Developers of the privacy-focused cryptocurrency Monero have enhanced mechanisms to counter so-called spy nodes in the new client version (v0.18.4.3) named Flourine Fermi.
We’re excited to announce that CLI v0.18.4.3 ‘Fluorine Fermi’ has been released!
‘This is a highly recommended release that enhances protection against spy nodes.’
— Monero (XMR) (@monero) October 9, 2025
“This is a highly recommended update,” project representatives emphasized.
In the Monero community, the term “spy nodes” refers to malicious nodes, their groups, or botnets capable of linking IP addresses with transactions on the network.
The update introduces an improved peer selection algorithm that avoids connecting to large subnets often used by spy nodes. Users will now connect to more secure nodes.
General improvements have been added to enhance the network’s stability and reliability.
Guarding Privacy
As malicious nodes threaten user privacy and contradict the project’s goals, the Monero community actively seeks solutions: developing security measures, encouraging the launch of personal nodes, and improving software.
At the end of 2024, researchers suggested that node operators block suspicious IPs and avoid connecting to them. However, this measure is difficult to call effective, as attackers can easily create new “spy” addresses.
Another tool promoted by the community is Dandelion++. This software aims to make it more difficult to link IP addresses with transactions.
The issue of Monero’s privacy came into focus after the leak of a Chainalysis video in 2024. In the video, the analytics company demonstrated how it launches numerous nodes in different regions and uses several internet providers to collect IP addresses and transaction timestamps.
In September, the blockchain of the privacy-focused cryptocurrency underwent its largest reorganization in 12 years.
The mining pool Quibic released a hidden chain that turned out to be longer than the main one. Network nodes automatically accepted it as correct, canceling previous blocks.