November 25, 2019 Grin’s privacy model questioned following study which linked 95% of transactions.

Ivan Bogatyy of Dragonfly Capital published a study in which he was able to link transactions by operating a ‘sniffer’ full node and recording transactions before they undergo the cut-through aggregation that is a core feature of the Grin privacy model. Transaction amounts could not be identified, only senders and recipients. The approach used in the study is fairly accessible, requiring only $60/week of AWS operating costs. Similar vulnerabilities may exist in other Mimblewimble protocols such as Beam. A contrasting article by the Grin development team argues that this is a known vulnerability, and would have limited use on its own in identifying user identities.

Sources: