Monero (XMR) is a cryptocurrency that was created in 2014 with the goal of being anonymous and private.
Just like Bitcoin, no one knows the real identity of Monero’s creator. But unlike Bitcoin, Monero wallet balances and payments remain concealed. These characteristics have made it attractive for those seeking private transactions and cryptocurrency speculators.
This guide explains how Monero actually works, how private it really is, its pros and cons and what to consider before buying.
Disclaimer: This information is not financial advice or an endorsement of cryptocurrency or any specific provider, service or offering. Cryptocurrencies are highly volatile and high risk. Do your own research and seek financial advice before buying. Please check with providers if their services are available in your state.
Monero was devised in 2013 and launched in 2014 by a mysterious cryptographer known only as Nicolas van Saberhagen. The name is a pseudonym and von Saberhagen’s real identity is still unknown.
Monero is a cryptocurrency that’s intended to offer complete privacy for all transactions.
Monero vs Bitcoin
It’s similar to Bitcoin in many ways, with two key differences:
It’s designed to be completely anonymous and private. By contrast, Bitcoin wallet balances and transaction information are completely public.
It uses a very different mining scheme to Bitcoin, which is largely focused on ensuring that people are still able to profitably mine it at home.
It’s important to note that all privacy cryptocurrencies are still experimental. All of them have pros and cons and none of them is perfect.
A privacy-conscious cryptocurrency user should not ask “is this private?” when choosing a coin, because there are always gradients of privacy, with different pros and cons. Instead, they need to ask “is this private enough for my needs?” and “what are the pros and cons?”.
By finding out how Monero works, you may be able to better answer those questions yourself.
How does Monero work?
At the surface level, Monero works the same way as Bitcoin. It’s a public cryptocurrency that uses a blockchain, so anyone can buy, sell, use and try to mine it.
Its main difference compared to Bitcoin is the privacy it offers, but before we dive into that, some of the other differences include dynamic scalability, fungibility, separated spend and view keys and attempts at ASIC mining resistance.
Monero’s dynamic scalability
Monero’s block size automatically adjusts to the network load, within certain limits.
This helps keep fees low even as network activity increases. But it’s not a perfect scaling solution, as there’s a limit to how high block size can scale up.
It also doesn’t address underlying scalability issues such as nodes needing to download the entire blockchain.
As a side effect of its privacy, XMR is more fungible than Bitcoin. While “clean” BTC can attract premium prices compared to “dirty” BTC, all XMR tokens should have the same value.
Separate spend and view keys
Also as a side effect of its privacy, Monero uses separate spend and view key pairs. The spend key is used to sign transactions, the same way a Bitcoin private key is. But the view key is only used to view transactions and wallet balances.
Monero has attempted to resist application-specific integrated circuit (ASIC) mining, in an effort to keep mining decentralized around the world on home computers, rather than locked up by professional, dedicated crypto mining businesses. Results have been mixed.
Maintaining ASIC resistance is an arms race between developers and mining chip manufacturers, requiring frequent hard forks from developers and counter-efforts from manufacturers.
Over time, it’s become clear that this arms race favours the manufacturers. Monero hard forked to the RandomX mining algorithm on 30 November 2019 as a final attempt at ASIC resistance.
Where to buy and trade Monero
Monero is a proof of work cryptocurrency, like Bitcoin. This means it’s mined in a similar way, with thousands of computers all around the world solving math problems in a race to find the correct answer. Like Bitcoin mining, it uses a system where the more miners there are, the harder it is to mine coins.
For a more detailed explanation of proof of work mining, you can read the complete guide to Bitcoin mining.
There are a number of differences between Bitcoin and Monero mining though. For example, Monero mining difficulty adjusts each block, while Bitcoin difficulty only adjusts every two weeks on average. The biggest difference is that Monero uses RandomX for ASIC-resistance. This means it’s most efficient to mine Monero with general purpose processors, such as CPUs.
The reason for this can be clearly seen in a chart of Monero’s mining power, or “hashrate.”
The sharp drops in April 2018 and March 2019 were anti-ASIC forks. The sharp rise in November 2019 was the RandomX fork.
Essentially, the first two peaks were because small groups of miners kept dominating the network with powerful hardware, which made mining unprofitable for everyone else. The third spike was because lots of people were suddenly able to mine with weaker hardware, so the total hashrate went back up sharply, and more people were sharing the mining profits more evenly.
Monero mining profitability
To work out whether mining Monero will be profitable, you need to do some calculations based on:
Your hardware – how many hashes per second you can perform and how much energy it consumes
Your electricity prices – how much mining will cost you in energy bills
Current Monero prices – how much you’ll earn from successful mining
Monero mining calculators can make it easier to work out whether XMR mining will be profitable, because they let you simply enter a number of hashes per second, and how much you pay for electricity, and they then tell you whether mining will be profitable at current Monero prices.
To find out how many hashes per second you’ll get with different hardware, and how much electricity it consumes, you can either do some test mining, or search for RandomX hardware benchmarks.
Examples of popular Monero mining software include SRBMiner, XMRig and XMR-STAK-RX. In all cases, a reasonable amount of experience with computers is needed to safely mine Monero.
This is not an endorsement of any of those miners. Remember that you should always be cautious when downloading software, especially when it concerns cryptocurrency. You should only download open source mining software, from the official source, and only if you are confident it’s completely safe to do so.
How Monero privacy works
Public blockchains by their very nature are completely transparent, public and open. So unlike most other systems, you can’t just make a blockchain private by putting a password on accounts or encrypting transactions.
For any anonymous cryptocurrency, the challenge of blockchain privacy can be summed up as needing to find a way of simultaneously:
Letting anyone verify that transactions are correct and valid
Not letting anyone see what those transactions are
Nicolas van Saberhagen was one of the first people to find a way of doing this, with a system they called “CryptoNote”, which is built around a cryptographic technique called “ring signatures”.
The ring signature system was first proposed in a 1991 paper, where it was called a “group signature scheme”. It was further refined into the ring signature system in a 2001 paper and evolved a bit more over the years. Then Nicholas van Saberhagen applied it to blockchain cryptocurrencies in a 2013 paper. Monero was released a year later.
Ring signatures explained
Say you have a group of 10 government officials, all of whom have their own unique signature. One of these officials wants to leak a secret and prove that it really was leaked by 1 of the 10 government officials, but they also want to keep their identity a secret.
To do this, the leaker can create a ring signature, comprised of all 10 signatures. This ring signature can now be signed by any of the officials without anyone knowing which of the 10 signed it.
This is what ring signatures do. The way it actually works is beyond the scope of this guide, but it involves a lot of maths and computer science.
How Monero uses ring signatures
Monero uses ring signatures as a way for miners to know that a transaction has been signed and is valid, without knowing exactly which transaction they’re signing.
Just like the whistleblower in the example above creates a ring signature out of 10 real signatures, Monero creates a ring signature out of a bunch of real transactions. To do this, it needs to create a bunch of decoy transactions alongside the real one. These decoys are known as mixins, because they’re “mixed in” to transactions.
Now anyone who tries to trace Monero transactions gets confounded by all those decoys which were obscuring the real transaction. This is where Monero began. Since then the network has had to constantly and quickly evolve to maintain user privacy.
How to store Monero
To get the most out of Monero, you should choose a suitable wallet. Simply holding Monero in an exchange wallet, for example, may not offer the level of privacy you want and can pose security risks.
Monero is constantly evolving to remain secure and anonymous, in a constant game of cat and mouse.
Privacy isn’t a thing you achieve, it’s a constant cat-and-mouse battle.”
This is because in its initial form, it was trivial for anyone to track Monero transactions if they really wanted to and there were two glaring problems with its ring signature system.
The mixins had to be real transactions that had already occurred on Monero, of the same denomination as the transaction someone wanted to send.
It was relatively easy to pick out the real transaction among the mixins.
User privacy took the form of plausible deniability (“you can’t prove that I sent that transaction”) rather than true anonymity (“you don’t know who sent that transaction”).
Confidential transactions, which conceal the denomination of transactions.
This was implemented in Monero’s ring signature system with the RingCT update in 2017.
Now the mixins can be any previous transaction of any denomination.
Users could choose how many mixins they wanted to include in a transaction.
Most people used zero mixins because doing so lowered their transaction fees.
Consequently, whenever someone’s zero-mixin transaction appeared in another transaction as a mixin, it was obviously the decoy.
Make mixins mandatory for all transactions.
Zero-mixin transactions were banned in 2016 and the minimum number of mixins allowed was set at 4.
This minimum mixin requirement has been increased over time and as of September 2019 is set at 10.
Monero’s solutions often had to be refined and tweaked over time.
For example, up until 2018 anyone could choose their own ring size (number of mixins) as long as it was above the minimum required. But this unintentionally created a new vulnerability, by making it easy to identify individuals who would consistently use the same, unconventional number of mixins.
Even today, a number of ongoing improvements are needed before Monero can be called completely private.
Is Monero really anonymous?
Thanks to a principle called the “cascade effect”, it’s possible to map out a significant portion of the Monero network and identify the real transaction among the mixins in many cases.
The cascade effect is basically the principle where if you can identify one real transaction among the mixins anywhere in the network, then you know that transaction is a mixin when you see it somewhere else.
So by identifying enough real transactions, you can start ruling them out as mixins elsewhere, which lets you identify even more real transactions – a cascade, in other words.
Because most transactions used no mixins in Monero’s early days, there’s unfortunately a very solid foundation on which you can start building up the cascade effect. Because of the cascade effect, making mixins mandatory did not immediately solve the problem of zero mixins. It’s gradually repairing that security hole, but it didn’t fix it overnight.
The real threat to Monero’s anonymity comes from the fact that people can leverage a wide range of different techniques to identify mixins in as many places as possible, then use the principles of the cascade effect to start mapping out the entire network.
As of September 2019, Monero has three known privacy vulnerabilities.
Simply by assuming that the most recently timestamped transaction among the mixins is the real one, then following that trend along the cascade effect, you can map an estimated 80% of the Monero network.
This actually isn’t too much of a problem because that 80% figure is probabilistic.
In other words, an attacker only knows that they’ve mapped an estimated 80% of the network. They don’t know which 80% and don’t know that it actually is 80%.
A technique called a “closed set attack” lets you quickly identify thousands of real transactions to kickstart the cascade effect.
Leveraging a mathematical principle called “closed sets”, researchers have developed a formula which can quickly identify thousands of mixins in the Monero network, with the current ring size.
This can be used to kickstart the cascade effect and de-anonymise a portion of the network.
The published formula works for the current Monero ring size of 11 (10 mixins).
A higher ring size will necessitate a different, harder-to-develop formula.
By itself, this isn’t too much of a problem. The main issue is that it can be combined with other techniques and used as a basis for leveraging the cascade effect to map recent transactions.
You can cheaply spam the Monero network to create thousands of mixins of your own.
Spam the Monero network with transactions, so when you see your transactions used as mixins, you know they’re not real.
Accounting for the fact that spamming would raise transaction fees, it’s estimated that someone could get near-perfect oversight of the entire Monero network for just a few hundred dollars a day.
Larger ring signatures would help and as a side effect would also raise transaction fees, making this attack more expensive.
Additionally, higher daily transaction volumes would help. The community can also outspend attackers by spamming the network with transactions of their own.
Overall, most experts agree that most Monero transactions from 2014 to 2016 have likely been de-anonymised for a long time now.
Currently, between all of Monero’s current privacy vulnerabilities, lingering historic vulnerabilities (such as having no minimum ring size) and the cascade effect, it’s easy for anyone to de-anonymise the Monero network if they really want to.
There may also be more vulnerabilities and practical attacks which have not yet been made public.
Fortunately, even once you strip away all the additional privacy Monero offers, it’s still pseudonymous like Bitcoin. As such, Monero users who want to preserve their privacy can still use similar methods as they would with Bitcoin, such as Tor.
Monero vs other privacy coins
There are also other privacy coins, but they similarly have their own vulnerabilities and pros and cons to consider.
For all its issues, Monero still offers a much higher level of privacy than most other so-called “privacy coins”.
Zcash vs Monero
Where Monero uses ring signatures, Zcash uses zero knowledge proofs.
Other than Monero, Zcash is the world’s best-known privacy coin. Although like Monero, users will still have better privacy when using Zcash with Tor.
Zcash is widely regarded to offer the highest degree of privacy of any cryptocurrency, but only if you trust it.
This is because Zcash employed a trusted set-up. What this basically means is that you can only trust its privacy and the sanctity of monetary supply if you also trust the circumstances around its trusted set-up “ceremony”.
These circumstances offer an extremely high level of trust, but it’s still a good old fashioned human-to-human type of trust, rather than a cryptographic level of trustlessness. This is a deal-breaker for some people.
There’s also no way of confirming the size of the total Zcash supply, which is a deal-breaker for other people.
Verge vs Monero
Verge uses the Wraith Protocol where Monero uses ring signatures.
DASH has integrated CoinJoins into its system, where Monero uses ring signatures.
CoinJoins have been widely used in Bitcoin, as a system where multiple users agree to swap coins among each other to better conceal their spending trail.
The problem with CoinJoins is that the other users know who they’re swapping coins with and who’s sending funds where. Consequently, it’s a very incomplete sort of privacy.
In DASH, CoinJoins are carried out automatically by DASH masternodes, with a similar downside. The masternode itself (as in, the human who operates the masternode) can see who the parties to private transactions are and where the funds are going.
Disclaimer: Cryptocurrencies are speculative, complex and involve significant risks – they are highly
volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of
future performance. Consider your own circumstances, and obtain your own advice, before relying on this information.
You should also verify the nature of any product or service (including its legal status and relevant regulatory
requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may
have holdings in the cryptocurrencies discussed.
Andrew Munro is the cryptocurrency editor at Finder. He was initially writing about insurance, when he accidentally fell in love with digital currency and distributed ledger technology (aka “the blockchain”). Andrew has a Bachelor of Arts from the University of New South Wales, and has written guides about everything from industrial pigments to cosmetic surgery.
How likely would you be to recommend finder to a friend or colleague?
Very UnlikelyExtremely Likely
Thank you for your feedback.
Our goal is to create the best possible product, and your thoughts, ideas and suggestions play a major role in helping us identify opportunities to improve.
finder.com is an independent comparison platform and information service that aims to provide you with the tools you need to make better decisions. While we are independent, the offers that appear on this site are from companies from which finder.com receives compensation. We may receive compensation from our partners for placement of their products or services. We may also receive compensation if you click on certain links posted on our site. While compensation arrangements may affect the order, position or placement of product information, it doesn't influence our assessment of those products. Please don't interpret the order in which products appear on our Site as any endorsement or recommendation from us. finder.com compares a wide range of products, providers and services but we don't provide information on all available products, providers or services. Please appreciate that there may be other options available to you than the products, providers or services covered by our service.