How Chainalysis Made Their Way into Popular Monero Wallets ​

submited by
Style Pass
2024-09-09 21:00:06

A now-deleted and actively censored training video from Chainalysis — a blockchain analysis company — revealed Monero RPC logs, seemingly from a popular public Monero "node" called node.moneroworld.com. Many wallets like Cake Wallet and Monerujo include it in their list of default public nodes. In this post we will explain how Chainanalysis's malicious nodes were given to users choosing the public node node.moneroworld.com and the dangers of dangling DNS records of decomissioned Monero nodes.

node.moneroworld.com is not an actual Monero node. Instead, the domain has numerous A records pointing to other Monero node IPs. The domain is controlled by the trusted community member Gingeropolous who decides which nodes to add or remove from the Round-robin DNS.

node.moneroworld.com at port 18089 - I point this one to whatever I think is best at the time being. Currently, its a small cohort of trusted monero community members.

Leave a Comment