Something was not right since I met this website – minko.to and you might say that I’m being too much paranoid here. My answer is normally short and it’s a quote:
“Paranoid? Probably. But just because you’re paranoid doesn’t mean there isn’t an invisible demon about to eat your face.”
Jim Butcher, Storm Front
There is Monero – the highly privacy-concerned coin. It had an extremely high amount of transactions per day – 15 325 to be exact; the highest amount ever reached before was 10 833. It seems that the pike in transactions to be related to Minko, a “social gambling platform.”
So, what is Minko?
We can find almost nothing about this “social gambling platform”. Let’s check, what game’s developers wrote:
“We wish to keep financially contributing long term to Monero development and will define the best way forward after this first month (with more knowledge of what to expect in terms of traffic).”
Sound like “bla-bla-bla for the bright future” to me.
If we check the Terms of Service and Privacy Policy, we can meet some promises, that are pretty standard and actually written in such a way, that it makes the website owners not responsible for any private data, submitted to remain confidential:
5.1 While we try to make sure that the Site is secure, we cannot guarantee the security of any information that you supply to us and therefore we cannot guarantee that it will be kept confidential.
Yes, I know, this condition is pretty standard as nobody can really guarantee such things, but we’re talking about real people showing their Monero wallet addresses. How an average person will use this website? He/she creates a new Monero address and sends some XMR to it to play with. Nothing wrong with this, right? Not really.
- Majority of people will just send some XMR from their wallets from exchanges. If you passed the KYC procedure on the centralized exchange, your nickname on minko website can be linked with your ID and even face (if minko owners have some contacts with the exchange). Considering the fact that exchanges are being hacked rather easy, the next hack might provide your ID data for hackers and later on, it can be linked to your address that’s used for Minko game.
- When you try to withdraw your winnings, you will provide your wallet address to Minko website owners. If you transfer these funds to centralized exchange, linking it to your name and face might be much easier.
What’s so wrong with Minko?
Let’s figure out, what .to means:
- .to is the ccTLD (country code top-level domain) of the island kingdom of Tonga.
- The government of Tonga sells domains in its ccTLD to any interested party.
- .to is one of the few ccTLDs that (officially) do not maintain a (public) WHOIS database providing registrant information.
So, no public WHOIS, being sold to anyone and is governed by the country with the total population of a bit over 100k.
Why so paranoid?
More than two months ago, Craig Wright suddenly promised to make Zcash and Monero completely traceable:
Yes, I can make ZCash and Monero completely traceable…
A means to start monitoring it all and attributing.
And, responsible disclosure is not those teams.
Have a nice life.
— DR CRAIG S WRIGHT (@PROFFAUSTUS) MARCH 5, 2019
Unfortunately, the original tweet was removed. Coincidence? I don’t think so. A means to start monitoring and attributing is already here, meet minko.to!
