Rucknium's analysis exposes negative effects of ~43K 'Mordinals' on privacy of Monero users

Rucknium¹ has posted his analysis² of the empirical privacy impact of Mordinals (Monero NFTs)³, revealing the extent to which Monero user privacy can be reduced when their transaction outputs are included in normal transaction ring signatures as decoys:

Average effective ring size fell to 12.5 at its lowest point. Nominal ring size is 16. [..] the “unluckiest” 5% of rings had an effective ring size of 9 or lower for two days in late March. [..] 43,083 Mordinals were minted between March 10 and April 11, 2023, according to my count. The sum of fees paid by these Mordinal minting transactions was 7.47 XMR. These transactions placed 370 megabytes of data onto the Monero blockchain.

Rucknium noted that without a hard fork or the cooperation of the overwhelming majority of network nodes and mining pools, the recently introduced patch⁴ (Monero 0.18.2.2⁵) limiting the maximum size of tx_extra will not prevent Mordinals with low-resolution images that fit in the 1060 byte limit being relayed and confirmed as normal.

The researcher also published a relevant preliminary data report on the share of outputs on Monero’s blockchain that are Mordinals or coinbase outputs⁶ that was updated last week.

The code to reproduce Rucknium’s analysis is available on Github⁷.

Read the full post² and consult previous Monero Observer reports to learn more about potential mitigations, arbitrary data and Mordinals⁸’⁹’¹⁰.

This is an ongoing story and the report will be updated when new information is available.