Risk of asynchronous protocol update: attacks to Monero protocols

Dimaz Ankaa Wijaya, Joseph K. Liu, Ron Steinfeld, Dongxi Liu

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

3 Citations (Scopus)


In a cryptocurrency system, the protocol incorporated in the node application runs without human intervention. Cryptographic techniques are implemented to determine the ownership of the coins; they enable the owners to transfer the ownership of the coins to other users. Consensus protocols are employed to determine the source of the truth of the information contained in the public ledger called blockchain. When the protocol needs to be updated, all nodes need to replace the application with the newest release. We explore an event where an asynchronous protocol update opens a vulnerability in Monero nodes which have not yet updated to the newest software version. We show that a Denial of Service attack can be launched against the nodes running the outdated protocol, where the attack significantly reduces the system’ performance. We also show that an attacker, given a sufficient access to cryptocurrency services, is able to utilise the Denial of Service attack to launch a traceability attack.

Original languageEnglish
Title of host publicationInformation Security and Privacy
Subtitle of host publication24th Australasian Conference, ACISP 2019 Christchurch, New Zealand, July 3–5, 2019 Proceedings
EditorsJulian Jang-Jaccard, Fuchun Guo
Place of PublicationCham Switzerland
Number of pages15
ISBN (Electronic)9783030215484
ISBN (Print)9783030215477
Publication statusPublished - 2019
EventAustralasian Conference on Information Security and Privacy 2019 - Christchurch, New Zealand
Duration: 3 Jul 20195 Jul 2019
Conference number: 24th
https://link.springer.com/book/10.1007/978-3-030-21548-4 (Proceedings)

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceAustralasian Conference on Information Security and Privacy 2019
Abbreviated titleACISP 2019
Country/TerritoryNew Zealand
Internet address


  • Denial of Service
  • Monero
  • Traceability
  • Transaction pool

Cite this