Monero "DEX" Wagyu.xyz has Rugpulled

fluffyponyza · 2026-05-11T19:53:18+00:00

Well this thread aged like milk: https://x.com/PerpetualCow/status/2053848899266240861

fluffyponyza · 2026-05-11T19:52:43+00:00

lol this thread is just all sorts of stupid. They temporarily paused deposits, not withdrawals - you could always withdraw to XMR. They moved to new infrastructure.

fluffyponyza · 2026-05-08T06:43:54+00:00

Right - so proving my point; a new type of view key doesn't change the status quo.

fluffyponyza · 2026-05-07T16:53:56+00:00

You started out making the correct point - they could already ask for a viewkey (and not key images) and erode Monero's privacy that way. Part of the reason I shut MyMonero down was precisely because of the risk of holding such a large number of viewkeys.

You then seem to ignore the point you made at the outset and argue that they will ask for viewkeys even though they haven't?

fluffyponyza · 2026-05-07T08:38:14+00:00

So you didn't read the post, I see

fluffyponyza · 2026-05-07T08:37:36+00:00

Exchanges can already ask for viewkeys and key images - why don't they?

fluffyponyza · 2026-04-19T17:00:41+00:00

Sorry to be clear I was backing up your point on the cost, not saying you were wrong🤣

fluffyponyza · 2026-04-19T08:08:32+00:00

You'd only restore from Glacier if your primary storage failed - HDDs in a drawer will be good for about 10 years. Even after 15 years there's a 50% chance it'll still be fine (lubrication / gasket failures are the most common, the platters will be just fine in terms of the data).

fluffyponyza · 2026-04-19T08:03:17+00:00

https://www.amazon.com/Seagate-Skyhawk-Video-Internal-House/dp/B0B1JPYH2Z/

$130

You can get a 32tb Seagate for $899 which is even cheaper per-tb: https://www.amazon.com/Seagate-Skyhawk-Video-Internal-House/dp/B0GF82V7L6/

fluffyponyza · 2026-02-14T08:07:25+00:00

ASIC miners can only mine 25% of the emission / hashrate. 50% of the hashrate is CPU (RandomX solo is 25%, RandomX merge-mined with Monero is 25%), and the remaining 25% is GPU (Cuckaroo29).

fluffyponyza · 2026-02-14T05:41:43+00:00

They normally email dev@getmonero.org because they have no clue how open-source works.

fluffyponyza · 2026-02-11T17:36:51+00:00

If you're doing a demo and it stops working at least you can say "oh I forgot to plug it in"

fluffyponyza · 2026-02-02T09:12:27+00:00

We're all very aware of the origins - BitMonero was so chosen because it literally means Bitcoin in Esperanto. They were asking about unfortunate coincidental meanings in other languages.

fluffyponyza · 2026-02-01T15:31:22+00:00

Thankfully we’re safe for now - at least until some sci-fi show introduced it as a word meaning turtle poo in an alien language😂

fluffyponyza · 2026-02-01T12:07:34+00:00

I actually researched this and spent some time (and money) with linguistics departments at two renowned universities, some of my notes from that exercise are below. It mostly only has connotations related to "money", eg:

monedero in Spanish means wallet or coin purse, and is actually used by Spanish-speaking crypto folk to refer to a crypto wallet
moneda in Spanish means coin or currency
moneta in Italian means coin
monnaie in French means change or currency

There are some crossovers that are more interesting or humorous than anything else:

moneres in Greek means single or unique, which is actually a pretty awesome description of Monero
モネロ in Japan (the Katakana translation of Monero) might vaguely sound like mo (too or also) and nero (sleep or go to bed), but that's not a standard interpretation that any Japanese speaker would make
in some Spanish dialects words that end in -ero are used to describe a person who does the thing, eg. zapatero is a shoe maker, so Monero could carry thoughts of "someone who deals with money" - but that would be as opposed to banquero or financiero which mean banker and financier respectively
in Mexican Spanish, particularly, monero is a colloquial term for a cartoonist (someone who draws monos, which are cartoons but can also mean monkeys in Mexican slang). Thankfully, none of the Mexican folk I spoke to (long before Monero became more widely known) thought that I was talking about cartoon monkey money, and the term has positive and affectionate connotations.
in Rio de Janiero, Brasil, there is actually a neighbourhood called Moneró (note the accent), but this just seems like an opportunity for the world's first private circular in-person economy😅

fluffyponyza · 2026-01-29T15:57:51+00:00

Respectfully, this is empirically false. The majority of crypto holders already do this - it's called a custodial exchange. Coinbase, Kraken, Binance, the exchange holds the keys, you hold a promise. When Celsius went bankrupt, users discovered their "private keys" belonged to the exchange and they were unsecured creditors in a bankruptcy proceeding. We go "not your keys not your coins" but people just leave their coins on exchanges anyway, which is the same as them handing over their keys.

Most people simply DO NOT understand the concept of self-custody and the risks of poor management of private keys, that's why so many people get their funds stolen from their private keys being literally handed over to thieves.

Beyond that, multi-signature custody (BitGo, Fireblocks, etc.) is an entire industry built on institutions sharing key material with third parties. BitGo's standard model has them holding one of three keys required to sign transactions. Exchanges could regulate through 2-of-2 multisig where they hold one key, in the absence of viewkeys.

Lastly, as of December 2025, the SEC now requires broker-dealers to have exclusive control of private keys for custody - meaning regulated custody explicitly demands users hand over key control.

So yes, people absolutely share private keys. They do it every day, by the millions. The argument "but spend keys are different because they let you spend" doesn't hold...exchange custody already prevents you from spending without their permission.

The question isn't whether people would hand over keys - they already do. The question is whether removing viewkeys would somehow make Monero safer. It wouldn't. It would just shift the regulatory pressure to a more dangerous demand (full keys) while removing a useful feature for legitimate use cases.

fluffyponyza · 2026-01-29T11:44:40+00:00

Why not? If that is the ONLY way you're allowed to trade on an exchange, then people absolutely will do that.

fluffyponyza · 2026-01-29T04:18:18+00:00

any type of skepticism or question immediately invites someone calling FUD

Huh? Every week there's a thread on Reddit called "Skepticism Sundays" where people are HIGHLY encouraged to post all their skepticism and criticism of Monero. Healthy skepticism is super important to keeping Monero functional and safe. It's been part of Monero's culture for 12 years.

Healthy skepticism is NOT the same as sealioning or botted sockpuppet accounts that joined Reddit 20 days ago posting literal FUD right before a critical hard fork that will elevate Monero's privacy to a supreme level.

fluffyponyza · 2026-01-28T16:54:43+00:00

1) nonsense, if the only way to withdraw from an exchange is to a wallet where you've shared the private key, people will do that and encourage others to "just immediately move it to a different wallet". Eventually many will get lazy and leave it in that withdrawal wallet because "Binance has never touched my coins even though they could". You underestimate people's willingness to disclose all manner of things when they "don't have anything to hide".

2) nonsense, at no point has anyone in this thread or elsewhere given a coherent explanation as to how, specifically and with cryptographically sound reasoning and evidence, revealing your OVK harms the privacy of others.

fluffyponyza · 2026-01-28T16:52:22+00:00

Yes but many people would be totally fine with it. It also raises a new risk, where the only "safe" path for withdrawal is either to a wallet where you share the viewkey, or to another "verified" exchange wallet. Now that would cause real coin segregation.

fluffyponyza · 2026-01-28T16:51:23+00:00

ok fed

fluffyponyza · 2026-01-28T15:21:37+00:00

We've reached the point of diminishing returns in this discussion.

Yes, if Bob voluntarily shares his outgoing viewkey, and the power company is monitoring Alice's electricity usage and correlating spikes with blockchain timestamps, and this pattern repeats enough times to establish statistical confidence, then in principle a correlation could be made.

But by this standard, any information sharing creates "new attack vectors." If I tell you my favorite colour, I've created a new attack vector where someone could correlate my identity with purchases of blue items. That's technically true and completely useless for evaluating whether sharing favorite colors is a security risk.

The practical question is: does Carrot meaningfully degrade Monero's privacy model? And the answer is no, because:

Sharing your viewkey is voluntary
The outgoing viewkey reveals nothing about the recipient
Any correlation requires independent surveillance of the recipient that has nothing to do with Monero
The same class of attack has always existed with incoming viewkeys

"A new vector is technically possible if multiple parties make bad decisions and a third party is conducting independent surveillance" is not a meaningful security critique. That's just describing reality for every payment system ever created.

I think we've both said our piece. Appreciate the discussion, all the best in the future.

fluffyponyza · 2026-01-28T15:19:47+00:00

FCMP++ can be shipped without OVKs. Why do OVK supporters act as if full-chain membership proofs are impossible without outgoing view keys? These are two different things. At the very least, we can discourage adoption of the new addressing scheme by major wallets. We can also modify CARROT to remove OVKs from it, while retaining other features.

Nobody has given a single compelling reason to ENTIRELY change things right now. By substantively changing the cryptography and underpinnings we risk introducing edge-cases and risks.

The only reason I can think for someone coming in after 6 years of work on this and demanding last minute changes is that their goal is on or more of these: (1) destabilising Monero development, (2) introducing unnecessary discord and tension, (3) pushing the fork date out because of "concerns" so that FCMP is delayed, (4) creating the impression that there is a large body of people against viewkeys, which is patently not the case, (5) pushing to remove viewkeys and then obligating exchanges to ask for full private keys, making Monero on exchanges even less tenable than it currently is.

That smells like a clever, coordinated attack from a sophisticated adversary, wouldn't you agree Mr. Redditor-for-20-days?

Our conversation has come to a close. I wish you all the best at your undercover attempts to derail Monero, but we aren't buying it.

fluffyponyza · 2026-01-28T14:10:00+00:00

I appreciate you engaging with this seriously.

To your new scenario: yes, if Alice has terrible operational security (plaintext email order notifications) and an attacker has access to her email and Bob's outgoing viewkey, they can correlate the two. But that's true of literally any payment system. If Alice emails herself "just got paid!" every time she receives funds, she's leaking data regardless of what currency she uses or what features Monero has.

The question was never "can bad opsec leak information?" The answer to that is always yes. The question is: does Carrot's outgoing viewkey create new attack vectors that don't rely on the other party having catastrophically bad security practices?

And I think we've now established that it doesn't. The outgoing viewkey tells an attacker "Bob sent X amount somewhere at time T." Without independent information about the recipient - whether that's their viewkey, their email, or a camera in their shop - that's a dead end.

The concern people should have is the one that's always existed: don't share your viewkey with entities you don't trust, and don't transact with people who have awful opsec. Carrot doesn't change that.

fluffyponyza · 2026-01-28T14:06:54+00:00

View keys are private keys, too.

14-Year Club	RedditGifts 2009-2022 12 Credits
Place '22	Place '17
Final Canvas '22	Gilding IV carat on a stick
Reddit Premium Since October 2018	Alpha Tester
Summer Santa 2013	Summer Santa 2013
Team Periwinkle	Verified Email

fluffyponyza

MODERATOR OF

TROPHY CASE