🚨Honeypot Warning🚨In a thread posted on Dread in /d/Monero… it’s being discussed that the “Haveno-Reto” fork may be a honeypot.
The darknet does not have arcane knowledge. Just because it’s there doesn’t mean it’s true.
Now that’s some pure fud.
The Reto fork made exclusively changes as required by the haveno setup guide, seems to me the source of this just wants to set up their own network.
Looks like fud to me. The keys are for the people running the network. Haveno decided not to run a network and just release software. If they had run a network these would be their keys instead.
Deanonymizing tor Monero nodes… This is not haveno or reto specific. Haveno exacerbates it by increasing the number of Monero nodes on the tor network, that’s all.
Looks like a nothingburger. Could reto be a honeypot? Sure, maybe I guess. But a honeypot for what? What information are they collecting? What are they collecting that they’d need to run a haveno network to collect?
I regularly run Haveno Reto, it’s max userbase is 10 but the average is about 8 online at any one time.
I don’t think that it’s a honeypot as it doesn’t make sense. The author argues that the main vulnerability is the manipulation of node selection - but users are free to self-host nodes and use any node, it’s not baked into the program. Anyone can set up a ‘malicious’’ Monero node anyhow. As others have mentioned it seems like the kid who wrote the diss track doesn’t really know what’s going on (was it Majestic?). Lastly, they end by saying they are a competitor - but they just stopped their work on a localmonero clone - and are leaving the community forever - but please share this post around. Something smells off. But we have to take each anonymous opinion semi-seriously in the internet apparently.
Besides all that, Haveno’s not used very much (yet?). There are a few trades offered but none in my jurisdiction. Perhaps this will grow with time, but as yet we aren’t seeing ‘mass adoption’ despite delisting and shutdowns of other p2p exchanges.
I’m more up for posting crypto > XMR trades but it’s not quite clear to me how ‘Instant’ crypto trades are settled, and there was a recent warning about unfulfilled instant crypto-xmr trades being punished. It would be nice to just post up liquidity with a small margin and have it be able to autocomplete trades whilst afk. A boy can dream!
If I were to make the case against Haveno it would be thus:
- There is no account reputation, like localmonero, to identify users who have regularly fulfilled contracts and are more trustworthy.
1.a. This means that I personally would want 100% backing of the deal in Haveno, which locks away someone’s xmr, an unappealing offer.
1.b. Even then we would depend on the fair arbitration to ensure the deal was finished. Fine for crypto trades within Haveno but cash by mail trades? It took localmonero/agora a long time to establish its reputation, and it is a tough job to arbitrate even with 2 benign actors.
- I have not seen enough evidence that the Arbitrators are fair, non-malicious actors. This is not to say they are bad actors - just there isn’t evidence either way.
2.b. The first username I saw of an arbitrator was on the aforementioned warning notice which (no shade) wasn’t written in the best English, I suspect English as 2nd language bu. Hopefully this improves.
- When it was released upon the public, people talked about multiple Haveno instances in competition, muh free market. However, it quickly dwindled to one - I see this as a vulnerability. Even if the diss track’s critique is not valid, it could still be compromised in some unknown way and we wouldn’t have another instance of Haveno viable as an alternative. There was HardenedSteel but it was quickly deprecated. Does anyone know of another instance? I’d happily run both.
tl;dr : despite being a decentralised p2p facility, Haveno Reto depends on good-faith in arbitrators and whilst it’s in beta it’s an easy target for fud.
I saw that post and the person posting it did not appear to know what they were talking about because they were talking about keys that are required for the network to actually function.
Yeah, caution is warranted but what they tell does not give any reason for why reto would be a likely honeypot, and their post potrays it as such, by just pointing to changes being made to the source that are known for needing to be changed by the network operator.