WARNING: The CashFusion server is currently experiencing an anomaly

EDIT: Seems that the situation is not as worrisome as first believed.

u/imaginary_username informs us in a comment below that:

If those are less than a few hours ago, they're likely result of me and /u/jonald_fyookball testing with lowering participation safeguards - don't panic.

Basically: The fusion server has safeguards in place to make sure there are a minimal number of participants (else the whole thing is dropped), to prevent denonymization attacks. We've been under a constant DoS (where participants drop out at covert submission stage, making successful fuses difficult) - we don't know whether it's accidental or deliberate - for a couple days, and we're testing if dropping that safeguard for a bit does anything.

It did, so whoever is DoS'ing ain't doing it with overwhelming force.

TL;DR Good news is those tx are not bad actors denonymizing you, it's us testing. The bad news is we still don't have a good solution against the DoS itself, stay tuned. :/

Edit: The limits are already back up, so no further "low participation" txs that look like denonymization attacks shall be made.

"Original" post below:

___________________________________________________________________________

My personal recommendation to CashFusion users whose need for privacy is...

HIGH: Turn off CashFusion immediately.

MEDIUM: Keep CashFusion running, but to be safe do not trust recent (i.e. maybe the last one week or so) CashFusion transactions to fully protect your privacy.

LOW: Keep CashFusion running. I suppose people who fall into this category can continue using their Electron Cash wallet as normal.

Over the last few days, CashFusion users have noticed a lot of fusions failing. Some have speculated that the CashFusion server may be experiencing a denial-of-service attack, i.e. a malicious actor may be making spurious requests to the server. Alone, a denial-of-service attack would probably only reduce the number of fusion transactions rather than result in any risk to user privacy.

However, in the last few hours there have been a few anomalous transactions that may indicate a de-anonymization attack. Specifically, the number of inputs and outputs of recent CashFusion transactions has fallen way below normal. You can check this live at https://stats.cash/#/fusion

In order for CashFusion to work, the average number of inputs and outputs should be roughly 60. A few recent transactions have had inputs and outputs in the single digits. The short-term average of inputs and outputs has not fallen this low since January 2021. I am working on packaging my statistical analysis better for laypeople to understand, but the bottom line is that this is very unusual and a cause for concern. [Posting now, will continue to add in a moment...]

Initial post:

Thanks to u/saylor_moon for noticing the anomaly immediately. I am not sure if it is actually a malicious attack or something else is happening, but something has definitely gone wrong. I will update this post momentarily....

submitted by /u/Rucknium
[link] [comments]

from Bitcoin - A Peer to Peer Electronic Cash System https://ift.tt/39L42a0