MimbleWimble, the Harry Potter inspired protocol that Litecoin is integrating to become a privacy coin, is in the spotlight but for all the wrong reasons. Ivan Bogatyy, a venture capitalist with Dragonfly Capital, has published a report drawing attention to a security flaw in MimbleWimble’s privacy model. According to Bogatyy, the “attack traces 96% of all sender and recipient addresses in real time.” Privacy, however, is a complicated issue, especially when it comes to cryptocurrencies.
The timing couldn’t be worse. Grin, which is an implementation of the MimbleWimble protocol, in recent days received an anonymous donation of 50 BTC from an early bitcoin coinbase to its General Fund (nobody is saying anything about Satoshi Nakamoto.) That may have placed a target on the project’s back. And while the contents of the report are troubling, the author calls it a new attack, while in truth it’s something that the Grin dev team and Litecoin Creator Charlie Lee have known about. Not only that, but Lee seems to offer a working solution.
MimbleWimble is the most exciting thing to happen to Litecoin in a long time. Since Charlie Lee announced the shift in focus to privacy, it turned the crypto community’s attention away from him and the fact that he divested his LTC holdings and toward the future direction of the project.
Litecoin recently tapped Grin++ developer David Burkett “to add MimbleWimble support to the Litecoin network.” In doing so, users can opt-in to confidential transactions in which the value of such transactions would be more difficult to trace. Without MimbleWimble, Litecoin would go back to being bitcoin’s younger brother.
Meanwhile, other members of the crypto community are piling on in the wake of the vulnerability report. Emin Gun Sirer, who is behind Ava Labs, which uses the Avalanche protocol, called it an “excellent attack on the MimbleWimble protocol.”
“Mimblewimble hides transaction amounts but does not provide anonymity. If you expect it to provide anonymity, you should adopt your expectations instead of claiming an attack.”
Last modified: March 4, 2021 2:41 PM