Introduction to MoneroV and its Inherent Risks
The “MoneroV” coin is an impending unofficial fork of the Monero blockchain with many “red flag” characteristics that have alarmed the Monero community. Many users are wondering: could the MoneroV fork be a scam project? This article discusses risks for individuals claiming MoneroV, and describes how MoneroV opens an attack vector on the overall privacy of the Monero network itself.
Types of cryptocurrency forks
The word “fork” is an umbrella term that describes several distinct processes the cryptocurrency world, each with different goals and consequences. Three key fork types include:
- Scheduled hard forks known as "network upgrades" - The Monero developers plan “hard forks” twice per year to update protocols for the network and end users. These non-contentious forks are quickly adopted by the Monero network and proceed along the same blockchain without creating a new type of coin.
- Code fork - When source code from one cryptocurrency is copied and modified for other purposes, this is referred to as a “code fork.” Often, these are simply rebrandings that offer no substantive changes besides the name. Examples of different cryptocurrencies created from code forks of Monero include Electroneum, Aeon, and Sumokoin.
- Blockchain fork - If the blockchain is also cloned in a code fork, then it is referred to as a “blockchain fork.” The original blockchain proceeds unmodified, and the forked version diverges at the point of launch, typically specified by a block number. MoneroV is a blockchain fork, and the implications of this type of split will be discussed later.
Monero: routine network upgrades
Other cryptocurrencies often attract media coverage of dramatic contentious hard forks, such as the spectacularly divisive Bitcoin Cash/Core split in late 2017. In contrast to these sensational ideological battles, the biannual scheduled Monero hard forks are simply universally-accepted periodic software updates.
These standard hard forks require updates to the entire Monero infrastructure: nodes, miners, and end-user wallets. Nodes reject connections from defunct software, so users are required to upgrade their wallets alongside the rest of the network. This policy of strictly enforcing the forks ensures that the Monero technical ecosystem is always globally up-to-date for optimal security, performance, and privacy. Thankfully, transactions broadcast from outdated software are simply ignored, so there is no risk of accidentally losing funds by missing an update.
The next routine hard fork for Monero is scheduled for block height 1539500, which will occur around 6-April 2018. The fork will force the network to update to the next version (the 0.12.0) with many improvements, such as:
- Adjustments to CryptoNote mining algorithm to avoid centralization and respond proactively to rumors of possible Monero application-specific integrated circuit (ASIC) miners - Pull request
- Multi-signature transactions, which are important for business adoption. - Pull request
- The ability to generate subaddresses, a privacy feature that allows users to receive funds without having to reveal their public address - Pull request
- A patch for fixing MoneroV key reuse issues described below - Pull request
The risky MoneroV blockchain fork
An unknown development team is launching a fork of the Monero blockchain at block 1564965, which will be mined around 30-April 2018 (postponed from original schedule for block 1529810 in mid-March). The official MoneroV website proudly declares that it provides a secure, private, scaleable currency. Sadly, these “MoneroV features” were simply appropriated from Monero, without meaningful improvement.
Monero wallets with a non-zero balance at the time of the blockchain fork are able to claim “free” MoneroV later at a 10:1 ratio (for example, if you hold 0.846 Monero during the snapshot at block 1564965, you can claim 8.46 MoneroV afterward). This is appealing at face value, but we should recall the adage that “there is no such thing as a free lunch.” What is the cost here? Unfortunately, MoneroV comes at the price of reduced privacy for both the Monero network and its users.
MoneroV is widely regarded as an attack on the Monero network.
MoneroV’s duplication of Monero’s blockchain introduces several potential attack vectors. Users intending to claim MoneroV must transfer their Monero private keys/seed into new software. Phishing attempts and scam wallets are inevitable, and many users will be enticed to enter their keys into closed-source software.
This is a huge risk, and users should never trust closed-source software with their Monero keys, even if it is MoneroV’s “official” application. In the cryptocurrency world, it is crucial to always use open-source software that has been externally-audited to eliminate potential for malicious code or accidental bugs to result in loss or theft of funds.
At the time of writing this article (10-March 2018), the MoneroV team has not released any source code for public analysis or independent audit. Do not be tempted to use third-party websites or applications promising access to your MoneroV and always remember the most important rule for securing any cryptocurrency:
NEVER REVEAL YOUR PRIVATE KEYS UNDER ANY CIRCUMSTANCES
A separate network-wide threat stemming from MoneroV’s duplication of the Monero blockchain is due to cryptographic privacy features that are damaged by users who spend the same funds on both chains. Each Monero transaction generates a “key image” that secretly encodes the amount of Monero transferred and the public address of the true sender. These key images typically protect transaction anonymity while preventing “double-spending” attacks and illegitimate attempts to inflate the Monero supply with fake coins. It is dangerous to claim MoneroV because these key images will be identical on both chains, which can be exploited to reveal the true sender of both transactions.
This reduction in privacy allows Monero (and MoneroV) transactions to be linked in a manner that is not typically possible. The negative ramifications extend far beyond the individuals that use both chains, since any user on either chain may unknowingly employ compromised transactions as decoy ring members. Key image reuse is a complex topic, and Justin Ehrenhofer has shared a very interesting and approachable 20-minute introduction that includes precautions users can take to protect their privacy when transacting after the fork.
Users contemplating the above issues often conceive schemes for moving or churning their Monero to mitigate the risks from seed/key exposure and key image reuse. Many have asked, “If I move all my Monero to a different wallet after the fork, I can claim my free MoneroV without risk, right?” Unfortunately, this does not help with either issue or protect the user, since the keys and key images will still match regardless of the timing.
In addition to the above security risks, potential users should be aware that MoneroV includes a large “premine” for the development team, which is often a red flag for scam cryptocurrencies. Since the MoneroV software is not released in advance, the only miners immediately after the fork will be the the development team; this means that they will control 100% of the hashing power, and collect all of the block rewards.
The first block of the forked blockchain is customized to instantly premine almost 8 million MoneroV that will be rewarded directly to the development team. By the time the public has access to the MoneroV network, the development team will hold more than 5% of the total coin supply limit. This degree of centralization is unacceptable, and is often driven by a greedy desire to self-finance important features such as vacations to the Caribbean.
The MoneroV development team will manage 5.859375% of the total supply of MoneroV coins, using it to enhance the development of all future works.
Users should remember that MoneroV is not in any way affiliated with the Monero team, and attempts to interact with the forked chain are dangerous for both individuals and the network. Monero contributors (such as myself) are moving rapidly to put safeguards in place to minimize attack vectors against Monero’s privacy due to blockchain forks. Monero developers have already released a patch to address some of the privacy issues, which can be downloaded here.
After reviewing the inherent privacy issues arising from MoneroV’s blockchain fork and the troubling decisions made by the development team, I strongly suggest that you do not invest your time or money into MoneroV. The percentage of recent transactions that have been compromised by MoneroV will probably be highest just after the split, so it would be wise to wait a few days post-fork for non-urgent or highly-sensitive transactions.
Steer clear of its temptation, and be very wary of the multitude of independent scam wallets and phishing attacks that will accompany its launch. If you receive suspicious messages about the MoneroV fork, report them to the Monero community and appropriate moderators.