Grin Price Crashes on 'Inaccurate' 'Broken Mimblewimble' News
In the past 24 hours, Grin (ranked 127th by market capitalization) dropped 16.8%, though it appreciated 6.8% in the past week. It started dropping on November 18th, and at the moment of writing (UTC 9:15) it trades at USD 1.26. Beam (ranked 145th) too has fell 11.6% in 24 hours and 4.31% in a week, now trading at USD 0.61.
Yesterday, Ivan Bogatyy, a venture capitalist at Dragonfly Capital, published a report titled “Breaking Mimblewimble’s Privacy Model,” making a key claim that: “Mimblewimble’s privacy is fundamentally flawed. Using only USD 60/week of AWS spend, I was able to uncover the exact addresses of senders and recipients for 96% Grin transactions in real time.” He added that this is a problem inherent to Mimblewimble, which is likely unfixable, and that it shouldn’t be considered “a viable alternative to Zcash (ZEC) or Monero (XMR) when it comes to privacy” any longer.
However, Monero has also issued a security warning:
Meanwhile, the reactions to the Mimblewimble news were swift. Emin Gün Sirer, CEO of Ava Labs, which created the decentralized services platform Ava, called the report an “excellent attack on the MimbleWimble protocol.”
Bitcoiner and developer Udi Wertheimer also commented on people’s defense of Mimblewimble according to which this is a known attack. “Sure. People who know mimblewimble intimately knew about it and mentioned it a lot,” he says. “But still, no one executed it to empirically show how effective it is, which means most people still didn’t know about it. […] The fact is that most people still thought it offers unique privacy properties.”
What Wertheimer is talking about, for example, is a blog post published by Grin developer Daniel Lehnberg, according to which Bogatyy’s report is inaccurate. “The described “attack” on Mimblewimble/Grin is a misunderstanding of a known limitation,” and “the results presented do not actually constitute an attack, nor do they back up the sensationalized claims made,” Lehnberg writes. Instead, it’s “the well-documented and discussed transaction graph input-output-linkability problem,” familiar to the Grin team and anyone who has studied the Mimblewimble protocol, the developer claims.
Another Grin developer, David Burkett, tweeted that it’s a “Really awesome write-up, but none of this is "news." I'm actually surprised only 96% was traceable. There are a number of ways to help break linkability in Grin, but none are implemented and released yet. As I always say, don't use Grin if you require privacy - it's not there yet.”
Another person to have allegedly known about this is Litecoin (LTC) creator Charlie Lee, who announced a collaboration with Mimblewimble back in February, as Litecoin has become privacy-focused, and who’s been defending their partner on Twitter.