this post was submitted on 11 Jun 2024
12 points (87.5% liked)

Monero

1675 readers
30 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 1 year ago
MODERATORS
 

🚨Honeypot Warning🚨In a thread posted on Dread in /d/Monero.. it's being discussed that the "Haveno-Reto" fork may be a honeypot.

top 6 comments
sorted by: hot top controversial new old
[–] xmr_unlimited@monero.town 6 points 5 months ago

The darknet does not have arcane knowledge. Just because it's there doesn't mean it's true.

[–] admin@monero.town 6 points 5 months ago

Now that's some pure fud.

The Reto fork made exclusively changes as required by the haveno setup guide, seems to me the source of this just wants to set up their own network.

[–] mister_monster@monero.town 4 points 5 months ago

Looks like fud to me. The keys are for the people running the network. Haveno decided not to run a network and just release software. If they had run a network these would be their keys instead.

Deanonymizing tor Monero nodes... This is not haveno or reto specific. Haveno exacerbates it by increasing the number of Monero nodes on the tor network, that's all.

Looks like a nothingburger. Could reto be a honeypot? Sure, maybe I guess. But a honeypot for what? What information are they collecting? What are they collecting that they'd need to run a haveno network to collect?

[–] blake@monero.town 3 points 5 months ago* (last edited 5 months ago)

I regularly run Haveno Reto, it's max userbase is 10 but the average is about 8 online at any one time.

I don't think that it's a honeypot as it doesn't make sense. The author argues that the main vulnerability is the manipulation of node selection - but users are free to self-host nodes and use any node, it's not baked into the program. Anyone can set up a 'malicious'' Monero node anyhow. As others have mentioned it seems like the kid who wrote the diss track doesn't really know what's going on (was it Majestic?). Lastly, they end by saying they are a competitor - but they just stopped their work on a localmonero clone - and are leaving the community forever - but please share this post around. Something smells off. But we have to take each anonymous opinion semi-seriously in the internet apparently.

Besides all that, Haveno's not used very much (yet?). There are a few trades offered but none in my jurisdiction. Perhaps this will grow with time, but as yet we aren't seeing 'mass adoption' despite delisting and shutdowns of other p2p exchanges.

I'm more up for posting crypto > XMR trades but it's not quite clear to me how 'Instant' crypto trades are settled, and there was a recent warning about unfulfilled instant crypto-xmr trades being punished. It would be nice to just post up liquidity with a small margin and have it be able to autocomplete trades whilst afk. A boy can dream!


If I were to make the case against Haveno it would be thus:

  1. There is no account reputation, like localmonero, to identify users who have regularly fulfilled contracts and are more trustworthy.

1.a. This means that I personally would want 100% backing of the deal in Haveno, which locks away someone's xmr, an unappealing offer.

1.b. Even then we would depend on the fair arbitration to ensure the deal was finished. Fine for crypto trades within Haveno but cash by mail trades? It took localmonero/agora a long time to establish its reputation, and it is a tough job to arbitrate even with 2 benign actors.

  1. I have not seen enough evidence that the Arbitrators are fair, non-malicious actors. This is not to say they are bad actors - just there isn't evidence either way.

2.b. The first username I saw of an arbitrator was on the aforementioned warning notice which (no shade) wasn't written in the best English, I suspect English as 2nd language bu. Hopefully this improves.

  1. When it was released upon the public, people talked about multiple Haveno instances in competition, muh free market. However, it quickly dwindled to one - I see this as a vulnerability. Even if the diss track's critique is not valid, it could still be compromised in some unknown way and we wouldn't have another instance of Haveno viable as an alternative. There was HardenedSteel but it was quickly deprecated. Does anyone know of another instance? I'd happily run both.

tl;dr : despite being a decentralised p2p facility, Haveno Reto depends on good-faith in arbitrators and whilst it's in beta it's an easy target for fud.

[–] shortwavesurfer@monero.town 3 points 5 months ago (1 children)

I saw that post and the person posting it did not appear to know what they were talking about because they were talking about keys that are required for the network to actually function.

[–] ReversalHatchery@beehaw.org 2 points 5 months ago

Yeah, caution is warranted but what they tell does not give any reason for why reto would be a likely honeypot, and their post potrays it as such, by just pointing to changes being made to the source that are known for needing to be changed by the network operator.