Paper 2019/455

FloodXMR: Low-cost transaction flooding attack with Monero’s bulletproof protocol

João Otávio Massari Chervinski, Diego Kreutz, and Jiangshan Yu


Monero is one of the first and most popular cryptocurrencies to address privacy issues of other crypto coins such as Bitcoin. Monero has a market capitalization of over one billion US dollars, and is ranked the 12th most valuable cryptocurrency on CoinMarketCap (17 April 2019). This digital coin provides different mechanisms to protect its users, such as decoy keys or mixins to obfuscate transaction inputs. However, in spite of the efforts to protect Monero’s users privacy, transaction tracing attacks are still feasible. Our contribution is twofold. First, we propose and evaluate a new traceability attack, called transaction flooding attack (FloodXMR). Second, we present an analysis of thecosts required for an attacker to conduct FloodXMR. We show how an attacker can take advantage of Monero’s Bulletproof protocol, which reduces transaction fees, to flood the network with his own transactions and, consequently, remove mixins from transaction inputs. Assuming an attack timeframe of 12 months, our findings show that an attacker can trace up to 47.63% of the transaction inputs at a cost of just 1,746.53 USD. Moreover, we show also that more than 90% of the inputs are affected by our tracing algorithm.

Available format(s)
Publication info
Preprint. MINOR revision.
Contact author(s)
joaootaviors @ gmail com
2019-05-10: received
Short URL
Creative Commons Attribution


      author = {João Otávio Massari Chervinski and Diego Kreutz and Jiangshan Yu},
      title = {{FloodXMR}: Low-cost transaction flooding attack with Monero’s bulletproof protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2019/455},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.