Privacy at Serious Risk

Cryptocurrency world these days is facing a turmoil as the biz world is flooded with the news of the imposition of stringent laws from central authorities on the crypto-market.

Considering latest happening in the market, Estonia underwent a humiliating blow to its much anticipated and overhyped ID cards, as the same was hacked just before it's hosting a big EU exercise on cyber welfare. However, something virtuous had started with few such incidents, as now cyber securities are not only more active in the direction of cyber financial crimes, but have planned on observing server activates (already started), which resulted into exposure of many names who used this mode of financials conducting for the wrong purposes, like drugs and more.

Dash is one of few major names which has been highlighted via this procuress, which shows how vulnerable these so called transparent and tenable cryptocurrency is, on the contrary Dash have been claiming. Some arrests have been made by the Estonian police but identity of the arrested individuals haven’t been disclosed yet. In fact, to assist you understand all of this better, we have explained below the same in best possible manner.

What is DASH?

According to DASH’s website:

“Dash (DASH) is a privacy-centric digital currency with instant transactions. It is based on the Bitcoin software, but it has a two tier network that improves it. Dash allows you to remain anonymous while you make transactions, similar to cash.”

What is this Darksend feature?

DarkSend is the feature on DASH’s network which enables anonymous transactions for the users. Kindly review DASH’s description of their "Darksend" feature on their website:

“Darksend is the feature that gives Dash users full privacy when they use it.”

The DASH team claims that their ‘DarkSend’ has some add-on features which makes the transactions of DASH user more private and completely secure.

Let us explore the basics of CoinJoin:

“Darksend uses the fact that a transaction can be formed by multiple parties and made out to multiple parties to merge funds in a way where they can’t be uncoupled after that. Given that all Darksend transactions are setup for users to pay themselves, the system is highly secure against theft and users coins always remain safe.”

CoinJoin is an efficient system which enables decentralized mixing of the users’ coins. Users can transact together in the same CoinJoin transaction, thereby making it difficult for an outsider to decipher the transactions, that is, which output belongs to which input.

How is this mixing done?

Joinmarket is a feasible decentralised application of Coinjoin on Bitcoin. Decentralised mixing performed in Joinmarket involves no central server to find counterparties for mixing. Whereas DarkSend is a different implementation of Coinjoin on the DASH network. All the DarkSend-users rely on a master nodefor this mixing. Here the master nodes log the inputs and outputs to de-anonymous the users’ transactions.

Now here’s the flaw:

Most of the master nodes are hosted on cloud hosting services, that is, third- party servers. If one wishes to access these logs, then one can do that as no ownership is required for this access. Hence it makes the master node logs completely accessible to anyone who demands it, making it easier for any central authority to snoop on DASH transactions database of users without their knowledge. And this may have been the cause of what occurred in Estonia.

The DASH team completely ignores this risk, reassuring its users with the chained mixing concept:

At set intervals, a user’s client will request to join with other clients via a Masternode. Each Darksend session can be thought of as an independent event increasing the anonymity of user’s funds. To increase the quality of anonymity provided, a chaining approach is employed, which funds are sent through multiple Masternodes, one after another.

Dash team’s claim on chained mixing to be a secure mechanism is completely false: Consider an adversary having access to multiple master node logs. Now answer this-- Which one is more private, someone who does a single mixing in an entire day or a person who performs seven mixing in a row? The first one is more secure. Let me explain. If an adversary owns 2 out of 7 master nodes, it becomes easier to undo the mixing due to the low liquidity in the DASH system.

This is what makes the DASH’s so called decentralised mixing concept way more insecure for its users.

DASH’s selective approach towards system exploits

Dash developers have been following a selective approach towards resolving the existing exploits in the ecosystem. Recently an exploit was detected in their Instant Send feature. The Dash developers responded timely and brought the system to a halt else this exploit would have hampered the whole DASH’s network.