https://medium.com/dragonfly-research/breaking-mimblewimble-privacy-model-84bcd67bfe52TL;DR: Mimblewimbles privacy is fundamentally flawed. Using only $60/week of AWS spend, I was able to uncover the exact addresses of senders and recipients for 96% Grin transactions in real time.
The problem is inherent to Mimblewimble, and I dont believe theres a way to fix it. This means Mimblewimble should no longer be considered a viable alternative to Zcash or Monero when it comes to privacy.
So he "researched" and found a limitation of MW known since 2016. That's $60 well wasted.
https://github.com/mimblewimble/grin/wiki/Grin-and-MimbleWimble-vs-ZCashWhile Grin transaction outputs are fully obscured, it's still possible to trace which inputs links to which outputs at least until some age. But it's unclear at this point what information could be derived from this.