3

I am pretty new to this crypto currency. My question is that what all information can be found, if we only know a malicious user's Monero wallet address?

  1. Can I check this Monero wallet balance? If so, how?
  2. Can I check who (wallet address) deposited to this wallet address? if so, how?
  3. Can I track to which wallet the owner withdraw the monero from this wallet address? if so, how?

@JollyMort, Adding one more question:

  1. Today all these Ransomware attacks ask the ransom in the form of Bitcoin. In this case authorities can trace to which exchange this bitcoins are ending up (justing using the wallet address of the attacker) . So are you saying that if the ransomeware people ask for Monero coins instead of Bitcoin, authorities are in trouble? That the authorities cannot track in which exchange the ransom (Monero) coins ended up?

Thank you so much,

Karthik k
  • 3
  • 1
Karthik
  • 31
  • 2

2 Answers2

3

  1. No.

  2. No. Naturally, you can only know about what you sent to that address. You can't know whether that address ever received anything else from the side. When the target spends what you sent to them, you won't be able to tell if it was your target who did the spending or someone else who just happened to include output of your TX as his "decoy" input (look up how ring signatures work) - you can only make a guess, with no way of telling if it's right. However, if the target combined what you sent to it together with something which came from someone else in the same TX, you could make a following guess: maybe your target spent what you sent it and if so maybe he combined it with something he received from elsewhere.

  3. No. Sending back to the same wallet or to another wallet looks exactly the same and can't be linked to any address (look up how stealth addresses work)

Here's a simple explanation of the mechanics: Simple explanation of Monero mechanics - how does Monero work?

JollyMort
  • 19,934
  • 3
  • 46
  • 105

  • This way you could tell he maybe received something else << I don't think you could possibly know about anything, including whether he maybe received something else or not. Or am I mistaken?

     – kenshi84 Sep 05 '17 at 06:40
  • I send something to you, and later you send a TX with 2 input rings. I see my output appear in one input ring but not in the other ring. Therefore it's either someone else doing the spending, or you had something else in your wallet which didn't come from me. – JollyMort Sep 05 '17 at 07:06
  • Isn't that already explained in the previous sentence >>When the user spends ... as his "decoy" input<<? The last sentence sounds a bit misleading to me, as if one could "tell" anything. One can only "guess" anything, but never "tell". – kenshi84 Sep 05 '17 at 07:13
  • That's one part of it - guessing whether or not you spent what I sent you. But if you consider that a TX can have more than 1 input ring, the 2nd input ring would present a deniable possibility that you spent something else alongside what you got from me. That's the purpose of ring signatures as described in CN WP, to prevent what they label as linkability. Ie, by spending something I sent you together with something soemone else sent you, I can't know which is the 2nd input. Some random observer can't link together any 2 inputs in a TX since there's NxN plausible pairs for 2 input rings. – JollyMort Sep 05 '17 at 08:20
  • I'm still confused. By saying >>the 2nd input ring would present a deniable possibility<< do you imply that you wouldn't get a deniable plausibility if there weren't for the 2nd ring? I don't understand what difference it makes if the input has 1 ring or 2 rings. The purpose of ring sig is to obfuscate the source of the input (i.e., untraceability), while the linkability issue is addressed by the stealth addressing scheme. – kenshi84 Sep 05 '17 at 08:33
  • Lol sorry I meant traceability. The 2nd input ring reveals something more to me because if I don't recognize any of inputs in that ring I could guess that's some funds you had on the side and which didn't come from me. Because the 1st ring has my output I could guess it could be you doing the TX. Because the 2nd ring DOESN'T have my outputs, it makes me guess that if it's you doing the TX then you're also adding some unknown funds to the TX. – JollyMort Sep 05 '17 at 08:42
  • Now I understand what you're saying, but still the current answer for the point 2 seems quite misleading, especially given that the original question was only assuming >>we only know a malicious user's Monero wallet address<<. On a different assumption that Bob (a victim) sent funds to Alice (a malicious user) twice, and Alice spent those two outputs from Bob in the same tx, then Bob can quite confidently guess (but not tell) that Alice might have spent those outputs. I guess your answer needs some rewording to avoid misunderstanding. – kenshi84 Sep 05 '17 at 08:51
  • Sure. And if you have a target address you could send a small amount to it to "mark" it and then try to get as much info from that as possible. If the target is careless, you just exposed it to EABE weakness :) – JollyMort Sep 05 '17 at 08:53
  • I guess this topic deserves another SE question :) – kenshi84 Sep 05 '17 at 08:56
1

No, no and no. Monero is inherently private. Look for more information with keywords like: stealth address, ring signature, confidential transactions etc.

kenshi84
  • 2,475
  • 1
  • 13
  • 31