Finder makes money from featured partners, but editorial opinions are our own. Advertiser Disclosure
Monero (XMR) is a cryptocurrency that was created in 2014 with the goal of being anonymous and private.
Just like Bitcoin, no one knows the real identity of Monero’s creator. But unlike Bitcoin, Monero wallet balances and payments remain concealed. These characteristics have made it attractive for those seeking private transactions and cryptocurrency speculators.
This guide explains how Monero actually works, how private it really is, its pros and cons and what to consider before buying.
Disclaimer: This information is not financial advice or an endorsement of cryptocurrency or any specific provider, service or offering. Cryptocurrencies are highly volatile and high risk. Do your own research and seek financial advice before buying. And make sure the provider you're interested in is available in your state.
| Ticker symbol | XMR |
|---|---|
| Use | Private currency |
| Year released | 2014 |
| Origin | Bytecoin fork |
| Maximum supply | 18.4 million |
| Consensus algorithm | RandomX |
| Notable team members | Riccardo Spagni |
| Mineable? | Yes |
Monero was devised in 2013 and launched in 2014 by a mysterious cryptographer known only as Nicolas van Saberhagen. The name is a pseudonym and von Saberhagen’s real identity is still unknown.
Monero is a cryptocurrency that’s intended to offer complete privacy for all transactions.
It’s similar to Bitcoin in many ways, with two key differences:
It’s important to note that all privacy cryptocurrencies are still experimental. All of them have pros and cons and none of them is perfect.
A privacy-conscious cryptocurrency user should not ask “is this private?” when choosing a coin, because there are always gradients of privacy, with different pros and cons. Instead, they need to ask “is this private enough for my needs?” and “what are the pros and cons?”.
By finding out how Monero works, you may be able to better answer those questions yourself.
At the surface level, Monero works the same way as Bitcoin. It’s a public cryptocurrency that uses a blockchain, so anyone can buy, sell, use and try to mine it.
Its main difference compared to Bitcoin is the privacy it offers, but before we dive into that, some of the other differences include dynamic scalability, fungibility, separated spend and view keys and attempts at ASIC mining resistance.
Monero’s block size automatically adjusts to the network load, within certain limits.
This helps keep fees low even as network activity increases. But it’s not a perfect scaling solution, as there’s a limit to how high block size can scale up.
It also doesn’t address underlying scalability issues such as nodes needing to download the entire blockchain.
As a side effect of its privacy, XMR is more fungible than Bitcoin. While “clean” BTC can attract premium prices compared to “dirty” BTC, all XMR tokens should have the same value.
Also as a side effect of its privacy, Monero uses separate spend and view key pairs. The spend key is used to sign transactions, the same way a Bitcoin private key is. But the view key is only used to view transactions and wallet balances.
Monero has attempted to resist application-specific integrated circuit (ASIC) mining, in an effort to keep mining decentralized around the world on home computers, rather than locked up by professional, dedicated crypto mining businesses. Results have been mixed.
Maintaining ASIC resistance is an arms race between developers and mining chip manufacturers, requiring frequent hard forks from developers and counter-efforts from manufacturers.
Over time, it’s become clear that this arms race favours the manufacturers. Monero hard forked to the RandomX mining algorithm on 30 November 2019 as a final attempt at ASIC resistance.
Monero is a proof of work cryptocurrency, like Bitcoin. This means it’s mined in a similar way, with thousands of computers all around the world solving math problems in a race to find the correct answer. Like Bitcoin mining, it uses a system where the more miners there are, the harder it is to mine coins.
For a more detailed explanation of proof of work mining, you can read the complete guide to Bitcoin mining.
There are a number of differences between Bitcoin and Monero mining though. For example, Monero mining difficulty adjusts each block, while Bitcoin difficulty only adjusts every two weeks on average. The biggest difference is that Monero uses RandomX for ASIC-resistance. This means it’s most efficient to mine Monero with general purpose processors, such as CPUs.
The reason for this can be clearly seen in a chart of Monero’s mining power, or “hashrate.”
The sharp drops in April 2018 and March 2019 were anti-ASIC forks. The sharp rise in November 2019 was the RandomX fork.
Essentially, the first two peaks were because small groups of miners kept dominating the network with powerful hardware, which made mining unprofitable for everyone else. The third spike was because lots of people were suddenly able to mine with weaker hardware, so the total hashrate went back up sharply, and more people were sharing the mining profits more evenly.
To work out whether mining Monero will be profitable, you need to do some calculations based on:
Monero mining calculators can make it easier to work out whether XMR mining will be profitable, because they let you simply enter a number of hashes per second, and how much you pay for electricity, and they then tell you whether mining will be profitable at current Monero prices.
To find out how many hashes per second you’ll get with different hardware, and how much electricity it consumes, you can either do some test mining, or search for RandomX hardware benchmarks.
Examples of popular Monero mining software include SRBMiner, XMRig and XMR-STAK-RX. In all cases, a reasonable amount of experience with computers is needed to safely mine Monero.
This is not an endorsement of any of those miners. Remember that you should always be cautious when downloading software, especially when it concerns cryptocurrency. You should only download open source mining software, from the official source, and only if you are confident it’s completely safe to do so.
Public blockchains by their very nature are completely transparent, public and open. So unlike most other systems, you can’t just make a blockchain private by putting a password on accounts or encrypting transactions.
For any anonymous cryptocurrency, the challenge of blockchain privacy can be summed up as needing to find a way of simultaneously:
Nicolas van Saberhagen was one of the first people to find a way of doing this, with a system they called “CryptoNote”, which is built around a cryptographic technique called “ring signatures”.
The ring signature system was first proposed in a 1991 paper, where it was called a “group signature scheme”. It was further refined into the ring signature system in a 2001 paper and evolved a bit more over the years. Then Nicholas van Saberhagen applied it to blockchain cryptocurrencies in a 2013 paper. Monero was released a year later.
Say you have a group of 10 government officials, all of whom have their own unique signature. One of these officials wants to leak a secret and prove that it really was leaked by 1 of the 10 government officials, but they also want to keep their identity a secret.
To do this, the leaker can create a ring signature, comprised of all 10 signatures. This ring signature can now be signed by any of the officials without anyone knowing which of the 10 signed it.
This is what ring signatures do. The way it actually works is beyond the scope of this guide, but it involves a lot of maths and computer science.
Monero uses ring signatures as a way for miners to know that a transaction has been signed and is valid, without knowing exactly which transaction they’re signing.
Just like the whistleblower in the example above creates a ring signature out of 10 real signatures, Monero creates a ring signature out of a bunch of real transactions. To do this, it needs to create a bunch of decoy transactions alongside the real one. These decoys are known as mixins, because they’re “mixed in” to transactions.
Now anyone who tries to trace Monero transactions gets confounded by all those decoys which were obscuring the real transaction. This is where Monero began. Since then the network has had to constantly and quickly evolve to maintain user privacy.
To get the most out of Monero, you should choose a suitable wallet. Simply holding Monero in an exchange wallet, for example, may not offer the level of privacy you want and can pose security risks.
Learn more about how to find the best Monero wallet.
Monero is constantly evolving to remain secure and anonymous, in a constant game of cat and mouse.
Privacy isn’t a thing you achieve, it’s a constant cat-and-mouse battle.”
This is because in its initial form, it was trivial for anyone to track Monero transactions if they really wanted to and there were two glaring problems with its ring signature system.
| The problem | The consequence | The solution |
|---|---|---|
| The mixins had to be real transactions that had already occurred on Monero, of the same denomination as the transaction someone wanted to send. | It was relatively easy to pick out the real transaction among the mixins. User privacy took the form of plausible deniability (“you can’t prove that I sent that transaction”) rather than true anonymity (“you don’t know who sent that transaction”). | Confidential transactions, which conceal the denomination of transactions. This was implemented in Monero’s ring signature system with the RingCT update in 2017. Now the mixins can be any previous transaction of any denomination. |
| Users could choose how many mixins they wanted to include in a transaction. | Most people used zero mixins because doing so lowered their transaction fees. Consequently, whenever someone’s zero-mixin transaction appeared in another transaction as a mixin, it was obviously the decoy. | Make mixins mandatory for all transactions. Zero-mixin transactions were banned in 2016 and the minimum number of mixins allowed was set at 4. This minimum mixin requirement has been increased over time and as of September 2019 is set at 10. |
Monero’s solutions often had to be refined and tweaked over time.
For example, up until 2018 anyone could choose their own ring size (number of mixins) as long as it was above the minimum required. But this unintentionally created a new vulnerability, by making it easy to identify individuals who would consistently use the same, unconventional number of mixins.
Even today, a number of ongoing improvements are needed before Monero can be called completely private.
Thanks to a principle called the “cascade effect”, it’s possible to map out a significant portion of the Monero network and identify the real transaction among the mixins in many cases.
The cascade effect is basically the principle where if you can identify one real transaction among the mixins anywhere in the network, then you know that transaction is a mixin when you see it somewhere else.
So by identifying enough real transactions, you can start ruling them out as mixins elsewhere, which lets you identify even more real transactions – a cascade, in other words.
Because most transactions used no mixins in Monero’s early days, there’s unfortunately a very solid foundation on which you can start building up the cascade effect. Because of the cascade effect, making mixins mandatory did not immediately solve the problem of zero mixins. It’s gradually repairing that security hole, but it didn’t fix it overnight.
The real threat to Monero’s anonymity comes from the fact that people can leverage a wide range of different techniques to identify mixins in as many places as possible, then use the principles of the cascade effect to start mapping out the entire network.
As of September 2019, Monero has three known privacy vulnerabilities.
| Vulnerability | How it works | Potential solution |
|---|---|---|
| The most recent transaction is statistically likely to be the real one. | Simply by assuming that the most recently timestamped transaction among the mixins is the real one, then following that trend along the cascade effect, you can map an estimated 80% of the Monero network. | This actually isn’t too much of a problem because that 80% figure is probabilistic. In other words, an attacker only knows that they’ve mapped an estimated 80% of the network. They don’t know which 80% and don’t know that it actually is 80%. |
| A technique called a “closed set attack” lets you quickly identify thousands of real transactions to kickstart the cascade effect. | Leveraging a mathematical principle called “closed sets”, researchers have developed a formula which can quickly identify thousands of mixins in the Monero network, with the current ring size. This can be used to kickstart the cascade effect and de-anonymise a portion of the network. | The published formula works for the current Monero ring size of 11 (10 mixins). A higher ring size will necessitate a different, harder-to-develop formula. By itself, this isn’t too much of a problem. The main issue is that it can be combined with other techniques and used as a basis for leveraging the cascade effect to map recent transactions. |
| You can cheaply spam the Monero network to create thousands of mixins of your own. | Spam the Monero network with transactions, so when you see your transactions used as mixins, you know they’re not real. This attack is extremely affordable. Median Monero transaction fees are $0.002 and the Monero network averages 5,000 transactions per day. Accounting for the fact that spamming would raise transaction fees, it’s estimated that someone could get near-perfect oversight of the entire Monero network for just a few hundred dollars a day. | Larger ring signatures would help and as a side effect would also raise transaction fees, making this attack more expensive. Additionally, higher daily transaction volumes would help. The community can also outspend attackers by spamming the network with transactions of their own. |
Overall, most experts agree that most Monero transactions from 2014 to 2016 have likely been de-anonymised for a long time now.
Currently, between all of Monero’s current privacy vulnerabilities, lingering historic vulnerabilities (such as having no minimum ring size) and the cascade effect, it’s easy for anyone to de-anonymise the Monero network if they really want to.
There may also be more vulnerabilities and practical attacks which have not yet been made public.
Fortunately, even once you strip away all the additional privacy Monero offers, it’s still pseudonymous like Bitcoin. As such, Monero users who want to preserve their privacy can still use similar methods as they would with Bitcoin, such as Tor.
There are also other privacy coins, but they similarly have their own vulnerabilities and pros and cons to consider.
For all its issues, Monero still offers a much higher level of privacy than most other so-called “privacy coins”.
Where Monero uses ring signatures, Zcash uses zero knowledge proofs.
Other than Monero, Zcash is the world’s best-known privacy coin. Although like Monero, users will still have better privacy when using Zcash with Tor.
Zcash is widely regarded to offer the highest degree of privacy of any cryptocurrency, but only if you trust it.
This is because Zcash employed a trusted set-up. What this basically means is that you can only trust its privacy and the sanctity of monetary supply if you also trust the circumstances around its trusted set-up “ceremony”.
These circumstances offer an extremely high level of trust, but it’s still a good old fashioned human-to-human type of trust, rather than a cryptographic level of trustlessness. This is a deal-breaker for some people.
There’s also no way of confirming the size of the total Zcash supply, which is a deal-breaker for other people.
Verge uses the Wraith Protocol where Monero uses ring signatures.
Wraith Protocol does not work as described, there is no serious cryptographic or academic research behind Wraith Protocol and Verge does not offer any meaningful level of privacy.
DASH has integrated CoinJoins into its system, where Monero uses ring signatures.
CoinJoins have been widely used in Bitcoin, as a system where multiple users agree to swap coins among each other to better conceal their spending trail.
The problem with CoinJoins is that the other users know who they’re swapping coins with and who’s sending funds where. Consequently, it’s a very incomplete sort of privacy.
In DASH, CoinJoins are carried out automatically by DASH masternodes, with a similar downside. The masternode itself (as in, the human who operates the masternode) can see who the parties to private transactions are and where the funds are going.
As such, DASH privacy has potential flaws.
Step-by-step guide to buying Monero
Disclosure: At the time of writing the author holds BTC, BNB.
NFTs take many forms, and NFT art makes up a large portion of the market.
Crypto portfolio trackers are a must to stay on top of your crypto investments. Here’s our list of the standout trackers to consider with pros and cons for each.
Taproot seeks to make the Bitcoin network better equipped to handle smart contracts as well as increase its overall privacy.
Bitcoin is losing market share to coins like ETH, UNI and DOT as the price struggles to stay above $30,000 while interest fades.
Confused about DeFi? Find out how it works in this easy-to-read guide.
Learn more about Bitcoin SV in this comprehensive guide.
Despite most analysts believing that the upcoming “halving” will not follow previous patterns, acclaimed investor Tim Draper believes that bitcoin is on its way to over $250,000 per coin.
Learn more about security tokens and why some experts consider them the next big thing in the cryptocurrency space.
Best site with low exchange rates
Hi Peter,
Thanks for getting in touch with finder. I hope all is well with you. :)
Let me see if I have this correct, you want to know which Monero exchange has the best fees? If this is your question, then the answer depends on your needs and preference. To compare your options, it would be helpful to use our table found above this page. Click on the “View details” to know the fees for each exchange. If you want to know more, you can click on the name of the exchange to read our individual reviews. Once you found the right exchange, please click the “Go to site” green button to be redirected to their website.
I hope this helps. Should you have further questions, please don’t hesitate to reach us out again.
Have a wonderful day!
Cheers,
Joshua
I am doing mining from several days and using monero wallet. i am not able to see my monero balance in wallet when signing in with secret key. however i am able to see my balance when I am searching with my wallet address in pool website (nanopool) search bar also able to see worker machines details.
can you please explain why this is happening
Hi Pawan,
Thanks for getting in touch with finder.
One of the most common reasons this may happen is a failure to sync. You may want to wait for about 24-48 hours more to see whether your missing balance will reflect your account or not.
Another reason is that you Monero isn’t mined directly to your wallet. It’s held in the pool and you will only see it until you exceeded the minimum payout amount.
Please note that we are not affiliated to any cryptocurrency wallet. Thus, we can only offer general advice. You might want to directly get in touch with your wallet’s developer or someone else who might have the right knowledge to help you. You may also want to search the Internet or join forums to get a more personalized answer.
I hope this helps. Should you have further questions, please don’t hesitate to reach us out again.
Have a wonderful day!
Cheers,
Joshua