YACL Talk | Oct 3, 11:00am | Friedhelm Victor, TRM Labs - Friend or Foe? Identifying Anomalous Peers in Monero's P2P Network
Aviv Yaish
Friedhelm Victor, TRM Labs
Title: Friend or Foe? Identifying Anomalous Peers in Monero's P2P Network
Abstract: Monero, the leading privacy-focused cryptocurrency, relies on a peer-to-peer (P2P) network to propagate transactions and blocks. Growing evidence suggests that non-standard nodes exist in the network, posing as honest nodes but are perhaps intended for monitoring the network and spying on other nodes. However, our understanding of the detection and analysis of anomalous peer behavior remains limited. This paper presents a first comprehensive study of anomalous behavior in Monero's P2P network. To this end, we collected and analyzed over 240 hours of network traffic captured from five distinct vantage points worldwide. We further present a formal framework which allows us to analytically define and classify anomalous patterns in P2P cryptocurrency networks. Our detection methodology, implemented as an offline analysis, provides a foundation for real-time monitoring systems. Our analysis reveals the presence of non-standard peers in the network where approximately 14.74% (13.19%) of (reachable) peers in the network exhibit non-standard behavior. These peers exhibit distinct behavioral patterns that might suggest multiple concurrent attacks, pointing to substantial shortcomings in Monero's privacy guarantees and network decentralization. To support reproducibility and enable network operators to protect themselves, we release our examination pipeline to identify and block suspicious peers based on newly captured network traffic.
Bio: Friedhelm is a Research Scientist at TRM Labs, a blockchain intelligence company that helps financial institutions, businesses and government agencies detect and investigate financial crime and fraud. He has completed a doctoral degree at Technische Universität Berlin in 2022, and has gained several years of experience analyzing financial transaction networks in both traditional finance and modern cryptoasset networks. Most of his research works involve blockchain-based cryptoassets and the Ethereum network. More generally, he is interested in: Complex Network Analysis and Empirical Measurement Studies, Cryptoasset Analytics and Forensics, Financial Crime Detection, Underground Marketplaces, Web and Mobile Privacy, Open Source Intelligence (OSINT). Prior to completing a doctoral degree at Technische Universität Berlin, he has completed a Dual Master Degree in Computer Science at TU Berlin and at the Korea Advanced Institute of Science and Technology.
Livestream: https://yale.zoom.us/j/95935631837?pwd=oVgd6ntVnr1wlG0OrnKlqpa58YOKRF.1