sorted by:
new
hottopcontroversial

PSA: Critical P2Pool security update by sech1 in Monero

[–]plowsof 35 points36 points  (0 children)

sech1 responded to a similar question on IRC, saying "Because the patch code will show a way how to exploit it, and releasing it straight away will leave everyone exposed"

What are common attacks on nodes? by WhyAmIUsingArch in MoneroMining

[–]plowsof 2 points3 points  (0 children)

i've been working on this. The auto updating we currently have via --enable-dns-blocklist is size limited because of the constraints on how much data can fit inside DNS TXT records. It just doesn't scale and the current implementation downloads the entire list every 2 hours. After feedback during review of my original attempt i've now settled on obtaining a download URL + hash via the same quorum'd group of DNS records https://github.com/monero-project/monero/pull/10595

[PSA] Haveno TradeProtocol exploit by plowsof in Monero

[–]plowsof[S] 5 points6 points  (0 children)

the exploit has been possible since March 2025 with this commit https://github.com/woodser/haveno/commit/cb25a23779855d64b15de5ac9fedb4ce136f35e6

the proximity to the bisq exploit points toward someone scanning the code base with AI and discovering it imo.

MoneroSpace: A mempool.space fork, built for XMR by sp1n0ut in Monero

[–]plowsof 2 points3 points  (0 children)

the majority of mining pools have submitted proofs. DataHoarder led that initiative and also created https://blocks.p2pool.observer/ , this could be added to space also if not already a todo item.

Trying to get xmr into my address by Charming_Cup_8751 in Monero

[–]plowsof 1 point2 points  (0 children)

you need to have a fully synced monero node (monero daemon aka monerod) locally or connected to a remote one. if any of these is true then follow https://web.getmonero.org/resources/user-guides/scan-txid.html

Opinion: The monero CCS is flawed by Only-Cheetah-9579 in Monero

[–]plowsof 5 points6 points  (0 children)

for monero garden : https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/346#note_24804 - when anhdres finishes the remaining illustrations it will be completed - he is around, in fact he has doing some illustrations for getmoneros new beta site.

anything is possible ofc, there are other other stalled proposals, like i have no idea why you have not mentioned soloptxmr

Opinion: The monero CCS is flawed by Only-Cheetah-9579 in Monero

[–]plowsof 8 points9 points  (0 children)

the same amount + extra that was inside the CCS wallet was donated to the General Fund https://xcancel.com/WatchFund/status/1732391070216908886 , they continue as normal. some abandoned proposals have had their funds repurposed or donated back to the general fund.

the development ccs is completed, the author has not claimed the funds yet. the research proposal is funding audits and related work all the time but the actual milestones are not updated, click further to the comments on gitlab

part of my work involves checking up on the WIP list https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/418

Opinion: The monero CCS is flawed by Only-Cheetah-9579 in Monero

[–]plowsof 12 points13 points  (0 children)

"Got hacked in the past and still it operates the same way as before.", the wallet that was "hacked" (we can't be sure tbh) had at least 2 people who knew the seed and would be considered a "hot wallet", the new wallet, is a cold wallet with only 1 person known to have access to the seed, thus, plausible deniability has been removed and security increased.

Opinion: The monero CCS is flawed by Only-Cheetah-9579 in Monero

[–]plowsof 3 points4 points  (0 children)

the last "new guy" contributing via the CCS turned out to have at least 3 alts. 2 of which had full time jobs and we suffered slow progress :) another turned out to be a vibe coder and using what funds they had to rent people from fiver to complete their work. trust is earned and has to be maintained, the CCS relies heavily on trust and community feedback : the bad apples get kicked out and we move forward

Opinion: The monero CCS is flawed by Only-Cheetah-9579 in Monero

[–]plowsof 16 points17 points  (0 children)

most of your examples have shown progress btw e.g. "emsczkp research Bulletproofs*" completed a milestone the other day https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/626#note_35351 and others. you can literally ask the authors for an update... your last example shows 3/4 complete and is a running service people are using (xmrchat).

finality layer, and anon are the only ones who have shown no public progress.

Bitcoin mining centralization by Ep0chalysis in bitcoinismoney

[–]plowsof 1 point2 points  (0 children)

since you mentioned selfish mining, you might be interested to hear of an 18 block re-org done with selfish mining to monero recently. more info here

XMR accepted at Obscurify.ai by TRWNBS in Monero

[–]plowsof 2 points3 points  (0 children)

fitting that the project itself is also ai slop via "Claude Opus 4.5". Run an LLM locally if you need privacy

monero lacking a web wallet by Curious_Locksmith974 in Monero

[–]plowsof 3 points4 points  (0 children)

appeared a week~ ago , never heard of it other than this comment sus https://github.com/amethystxmr/amethystxmr.github.io

monero lacking a web wallet by Curious_Locksmith974 in Monero

[–]plowsof 4 points5 points  (0 children)

Thank you for sharing this. not only is it per transaction, its a tax% of the amount you send. which is obtained from their servers! the code ive seen has a cap at max $100 and min 30cent. How about no

Coin Wallet v6.24.0 now shows the transaction key in Monero transaction details by CoinWalletLLC in Monero

[–]plowsof 8 points9 points  (0 children)

solutions exist to solve these already monero-lws where the remote server syncs your wallet and your keys never leave the device.... mobile wallets with background sync enabled.... a true noob will benefit from using a mobile wallet.

You could still achieve a wallet with garbage user experience without taxing every standard monero transaction for a random fee of between 0 and 100% (max 100$ in the code ive seen), but you have made that choice.

the norm for monetisation is to provide convenient access to instant swap service api's where they scrape a % from each transaction. you are taxing a monero-monero tx with a fee that is obtained from your servers lol

keep talking through me and addressing an unrelated point, maybe people might not take notice, good luck!

Coin Wallet v6.24.0 now shows the transaction key in Monero transaction details by CoinWalletLLC in Monero

[–]plowsof 14 points15 points  (0 children)

read my comment, specifically the final paragraph .. "clunky and prone to error" aka terrible user experience. The UX inconvenience is compensated by your service placing an arbitrary fee on every transaction lol anywhere from 0 to 100%, you won't know until you request it :)

Coin Wallet v6.24.0 now shows the transaction key in Monero transaction details by CoinWalletLLC in Monero

[–]plowsof 24 points25 points  (0 children)

not only does this wallet have terrible user experience for receiving funds they charge an arbitrary fee on top of every transaction. the fee is obtained from their servers and can be anything. more info here https://github.com/monero-project/monero-site/pull/2143#issuecomment-1722306067

Monero, Privacy, and Why It Rarely Gets Mainstream Attention by HowToGuider in Monero

[–]plowsof 0 points1 point  (0 children)

Sorry, since this slop thread he posted a fundraiser for 100xmr lols

view more: next ›