{"ID":6138111,"CreatedAt":"2026-07-09T01:07:32.349475501Z","UpdatedAt":"2026-07-11T06:37:20.630262841Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2607.07062","arxiv_id":"2607.07062","title":"Deanonymizing Monero Transactions in Tor Network","abstract":"Monero is a privacy-focused cryptocurrency that deploys the Dandelion++ protocol and incorporates anonymity networks (such as Tor and I2P) to prevent malicious attackers from linking transactions with their source IPs. In this paper, we demonstrate that Monero's integration of the Tor network introduces a fundamental vulnerability: a Monero Tor node's originated transactions are exclusively forwarded to two outgoing Tor hidden service nodes (proxy nodes) prior to clearnet propagation, enabling an adversary to capture originated transactions by occupying the target node's outgoing connections. Based on this observation, we propose \\textit{ProxyMark}, a three-stage deanonymization framework for the Monero Tor network, comprising node role identification, originated transaction identification, and node location deanonymization. Through experiments on the live Tor network, Monero mainnet, and testnet, we empirically demonstrate the effectiveness of \\textit{ProxyMark} in successfully deanonymizing transactions originating from Monero nodes over Tor.","short_abstract":"Monero is a privacy-focused cryptocurrency that deploys the Dandelion++ protocol and incorporates anonymity networks (such as Tor and I2P) to prevent malicious attackers from linking transactions with their source IPs. In this paper, we demonstrate that Monero's integration of the Tor network introduces a fundamental v...","url_abs":"https://arxiv.org/abs/2607.07062","url_pdf":"https://arxiv.org/pdf/2607.07062v1","authors":"[\"Ruisheng Shi\",\"Shihan Zhang\",\"Yulian Ge\",\"Lina Lan\",\"Qingfeng Zhang\",\"Qin Wang\"]","published":"2026-07-08T06:40:01Z","proceeding":"cs.CR","tasks":"[\"cs.CR\",\"cs.ET\"]","methods":"[]","has_code":false}
