryptographic signature with their private key that matches the public key associated with the output." In bitcoin, there is a single public key. In Monero at current ring size, there are 16 public keys for every output that is to be spent. For a specified set of 16 public keys, the ring's cryptographic signature must match the whole set and only that set. You cannot split the signature and somehow replace one or more ring members. If you want to change any of the ring members, you must create a whole new signature, which requires creating a new version of the transaction.

A shortcut

Bitcoin transactions refer to outputs that they spend by their transaction ID and the output index inside that transaction. Monero transactions use a global output index to spend outputs. The global index is a count of every single output that has ever been included in Monero blocks. There are about 140 million outputs on the Monero blockchain already, with more added about every two minutes, on average.

The global output index is a useful shortcut. Ring signatures must refer to many outputs at once. If outputs in rings were referenced explicitly by transaction ID, each Monero transaction would be take up much more space to store. A transaction ID requires 32 bytes to store. Integer index numbers take up much less space: 4 bytes or less.

Monero transactions are already much larger than bitcoin transactions. A 2-input/2-output bitcoin transaction is about 0.4 kilobytes. A 2-input/2-output Monero transaction is about 2.2 kilobytes. An unpruned Monero node already takes up about 240 gigabytes of storage for the whole blockchain. Including every single transaction ID explicitly in each ring would increase the size of a 2-in/2-out Monero transaction by about 50 percent. Instead, rings refer to outputs implicitly by their global index number.

Since bitcoin transactions refer to their parent transactions explicitly by their transaction ID, the transactions' validity is basically independent of the exact position of the parent transactions in the blockchain. The parent transaction could be included in the previous block, a block from a week ago, or even the same block that the child transaction is included in. The situation is different with Monero transactions. Since the index of outputs depends on its exact position on the blockchain, the child transaction will not be valid if the index ordering is different from what the child transaction expected.

How can the output index ordering be different from what a Monero transaction was "expecting"?

The 10 block lock establishes the expectation. The global output index in blocks produced 10 or more blocks in the past is not supposed to change. The output index in blocks shallower than 10 blocks can change without major problems.

Such events occur occasionally just as a result of the random mining process. There is no coordination between miners where they "take turns" mining blocks. Each block production is a random event and sometimes random events can occur nearly simultaneously, in different parts of the network. It takes time for new blocks to spread throughout the network. Therefore, short alternative chains can develop occasionally until the whole network agrees on the one longest chain. The short chains that lose the race are eventually ignored by nodes in a process called orphaning. In normal circumstances, honest miners do not try to produce these alternative chains, yet unintentionally a few alternative chains of 1, 2, and very rarely 3 blocks long are produced. The output indices in these alternative chains can differ from each other. However, the short chains do not violate the expectations of new transactions because they are shorter than 10 blocks.

A simplified example

When orphaned chains are 10 blocks or longer, the expectations of new transactions are violated. Therefore, the transactions can be invalidated. Let's visually walk through an example.

To allow a compact diagram, in this example we will set the ring size to 3 and the block lock to 3. Each transaction will have a single transaction output and each block will have exactly 2 transactions. Coinbase transactions, which are reward payments to miners, are ignored.

The diagram shows the abbreviated transaction output public keys of each transaction. The output index is shown to the right of each public key.

Our transaction is labeled 4b20 and colored purple. Simplifying more, we will treat this 4b20 identifier as if it refers to the ring, output, and transaction itself in one concise label. Our transaction only selects ring members outside of the 3-block lock. When there is a 3-block lock, that means that rings cannot contain outputs from the most recent 2 blocks previous to one that included the transaction. The lock is represented by the red-orange coloring of blocks preceding the block where our transaction was originally confirmed.

The wallet software has created the ring and generated a valid signature for the public keys associated with the outputs in the ring. The ring members have indices 54, 49, and 48. The real spend is output public key f382, with index 49. At this point, no external observer knows that the real spend is f382. The other two outputs in the ring were selected randomly by the wallet software when the transaction was created.

This is the normal functioning of the example chain. New transactions are created. Their rings include outputs from blocks prior to the locked blocks. The transactions, with valid ring signatures, are included in new blocks and all is well.

However, it is possible for a powerful malicious miner to upset the orderly functioning of the blockchain. Even with a minority of total network hashpower, the malicious miner can occasionally get lucky and produce long alternative chains, in secret, faster than the honest miners can produce them. When the malicious miner successfully mines an alternative chain longer than the honest chain, it reveals the chain to the network. Suddenly, nodes in the Monero network realize that the longest chain is the new malicious one and they orphan the honest chain. This event is depicted in the diagram below.

The transactions of the orphaned honest chain are expelled from the orphaned blocks. They are seeking to be included in the new chain, if they have not already been included. Notice that the index numbers on the attacking chain refer to different output public keys than the original honest chain because some outputs are different and the outputs that are the same are in a different order.

Output c63c was originally in the ring created by our transaction. The ring referred to it by index 54. Output c63c is still valid on the attacking chain and actually was included in a later block on the attacking chain. The figure below shows where it went on the attacking chain. It now has index 57 on the attacking chain.

The new output index being out of order is a big problem for our transaction. In the new version of the chain created by the malicious miner, index 54 points to output public key 14bd instead of c63c.

The transaction's signature for the ring is no longer valid in the new chain history because the whole set of public keys do not match the signature, even though c63c is in the new chain. For our transaction to be valid, the attacking chain must have the exact same transactions in the exact same order as the honest chain, which did not happen here. Our transaction cannot be included in a new block because it is invalid.

Privacy impact

The transaction we created is invalid, but we can create another one that spends the same amount of coins to the same recipient. We change the ring and produce a new signature for that ring. We must include the same real spend, and here is where the ring privacy protections go wrong in this situation. The decoys, randomly selected, are different, but the real spend is the same. The figure below shows the old invalid ring on the left and the new valid ring on the right. The two rings only overlap on one output: f382 at index 49.

Any external observer of the blockchain can see this overlap of the two rings and deduce that the real spend was f382, defeating the privacy protections that ring signatures are supposed to provide. The observer knows that the two rings were trying to spend the same output because the ring has the same key image, as was mentioned before. The figure below summarizes the privacy impact. f382, in yellow, appears in both rings.

18-block reorg

On September 14, 2025, the Monero blockchain experienced an 18-block reorg. The deep reorg violated the assumption that reorg depths would not exceed 9 blocks. The incident invalidated 115 transactions that expected the 10 block lock rule to not be broken.

The 18-block reorg was achieved by Qubic, another cryptocurrency project. For months, Qubic has held a large, yet minority, share of Monero hashpower and has executed short blockchain reorgs to unfairly raise its share of mining revenue through a selfish mining strategy. A clickable visualization of the 18-block reorg event is viewable here.

Does the 18-block reorg mean that Qubic held a majority of hashpower? Not necessarily. Mining is a random process subject to luck. Qubic has had many chances to get lucky. According to block timestamps, Qubic mined a total of 20 blocks in 66 minutes. Assume that network mining difficulty was equal to network hashpower. If Qubic had 40 percent of network hashpower, it would have a 5 percent chance of creating 20 blocks in 66 minutes or less. This result is based on using an Erlang distribution where the shape parameter is 20 and the rate parameter is 0.4 * 1/2, i.e. 40% of the hashpower necessary to produce the usual one block per 2 minutes. Given that Qubic could try again and again, a 5 percent chance per attempt can turn into a very high chance with repeated attempts.

What happened to transactions in the orphaned chain? Most of the transactions (456) were expelled from the orphaned chain and included later in the attacking chain. 115 of the transactions were invalidated because they referenced outputs on the orphaned chain. Below is a table counting the number of transactions invalidated on each block of the orphaned chain. Notice that the first orphaned block at height 3,499,659 contained zero transactions, so no subsequent transactions would have included any outputs from that block inside their rings.

Even in the final block of the orphaned chain at height 3,499,676, only half of transactions were invalidated because, by chance, about half of transactions contained no rings that referenced an output in the orphaned chain. Their ring members were all on the chain prior to the first orphaned block at height 3,499,659.

Case study of one transaction

We will follow the journey of one transaction that became invalidated: tx id d3e574c05b01f5d74815e3894f55e1645f402cdbf0415877f49e752a71b0d376.

This transaction was originally included in the orphaned chain at block height 3,499,672. Its ring specified global output index 139,283,631, plus 15 other indices from earlier in the chain. Within the orphaned chain, index 139,283,631 pointed to the output with public key b2de1e442b60b70ac681e9044581bb2dcbf66c97865b340d9a8ae4e3bb8e3d61 at block height 3,499,660. Note that some Monero block explorers label the output public key as a "stealth address".

However, when the 18-block reorg occurred, the transaction was expelled from the orphaned chain and started to wait to be included in a later block. In the new chain, index 139,283,631 pointed to the output with public key 61b08cd8a250fd2558cdd1a63ebfa38aeea0c9d4395c9223d315439fbc2e0e68 at block height 3,499,665. Since this was a different public key than the original signature was valid for, the transaction cannot be included in a block in the new chain because the old signature is invalid.

About 36 hours later, a new transaction appeared, 2b02f010b63b7a931eaafc681a1c2d2344ef44bdd0998c4b730663b041b4099c. We know that this transaction is related to the original one because its ring has the same key image: 1792997a43d27bb473605424ff3f1f1e1e69b44fec1ebc59dadba713a22eafa8.

The ring members of this transaction are all different except for one, at index 139,282,277. Both the old and new transactions contained this index. This index points to output public key 75254fa644c59a40eed60ad9bc6d9727a152323ac04069de764b72f9fcf3bd6b in transaction eb4f9e77a031c24fad0bb2abab76302e34e200bd3dff52a9f203fc187e2a4ff8 inside block at height 3,499,628, just a few hours before the 18-block reorg occurred. By process of elimination, this output must be the real spend. The ring signature's privacy protection was defeated.

Double spends and respends

Arguably the greatest negative impact of a deep blockchain reorg is the potential for a "double-spend" attack. In a double-spend attack, a malicious miner uses its hashpower to create an alternative history of the blockchain, then substitutes its history for the honest history. The miner spends the coins to a victim in the honest history, then spends the coins to itself in the attacking chain. Satoshi Nakomoto, creator of bitcoin, described the attack in his 2008 white paper that described the bitcoin protocol:

We consider the scenario of an attacker trying to generate an alternate chain faster than the honest chain. Even if this is accomplished, it does not throw the system open to arbitrary changes, such as creating value out of thin air or taking money that never belonged to the attacker. Nodes are not going to accept an invalid transaction as payment, and honest nodes will never accept a block containing them. An attacker can only try to change one of his own transactions to take back money he recently spent.

To execute the double-spend attack, a miner would have to send Monero coins to a victim, such as a merchant or centralized exchange. The victim would wait a certain number of block confirmations, depending on the victim's preference, and then send an irretrievable item to the miner, such as a physical good shipped in the mail or coins of another type of cryptocurrency.

Meanwhile, the miner would be mining an alternative chain in secret that contains a transaction that contradicts the "payment" to the victim. Once the malicious miner's chain was long enough and enough blocks on the honest public chain are confirmed, the miner would broadcast the secret chain, which causes a reorg and reverses the payment to the victim.

A successful double-spend requires the intended victim to take some action, such as sending the perpetrator some item of value. Without the intended victim taking action, the attack has no effect.

In the intentional double-spend attack on the bitcoin blockchain, the perpetrator invalidates the first transaction on the honest chain by mining a contradictory transaction on its secret chain. Bitcoin rule #1, "An output that has already been spent cannot be spent again," is the violation that invalidates the transaction. In bitcoin, only the original sender of the transaction can invalidate the transaction because only the original sender can sign a transaction that contradicts the first transaction.

As explained previously, a Monero transaction can become invalidated by a deep reorg even if the original sender did not deliberately attempt a double-spend by producing a contradictory transaction. Qubic invalidated the 115 transaction as a sort of collateral damage of its behavior.

Another difference in Monero, compared to bitcoin, is that it is easy to see if two bitcoin transactions sent the same exact amount of coins to the same address, because of its lack of privacy features. In Monero, addresses are hidden on the blockchain through its stealth address feature and amounts are also hidden with confidential transactions technology. Therefore, it is unknown if the later valid transactions just sent the same coins to the same recipient as the invalidated transactions were trying to send in the first place.

As of release of this post (September 26, 2025), about 74 percent of the 115 invalidated transactions had at least one of its ring's key image confirmed in another transaction after the original transaction had been invalidated. It is maybe better to call these transactions "respends" instead of double-spends because they could have been spent to the original intended recipient. Note that invalidated transactions could have been users sending funds to themselves or users could have completed the original payment to another recipient using a different set of coins or a different wallet. No merchant has yet claimed publicly to be an accidental or deliberate victim of a double-spend as a result of the 18-block reorg.

FCMP transaction invalidation

Full-Chain Membership Proofs (FCMP) is an upcoming upgrade to Monero's privacy features. Instead of having a small "ring size" of 16, FCMP will, in effect, produce a ring that includes all of the hundreds of millions of outputs ever produced on the Monero blockchain. It is a huge improvement in privacy. How would FCMP transactions handle a deep blockchain reorg?

In one way FCMP performs better than ring signatures, but in another way it performs worse. The privacy impact would be eliminated. Since FCMP transactions would include the whole set of previous outputs in their "rings", an observer could not perform the process-of-elimination analysis that defeated the privacy of small rings when transactions are invalidated and need to be reconstructed.

However, since current-version Monero rings only select a limited number of outputs from the reorg zone, there is only a chance, not a guarantee, that the transactions outside of the 10 block lock are invalidated. In the actual 18-block reorg, only about half of transactions that could have been invalidated actually were, because of luck of the ring signature draw. If they were FCMP transactions, all transactions above the 10 block lock would have been invalidated because all of them would reference all transactions from 10 blocks and earlier.

anhdres created all diagrams in this post.

Special thanks to DataHoarder for extracting and hosting extended data about the reorg incident here and here.

jeffro256 and DataHoarder reviewed an earlier version of this post and provided feedback.

Open source code used to produce of the empirical analysis in this post is here.

If you enjoyed this article, consider supporting my work with a donation of XMR, BCH, BTC, or WOW.

Monero's "Big Tent" culture w/ Monero Matteo | Tune-in to a LIVE MoneroTalk episode TONIGHT 9/23 at 8PM-EST!

Watch here on X or on YT➡️: https://www.youtube.com/live/El9sTxt9tFI TWITCH ➡️: twitch.tv/monerotalk Rumble!➡️: rumble.com/user/monerotalk

Thank you to our show sponsors cakewallet.com / stealthex.io /

I do not know that much about Crypto Currency. But as far as I understand:

• Whenever a new block is mined a list of transactions is executed. This means transaction speed depends on the rate with which new blocks are mined. What is that rate for Monero?
• Difficulty of the proof of work algorithm to mine new blocks is adjusted to keep the rate as constant as possible

Starting to feel like r/Monero is becoming like r/Bitcoin, mods removing anything related to issues with Monero.

Is there something in Monero transactions that can tie them together in this scenario:

• send some non-private crypto to an instant exchange
• exchange it for monero
• withdraw the monero
• after some time send some monero to that same instant exchange to exchange it for some non-private crypto

Would the instant exchange have a way to determine if the two transactions are connected to the same wallet (amounts being different)? What time difference between the 2 transactions would be sufficient?

When Bitcoin was hijacked back in 2017 and most miners were forced to mine BTC instead of the real Bitcoin BCH there was concern of 51% attacks.

Bitcoin Cash implemented rolling checkpoints to protect the chain. A similar strategy can help Monero now.

https://bchfaq.com/knowledge-base/what-are-rolling-checkpoints/

Bitcoin Cash is the bitcoin based cousin of Monero, I recommend the Monero community start getting familiar with Bitcoin Cash just in case XMR is taken down.

Download the premier desktop wallet and start exploring the real Bitcoin. - https://electroncash.org/

US government ready to apply the PATRIOT Act to Bitcoin and digital assets The FinCEN Director confirms that the Treasury is finalizing a ban on privacy tools for Bitcoin and cryptocurrencies.

According to The Rage, this week marks a pivotal moment for the digital asset sector in the United States, with the government preparing to apply the PATRIOT Act to Bitcoin and other cryptocurrencies. While last week brought positive developments on reforms to the Bank Secrecy Act of 1970, worrying news now emerges regarding the privacy of bitcoin and crypto transactions.

The PATRIOT Act, enacted after September 11, 2001, under the Bush administration, grants the U.S. government extraordinary powers to bypass constitutional protections in the event of terrorist threats. These powers include warrantless surveillance and the suspension of the right to a fair trial.

According to reports, FinCEN Director Andrea Gacki confirmed that the Treasury is working to finalize the so-called “mixer rule.” This regulation aims to ban nearly all privacy mechanisms on public blockchains for U.S. citizens.

During the hearing, Representative Liccardo stated: “We are seeing more and more illegal transactions being done in crypto,” citing a study showing that 91% of 111 fraud cases examined involved decentralized finance (DeFi). The main concern is the pseudonymity of transactions.

Gacki responded that FinCEN is collaborating with blockchain analytics firms to de-anonymize pseudonymous transactions, but Liccardo countered that software like mixers could allow users to evade even the most sophisticated detection techniques. Bitcoin privacy under attack

Contrary to its name, the Treasury’s mixer rule is not limited to mixers, but represents a generalized ban on any software or behavior that provides transactional privacy to users of public blockchains such as Bitcoin.

The rule would consider the following activities a “primary concern for money laundering”:

pooling or aggregating crypto from multiple people, wallets, or accounts;
using computer code to coordinate or manipulate the structure of transactions;
splitting Bitcoin to transmit it across independent transactions;
creating disposable wallets, addresses, or accounts;
exchanging between different types of cryptocurrencies;
facilitating delays in transactional activity.

These provisions could also put Bitcoin users employing common privacy practices under suspicion, potentially leading to criminal liability similar to traditional finance smurfing—the breaking up of large sums of money into smaller transactions to evade banking controls—a federal offense punishable by up to five years in prison. Revival of the Special Measures to Fight Modern Threats Act

Parallel to FinCEN’s work, the Special Measures to Fight Modern Threats Act, previously considered stalled in Congress, has been reintroduced. Representative Zach Nunn confirmed that the bill is still under debate.

According to The Rage, the Special Measures to Fight Modern Threats Act, originally introduced in 2022 by Representative Himes of Connecticut, would effectively give the Treasury the power to prohibit any transaction deemed concerning without public notice or consultation.

As highlighted by The Rage contributor Nicholas Anthony, who has written for the Cato Institute, “one likely scenario is that the Treasury would use this authority to prohibit U.S. banks from being involved with cryptocurrency transactions validated by miners located outside of the United States.”

Jerry Brito and Peter van Valkenburgh of CoinCenter described this approach as “dangerously authoritarian,” noting that all cryptocurrencies are inherently global and therefore any Bitcoin transaction could plausibly be linked to a foreign jurisdiction.

The post US government ready to apply the PATRIOT Act to Bitcoin and digital assets appeared first on Atlas21.

Source: https://njump.me/naddr1qq5xzjzjxp35snfkf3unj6rygauxscm6f9uycm2wwe39xwp0vdzrq72d0f3nynt8857szxthwden5te0wfjkccte9eekummjwsh8xmmrd9skctczyr4sz4a07wgqx9hy4ecu49vpy46k47038va0qh7hmsfs7ymh4dk92qcyqqq823cxt3wlc

More community input is needed on possible deployment of temporary rolling DNS checkpoints to defend against Qubic attacks: https://github.com/monero-project/monero/issues/10064

Please comment on the GitHub issue and/or click thumbs-up/down emoji reaction.

TL;DR: A malicious mining pool is disrupting the network and could cause deep blockchain re-organizations. DNS checkpoints, which have existed for emergency use in the code since 2014, could prevent deep blockchain re-organizations, but Monero's blockchain consensus protocol would temporarily be less decentralized.

Advantages

Practical advantages

• The code for this countermeasure has been in the Monero codebase for over ten years. The countermeasure is ready to deploy now, once final testing, "procedure smoothing" (see below) and successful outreach to honest mining pools is completed.

• Humans (i.e. the Monero Core Team) could intervene by ceasing or modifying the checkpointing procedure if the checkpointing produces undesirable results.

Principled advantages

• Rolling DNS checkpoints could keep the Monero network working, with minimum disruption, for the thousands of users who depend on it every day for private peer-to-peer electronic cash.

Disadvantages

Practical disadvantages

• Rolling DNS checkpointing has never been deployed on Monero's mainnet before. Something unforeseen could go wrong.

• Successful checkpointing requires most of the major honest Monero mining pools to voluntarily enable DNS checkpointing enforcement. If the mining pools choose not to, rolling DNS checkpoints will likely be unsuccessful.

• Maintaining control of the DNS records would require strict security procedures. Two previous security incidents in 2019 and 2023 involving malicious software hosted on getmonero.org servers and theft of community donated funds should be kept in mind.

Principled disadvantages

• Without a doubt, Monero's consensus mechanism would be less decentralized if rolling DNS checkpoints were enabled.

• Monero nodes would temporarily no longer follow the chain with the most proof of work.

• Mining pools following the DNS checkpoints would be similar to a situation of the majority of mining hashpower coordinating and colluding against a minority hashpower miner. "Majority hashpower cannot collude" may be considered a security assumption of proof-of-work consensus.

P2Pool v4.10 speed up the whole Monero network

If you're still mining on a normal pool like in the old days, your computer has to wait much longer to receive its work from the internet. With p2pool, it takes a fraction of the time of regular centralized pools!

How it will work with P2Pool broadcasts:

• 1. A pool or a solo miner finds a block, then submits it to their Monero node
• 2. Monero node notifies its connected P2Pool node of a new block (instantly)
• 3. P2Pool network spreads this block across all peers, spending only 2-3ms on each hop
• 4. All P2Pool peers submit this block to their respective Monero nodes
• 5. These Monero nodes verify this block in parallel - this is where the time saving comes from

As soon as enough P2Pool miners update to v4.10 or newer, block propagation times in the whole Monero network will reduce significantly.

➡️ Reddit

./monerod --zmq-pub tcp://127.0.0.1:18083 --out-peers 32 --in-peers 64 --add-priority-node=p2pmd.xmrvsbeast.com:18080 --add-priority-node=nodes.hashvault.pro:18080 --enforce-dns-checkpointing --enable-dns-blocklist

Hi all, circling back on my last post. After reviewing suggestions and testing other services, I’ve narrowed it down to 2 solutions.

Clockswap (0.5% fees) and Wizardswap (3.2% fees)

I'd personally go for Clock. They got bigger pools and better rates but it’s good to have a mix of options.

Let me know what you think.

Wtf is going on with kraken?

https://status.kraken.com/incidents/rzd4fm71v33m

Currently we have paused Monero (XMR) withdrawals.
Deposits are unaffected and still require 32 confirmations (~1h) before crediting.
We are actively monitoring the situation and will provide more updates as they become available.

The last update was 2 days ago, basically it's been down for a week.

Hello all,

I'm excited to announce launch of XMR.CARDS service. We offer gift cards for 2000+ brands, 60+ countries. We don't require KYC and support Tor for maximum anonymity.

Please let me know about your thoughts and recommendations, we have just launched and open for all thoughts!

Website: https://xmr.cards/

Tor: http://xmrcards7pb5dnj5dfbnueigmzwgujwlo5zhd6f3vnlhay6qlbd3dzid.onion/

(cross-posted from reddit)

github presentation of the FCMP++ audits w.r.t. the modules in the codebase

If It Isn't PoW, It Isn't Decentralized w/ Dr. K Tune-in to a LIVE MoneroTalk episode Tonight 9/5 at 7PM-EST!

Watch here on X or on YT➡️: https://www.youtube.com/live/bRpZxxDHAiY TWITCH ➡️: twitch.tv/monerotalk Now streaming on Rumble!➡️: rumble.com/user/monerotalk

Thank you to our show sponsors cakewallet.com / stealthex.io /

Vini Barbosa’s unfiltered take on the Monero selfish mining attacks and PoW (MT 360)

TODAY'S 🎙SHOW: Douglas Tuman has a discussion with Vinny Barbosa, a Brazilian crypto writer and privacy advocate, about the current challenges facing the Monero network, particularly the ongoing selfish mining attacks by the Qubic pool. The conversation explores both short-term and long-term solutions, including the proposed "Publish or Perish" soft fork to disincentivize selfish mining, defensive mining strategies, and the controversial idea of incorporating proof-of-stake elements or a finality layer to enhance network security. Vinny argues that while Monero’s proof-of-work and ASIC resistance are valuable for decentralization and permissionless mining, all proof-of-work systems are inherently vulnerable to such attacks, and the community should remain open to researching hybrid or alternative consensus models without ideological dogma. The dialogue emphasizes the importance of open debate, technical innovation, and community resilience in navigating Monero’s current crisis, while also touching on broader themes of digital cash, sovereignty, and interoperability with other privacy and scalable cryptocurrencies like Zcash and Nano.

Watch Here (YouTube)➡️ https://youtube.com/live/5wpVcq8e5vs Listen Here 🎧: https://www.monerotalk.live/monerotalk-360

Coffee & Monero, Go to Gratuitas.org today!

FOLLOW US https://monero.town/u/monerotalk & https://mastodon.social/@monerotalk

Thank you to sponsors, u/cakelabs and u/Stealthex_io as well as u/sunchakr for making these interviews possible! And of course our listeners and supporters for making Monero Talk possible!

Podcasts 🎧 :

iTunes: https://podcasts.apple.com/us/podcast/monero-talk/id1445930212 Spotify: https://open.spotify.com/show/60lQ05X8lcuXv71fhi6hl7

If you enjoy our show please Subscribe, Like, Share, Rate our YouTube Channel & Podcasts. This will help us grow and spread Monero content!

We were huge fans of LocalMonero's weekly blog series, "The Monero Standard" and missed it after they shut down. It was too valuable of a resource for the community to just disappear.

So we decided to continue it.

Here is the first new edition, published on our blog at Cyphergoat: https://cyphergoat.com/blog/monero-standard-1

A quick note on the name: We're not the original team, but they've kindly given us permission to continue using "The Monero Standard"

We'll be publishing a new summary every week. Let us know what you think!

WebWipe is hosting another privacy pop-up event, this time in Nashville, TN on September 20th (Saturday)

6-10 PM @ Diskin Cider (1235 Martin Street Nashville, TN 37203)

Come join us discussing privacy and the latest news on Monero and other privacy tools while enjoying a local cidery in Music City.

We'll have presentations on some of these topics and discuss others

• Eigenwallet demo
• Edge Wallet presentation
• Retoswap demo
• Bisq and robosats presentations
• OrangeFren demo
• Ashigaru presentation with Dojobay demo
• Ashigaru Whirlpool demo
• RoninDojo and Boltzmann calculator demo
• Cakewallet presentation
• Nym's Mixnet and NymVPN presentation
• encrypted communications and groups using SimpleXchat
• XMRBazaar demo
• Passphrase magazine and other swag

& more

Free to attend

I have recently seen some heated debates about Proof of Stake and Monero.
I think we are missing some clarification to make sure we are all discussing the same things. Let's chat about this so we can all contribute to improve the network.

The Monero network has recently seen some mining centralization.
As a hostile mining pool, the attacker has some attack vectors that can cause more or less disruption, and that disruption needs to be addressed, carefully. This comment on lemmy explains this point in more details.

One of the disruptions caused by the attacker is deep block re-orgs, that cause exchanges like Kraken to increase deposit times for Monero (details also in post above).
One of the solutions proposed to resolve this issue is to record somewhere that a block is accepted, and it should not be changed in the future. Something that says, we solemnly declare that this block is in its final state, and we won't change it anymore.

Of course, we are not going to the city hall for that, we need a way to do it in a decentralized and trust-less way. But wait, we actually already have a solution for the problem of aligning different actors that have trouble communicating and agreeing on things, in a decentralized way: a blockchain. We could use a blockchain to say that this or that Monero block is finalized and no block re-org can change it.
If we go with that option, it needs to be a different blockchain, it needs to generate blocks faster than the Monero network, and it needs to be secure enough for this use case (for example, that blockchain should not itself have many deep block re-orgs).
Considering this, POW blockchains tend to have longer block times and might be just as susceptible to block re-orgs. More info in this lemmy post.

This is where Proof of Stake comes in as an option for a place to record that a given Monero block is finalized.
There are many things to consider before jumping into this, but this is the general idea.

That discussion is not about moving Monero to a Proof of Stake model with anointed super validators that can punish bad miners, and that will soon start judging and punishing naughty users too.
That is an entirely different thing and nobody is seriously considering doing that.

The PoS finality layer is just one of the options on the table to fix issues on the network. It isn't even the easiest or fastest to implement if we just want to deal with the current situation.

Another important point is that even in the scenario of a PoS finality layer, RandomX stays. This finality layer thing is not about making Monero a PoS coin, it's about using some other PoS to record things about the POW RandomX Monero as we know it currently.

All the options need to be considered and feel free to post your ideas here or on GitHub or on the Monero Research Labs chats. The worst thing that could happen is that only very few people learn and participate in those discussions and people like you and me exclude ourselves from the discussions because we don't know enough about it.

There is something that is clear though, some parts of the network are not yet completely ready for attacks by annoyed state actors. Right now the attacker does not seem like the proxy of very annoyed actors, and we have time for some adaptations. We might not have that much time during the next attacks, so we also need to chose solutions that will be useful in that scenario.

So, what do you think of using a PoS finality layer for Monero ?

Personally I think that if you directly apply these conditions for a PoS finality layer, you end up on the bright idea of using something like Ethereum or Litecoin. The Monero community does NOT want to have to rely on ETH or LTC for security. That would feel like a huge blow and a huge let-down…

But yeah, if need be, for me, this is still a perfectly acceptable temporary solution.