Finder is committed to editorial independence. While we receive compensation when you click links to partners, they do not influence our content.
What is Monero (XMR)?
Find out how Monero works, whether it’s truly anonymous and what you should know about its coin.
Updated . What changed?
Monero (XMR) is a cryptocurrency that was created in 2014 with the goal of being anonymous and private.
Just like Bitcoin, no one knows the real identity of Monero’s creator. But unlike Bitcoin, Monero wallet balances and payments remain concealed. These characteristics have made it attractive for those seeking private transactions and cryptocurrency speculators.
This guide explains how Monero actually works, how private it really is, its pros and cons and what to consider before buying.
What is Monero?
Monero was devised in 2013 and launched in 2014 by a mysterious cryptographer known only as Nicolas van Saberhagen. The name is a pseudonym and von Saberhagen’s real identity is still unknown.
Monero is a cryptocurrency that’s intended to offer complete privacy for all transactions.
It’s similar to Bitcoin in many ways, with two key differences:
- It’s designed to be completely anonymous and private. By contrast, Bitcoin wallet balances and transaction information are completely public.
- It uses a very different mining scheme to Bitcoin, which is largely focused on ensuring that people are still able to profitably mine it at home.
It’s important to note that all privacy cryptocurrencies are still experimental. All of them have pros and cons and none of them is perfect.
A privacy-conscious cryptocurrency user should not ask “is this private?” when choosing a coin, because there are always gradients of privacy, with different pros and cons. Instead, they need to ask “is this private enough for my needs?” and “what are the pros and cons?”.
By finding out how Monero works, you may be able to better answer those questions yourself.
How does Monero work?
At the surface level, Monero works the same way as Bitcoin. It’s a public cryptocurrency that uses a blockchain, so anyone can buy, sell, use and try to mine it.
Its main difference compared to Bitcoin is the privacy it offers, but before we dive into that, some of the other differences include dynamic scalability, fungibility, separated spend and view keys and attempts at ASIC mining resistance.
Monero’s dynamic scalability
Monero’s block size automatically adjusts to the network load, within certain limits.
This helps keep fees low even as network activity increases. But it’s not a perfect scaling solution, as there’s a limit to how high block size can scale up.
It also doesn’t address underlying scalability issues such as nodes needing to download the entire blockchain.
As a side effect of its privacy, XMR is more fungible than Bitcoin. While “clean” BTC can attract premium prices compared to “dirty” BTC, all XMR tokens should have the same value.
Separate spend and view keys
Also as a side effect of its privacy, Monero uses separate spend and view key pairs. The spend key is used to sign transactions, the same way a Bitcoin private key is. But the view key is only used to view transactions and wallet balances.
Monero has attempted to resist application-specific integrated circuit (ASIC) mining, in an effort to keep mining decentralised around the world on home computers, rather than locked up by professional, dedicated crypto mining businesses. Results have been mixed.
Maintaining ASIC resistance is an arms race between developers and mining chip manufacturers, requiring frequent hard forks from developers and counter-efforts from manufacturers.
Over time, it’s become clear that this arms race favours the manufacturers. Monero hard forked to the RandomX mining algorithm on 30 November 2019 as a final attempt at ASIC resistance.
Monero is a proof of work cryptocurrency, like Bitcoin. This means it’s mined in a similar way, with thousands of computers all around the world solving math problems in a race to find the correct answer. Like Bitcoin mining, it uses a system where the more miners there are, the harder it is to mine coins.
For a more detailed explanation of proof of work mining, you can read the complete guide to Bitcoin mining.
There are a number of differences between Bitcoin and Monero mining though. For example, Monero mining difficulty adjusts each block, while Bitcoin difficulty only adjusts every two weeks on average. The biggest difference is that Monero uses RandomX for ASIC-resistance. This means it’s most efficient to mine Monero with general purpose processors, such as CPUs.
The reason for this can be clearly seen in a chart of Monero’s mining power, or “hashrate.”
The sharp drops in April 2018 and March 2019 were anti-ASIC forks. The sharp rise in November 2019 was the RandomX fork.
Essentially, the first two peaks were because small groups of miners kept dominating the network with powerful hardware, which made mining unprofitable for everyone else. The third spike was because lots of people were suddenly able to mine with weaker hardware, so the total hashrate went back up sharply, and more people were sharing the mining profits more evenly.
Monero mining profitability
To work out whether mining Monero will be profitable, you need to do some calculations based on:
- Your hardware – how many hashes per second you can perform and how much energy it consumes
- Your electricity prices – how much mining will cost you in energy bills
- Current Monero prices – how much you’ll earn from successful mining
Monero mining calculators can make it easier to work out whether XMR mining will be profitable, because they let you simply enter a number of hashes per second, and how much you pay for electricity, and they then tell you whether mining will be profitable at current Monero prices.
To find out how many hashes per second you’ll get with different hardware, and how much electricity it consumes, you can either do some test mining, or search for RandomX hardware benchmarks.
How to mine Monero (step by step guide)
- Work out whether Mining Monero is profitable
- Download your preferred Monero mining software
- Run and configure your mining software
- Join a mining pool (optional)
- Start mining
Examples of popular Monero mining software include SRBMiner, XMRig and XMR-STAK-RX. In all cases, a reasonable amount of experience with computers is needed to safely mine Monero.
This is not an endorsement of any of those miners. Remember that you should always be cautious when downloading software, especially when it concerns cryptocurrency. You should only download open source mining software, from the official source, and only if you are confident it’s completely safe to do so.
How Monero privacy works
Public blockchains by their very nature are completely transparent, public and open. So unlike most other systems, you can’t just make a blockchain private by putting a password on accounts or encrypting transactions.
For any anonymous cryptocurrency, the challenge of blockchain privacy can be summed up as needing to find a way of simultaneously:
- Letting anyone verify that transactions are correct and valid
- Not letting anyone see what those transactions are
Nicolas van Saberhagen was one of the first people to find a way of doing this, with a system they called “CryptoNote”, which is built around a cryptographic technique called “ring signatures”.
The ring signature system was first proposed in a 1991 paper, where it was called a “group signature scheme”. It was further refined into the ring signature system in a 2001 paper and evolved a bit more over the years. Then Nicholas van Saberhagen applied it to blockchain cryptocurrencies in a 2013 paper. Monero was released a year later.
Say you have a group of 10 government officials, all of whom have their own unique signature. One of these officials wants to leak a secret and prove that it really was leaked by 1 of the 10 government officials, but they also want to keep their identity a secret.
To do this, the leaker can create a ring signature, comprised of all 10 signatures. This ring signature can now be signed by any of the officials without anyone knowing which of the 10 signed it.
This is what ring signatures do. The way it actually works is beyond the scope of this guide, but it involves a lot of maths and computer science.
How Monero uses ring signatures
Monero uses ring signatures as a way for miners to know that a transaction has been signed and is valid, without knowing exactly which transaction they’re signing.
Just like the whistleblower in the example above creates a ring signature out of 10 real signatures, Monero creates a ring signature out of a bunch of real transactions. To do this, it needs to create a bunch of decoy transactions alongside the real one. These decoys are known as mixins, because they’re “mixed in” to transactions.
Now anyone who tries to trace Monero transactions gets confounded by all those decoys which were obscuring the real transaction. This is where Monero began. Since then the network has had to constantly and quickly evolve to maintain user privacy.
How to hold Monero
To get the most out of Monero, you should choose a suitable wallet. Simply holding Monero in an exchange wallet, for example, may not offer the level of privacy you want and can pose security risks.
Learn more about how to find the best Monero wallet.
How Monero is developing
Monero is constantly evolving to remain secure and anonymous, in a constant game of cat and mouse.
Privacy isn’t a thing you achieve, it’s a constant cat-and-mouse battle.”
This is because in its initial form, it was trivial for anyone to track Monero transactions if they really wanted to and there were two glaring problems with its ring signature system.
|The problem||The consequence||The solution|
|The mixins had to be real transactions that had already occurred on Monero, of the same denomination as the transaction someone wanted to send.||It was relatively easy to pick out the real transaction among the mixins.|
User privacy took the form of plausible deniability (“you can’t prove that I sent that transaction”) rather than true anonymity (“you don’t know who sent that transaction”).
|Confidential transactions, which conceal the denomination of transactions.|
This was implemented in Monero’s ring signature system with the RingCT update in 2017.
Now the mixins can be any previous transaction of any denomination.
|Users could choose how many mixins they wanted to include in a transaction.||Most people used zero mixins because doing so lowered their transaction fees.|
Consequently, whenever someone’s zero-mixin transaction appeared in another transaction as a mixin, it was obviously the decoy.
|Make mixins mandatory for all transactions.|
Zero-mixin transactions were banned in 2016 and the minimum number of mixins allowed was set at 4.
This minimum mixin requirement has been increased over time and as of September 2019 is set at 10.
Monero’s solutions often had to be refined and tweaked over time.
For example, up until 2018 anyone could choose their own ring size (number of mixins) as long as it was above the minimum required. But this unintentionally created a new vulnerability, by making it easy to identify individuals who would consistently use the same, unconventional number of mixins.
Even today, a number of ongoing improvements are needed before Monero can be called completely private.
Is Monero really anonymous?
Thanks to a principle called the “cascade effect”, it’s possible to map out a significant portion of the Monero network and identify the real transaction among the mixins in many cases.
The cascade effect is basically the principle where if you can identify one real transaction among the mixins anywhere in the network, then you know that transaction is a mixin when you see it somewhere else.
So by identifying enough real transactions, you can start ruling them out as mixins elsewhere, which lets you identify even more real transactions – a cascade, in other words.
Because most transactions used no mixins in Monero’s early days, there’s unfortunately a very solid foundation on which you can start building up the cascade effect. Because of the cascade effect, making mixins mandatory did not immediately solve the problem of zero mixins. It’s gradually repairing that security hole, but it didn’t fix it overnight.
The real threat to Monero’s anonymity comes from the fact that people can leverage a wide range of different techniques to identify mixins in as many places as possible, then use the principles of the cascade effect to start mapping out the entire network.
As of September 2019, Monero has three known privacy vulnerabilities.
|Vulnerability||How it works||Potential solution|
|The most recent transaction is statistically likely to be the real one.||Simply by assuming that the most recently timestamped transaction among the mixins is the real one, then following that trend along the cascade effect, you can map an estimated 80% of the Monero network.||This actually isn’t too much of a problem because that 80% figure is probabilistic.|
In other words, an attacker only knows that they’ve mapped an estimated 80% of the network. They don’t know which 80% and don’t know that it actually is 80%.
|A technique called a “closed set attack” lets you quickly identify thousands of real transactions to kickstart the cascade effect.||Leveraging a mathematical principle called “closed sets”, researchers have developed a formula which can quickly identify thousands of mixins in the Monero network, with the current ring size.|
This can be used to kickstart the cascade effect and de-anonymise a portion of the network.
|The published formula works for the current Monero ring size of 11 (10 mixins).|
A higher ring size will necessitate a different, harder-to-develop formula.
By itself, this isn’t too much of a problem. The main issue is that it can be combined with other techniques and used as a basis for leveraging the cascade effect to map recent transactions.
|You can cheaply spam the Monero network to create thousands of mixins of your own.||Spam the Monero network with transactions, so when you see your transactions used as mixins, you know they’re not real.|
This attack is extremely affordable.
Accounting for the fact that spamming would raise transaction fees, it’s estimated that someone could get near-perfect oversight of the entire Monero network for just a few hundred dollars a day.
|Larger ring signatures would help and as a side effect would also raise transaction fees, making this attack more expensive.|
Additionally, higher daily transaction volumes would help. The community can also outspend attackers by spamming the network with transactions of their own.
Overall, most experts agree that most Monero transactions from 2014 to 2016 have likely been de-anonymised for a long time now.
Currently, between all of Monero’s current privacy vulnerabilities, lingering historic vulnerabilities (such as having no minimum ring size) and the cascade effect, it’s easy for anyone to de-anonymise the Monero network if they really want to.
There may also be more vulnerabilities and practical attacks which have not yet been made public.
Fortunately, even once you strip away all the additional privacy Monero offers, it’s still pseudonymous like Bitcoin. As such, Monero users who want to preserve their privacy can still use similar methods as they would with Bitcoin, such as Tor.
Monero vs other privacy coins
There are also other privacy coins, but they similarly have their own vulnerabilities and pros and cons to consider.
For all its issues, Monero still offers a much higher level of privacy than most other so-called “privacy coins”.
Zcash vs Monero
Where Monero uses ring signatures, Zcash uses zero knowledge proofs.
Other than Monero, Zcash is the world’s best-known privacy coin. Although like Monero, users will still have better privacy when using Zcash with Tor.
Zcash is widely regarded to offer the highest degree of privacy of any cryptocurrency, but only if you trust it.
This is because Zcash employed a trusted set-up. What this basically means is that you can only trust its privacy and the sanctity of monetary supply if you also trust the circumstances around its trusted set-up “ceremony”.
These circumstances offer an extremely high level of trust, but it’s still a good old fashioned human-to-human type of trust, rather than a cryptographic level of trustlessness. This is a deal-breaker for some people.
There’s also no way of confirming the size of the total Zcash supply, which is a deal-breaker for other people.
Verge vs Monero
Verge uses the Wraith Protocol where Monero uses ring signatures.
Wraith Protocol does not work as described, there is no serious cryptographic or academic research behind Wraith Protocol and Verge does not offer any meaningful level of privacy.
DASH vs Monero
DASH has integrated CoinJoins into its system, where Monero uses ring signatures.
CoinJoins have been widely used in Bitcoin, as a system where multiple users agree to swap coins among each other to better conceal their spending trail.
The problem with CoinJoins is that the other users know who they’re swapping coins with and who’s sending funds where. Consequently, it’s a very incomplete sort of privacy.
In DASH, CoinJoins are carried out automatically by DASH masternodes, with a similar downside. The masternode itself (as in, the human who operates the masternode) can see who the parties to private transactions are and where the funds are going.
As such, DASH privacy is also very flawed and incomplete.
Where to buy and trade Monero
Disclosure: At the time of writing the author holds BTC, BNB.
More guides on Finder
Monero (XMR) price prediction 2021
An in-depth look at the factors that could impact the value of privacy cryptocurrency Monero (XMR), including predictions for the future price of XMR.
Best wallets for Monero (XMR)
We review three of the best wallets for storing, sending and receiving the privacy cryptocurrency Monero (XMR).
How to buy Monero (XMR) in Indonesia
The ultimate guide to privacy cryptocurrency Monero (XMR), how it works and how you can buy, sell and trade Monero in Indonesia.