If you’re going to buy Dero, first learn how Monero works and how it was compromised.
And why Dero is worth at least $3bn market cap today.
How They Broke Monero
Monero is a UTXO blockchain where UTXO balances are hidden with Pedersen commitments. UTXOs in Monero are called TXOs and they can be spent only once. When a TXO is spent then the key image of that TXO is included in the input side of the transaction. To maintain privacy however, Monero mixes that TXO with 15 other TXOs so you don’t really know what TXO that key image belongs to. This part of the tech is known as “RingCT”.
Data aggregation between CEXes and chain analytics firms like Chainalysis is how they broke monero. The process is very simple and straightforward to understand. Monero doesn’t have smart contracts so trading always goes through 3rd parties. Third parties such as exchanges or OTC desks generate a lot of TXOs as they process user withdrawals and deposits. Every quarter they also report all the TXOs they use (with their respective key images) to Chainalysis. As a result, Chainalysis today controls/knows so many TXOs that most of the time it can filter out all decoys by exclusion. Chainalysis has a tool for this that can be seen in action in their recently leaked IRS presentation from August 2023. This Chainalysis tool obliterates RingCT and as a result removes sender privacy from Monero.
Beware that while CEXes have likely played a central role in deanonymizing Monero to this day, key image analysis does not require offchain metadata and can be performed by analyzing onchain metadata as well. By identifying related TXOs one can unmask key images whenever these TXOs appear together in multi-input transactions. For an in depth explanation of how this would work and how with an AI tracing monero becomes a trivial task, I recommend reading this article.
Monero also has no receiver privacy by default. For every transaction we often see 2 output TXOs, one of these belongs to the receiver and the other is the sender’s change. By analyzing other onchain metadata the receiver TXO can be unmasked and traced further. So thanks to Chainalysis’s tool, in combination with Monero’s lack of receiver privacy, one can now trace a transaction output just like in Bitcoin. Hop after hop.
How Dero is different
Dero uses the account model and all user accounts are updated homomorphically. In each Dero transaction we have a ring of potential spenders and a ring of potential receivers. So Dero has both sender and receiver privacy. Moreover, Dero doesn’t use key images, so there is no way to know if an account A is the actual spender or just decoy (in a transaction where it appears among inputs). And contrary to Monero, even if we know that account A was a spender in a transaction T we still can’t tell if it’s decoy or spender in other transactions where it appears among spender inputs. Because contrary to Monero there are no key images and accounts are updated homomorphically so they can spend more than once. In Monero a TXO can be spent only once, and when spent the key image is published. So once we find the transaction where a TXO is spent (eg: because an exchange gave us that information) we can rule out that TXO as decoy in all other transactions where it appears among inputs. Therefore Dero accounts, contrary to Monero TXOs, are immortal as decoys. They can never be burnt.
Finally, Dero also has smart contracts, so contrary to Monero it doesn’t rely on centralized third parties. Because of this, even though statistical analysis is always a risk, it is by design contained and minimized by smart contracts that make possible trustless and peer to peer interactions between user accounts.
Dero’s bug
Dero’s current iteration is still in alpha. In May 2024 a bug was found, and irresponsibly disclosed. In the heat of the moment it was difficult to tell what the bug impacted, but with time we have gained clarity and despite this bug Dero is still more private than Monero today. The bug affects amount and receiver privacy but doesn’t affect/deanonymize senders. As a result, even though we can see when someone receives money, we can’t really know when they are spending it. So despite this bug, multi-hop tracing like in Monero is still not possible on Dero because of sender anonymity that is maintained. Multihop tracing is also not possible even if we combine the bug with the 1 million Dero spam accounts that were registered in 2022. Someone with a list of such accounts can narrow down or unmask the sender in some transactions, but that’s still not enough despite the small size of the network (all it takes is one real decoy to break the hop chain). On Monero, tracing by decoy elimination is possible at scale. This is proven by the leaked Chainalytics video.
Wrap-up
Dero’s team may be close to releasing a network upgrade that will, among others, patch the bug. Monero’s issues are unfixable because they stem from the underlying UTXO accounting model. Monero can’t give up its accounting model, and can’t add smart contracts. Dero, on the other hand, consists of homomorphically updated accounts and has a VM (smart contracts). These maintain privacy even in a worst case scenario such as that of a bug like the one discovered in May. Considering the conspicuous gap in tech, it’s only reasonable to see the valuation gap close in the coming months/years.
NB: Dero’s current market cap is $20M. Monero’s current market cap is $3Bn.
