The privacy coin Grin has seen its privacy features being questioned lately. According to Ivan Bogatyy, who wrote a blog post called Breaking Mimblewimble’s Privacy Model, the privacy model used by the protocol is mainly flawed. He claims to have found a way to use Amazon’s Web Services (AWS) to uncover the addresses of people using the cryptocurrency in 96% of the transactions.
Bogatyy suggests that this may be an inherent problem of the system and that there is no fix for it, which would cast some doubt on whether Mimblewimble could be considered a good alternative to cryptos such as Zcash and Monero or not.
The main issue with the network is that the protocol sets the anonymity of all transactions on the same level, which enables people to track transactions easily by using just a single address. While each node should not connect to more than 8 nodes, Bogatyy was able to connect his node to the whole network, which created a supernode and allowed him to see the transactions.
Despite proving the flaws, Bogatyy affirmed that Grin still was more private than Bitcoin, just not as private as people would like to think. When compared to solutions with a proven track record such as Monero, Grin was insufficient.
Is the technology behind the Mimblewimble protocol salvageable, though? Bogatyy believes that this depends on some factors. It is important, for instance, to know that the protocol has some unique properties, but it needs to be combined with other technologies to really achieve privacy.
If Grin is to remain as an attractive alternative in the privacy coin field, it has to upgrade its technology and find a way to fix these serious flaws.