The protocol isopen source and based onCryptoNote v2, a concept described in a 2013white paper authored by Nicolas van Saberhagen. Developers used this concept to design Monero, and deployed itsmainnet in 2014. The Monero protocol includes various methods to obfuscate transaction details, though users can optionally share view keys for third-party auditing.[3] Transactions are validated through aminer network running RandomX, aproof-of-work algorithm. The algorithm issues new coins to miners and was designed to be resistant againstapplication-specific integrated circuit (ASIC) mining.
Monero's privacy features have attractedcypherpunks and users desiring privacy measures not provided in other cryptocurrencies. A 2022 study inFSI Digital Investigations concluded "For now, Monero is untraceable. However, it is probably only a matter of time and effort before it changes."[4] Due to its perceived untraceability Monero is gaining increased use in illicit activities such asmoney laundering,darknet markets,ransomware,cryptojacking, and otherorganized crime.
Background
Monero's roots trace back toCryptoNote v2, acryptocurrency protocol first introduced in awhite paper published by the presumed pseudonymous Nicolas van Saberhagen in October 2013.[5] In the paper, the author described privacy and anonymity as "the most important aspects of electronic cash" and characterizedbitcoin's traceability as a "critical flaw".[6] A Bitcointalk forum user known as "thankful_for_today" implemented these ideas into a coin they called BitMonero. However, other forum users disagreed withthankful_for_today's direction for BitMonero and decided to fork it in 2014, leading to the creation of Monero.[5]Monero translates tocoin inEsperanto.[5] The plural of monero ("moneroj") is likewise formed usingEsperanto grammar. Both van Saberhagen andthankful_for_today remain anonymous.[5]
Monero has the third-largest community of developers, behind bitcoin andEthereum.[6] The protocol's lead maintainer was previously South African developer Riccardo Spagni.[7] Much of the core development team chooses to remain anonymous.[8]
Improvements to Monero's protocol and features are, in part, the task of the Monero Research Lab (MRL), some of whom are anonymous.[citation needed]
Monero's key features are those around privacy and anonymity.[9][5][8] Even though it is a public and decentralized ledger, all transaction details are obfuscated.[10] This contrasts to bitcoin, where all transaction details, user addresses, and wallet balances are public and transparent.[5][8] These features have given Monero a loyal following amongcrypto anarchists,cypherpunks, and privacy advocates.[6]
The transaction outputs, or notes, of users sending Monero are obfuscated throughring signatures, which groups a sender's outputs with other decoy outputs.[citation needed] Encryption of transaction amounts began in 2017 with the implementation of ring confidential transactions (RingCTs).[5][11] Developers also implemented azero-knowledge proof method, "Bulletproofs", which guarantee a transaction occurred without revealing its value.[12] Monero recipients are protected through "stealth addresses", public keys generated by the sender that are untraceable to the receiver by a network observer.[5] These privacy features are enforced on the network by default.[5]
Monero uses Dandelion++, a protocol which obscures theIP address of devices producing transactions. This is done through a method of transaction broadcast propagation; new transactions are initially passed to one node on Monero's peer-to-peer network, and a repeatedprobabilistic method is used to determine when the transaction should be sent to just one node or broadcast to many nodes in a process called flooding.[13][14]
Transaction tracing research
In April 2017, researchers highlighted three major threats to Monero users' privacy. The first relies on leveraging the ring signature size of zero, and ability to see the output amounts. The second, "Leveraging Output Merging", involves tracking transactions where two outputs belong to the same user, such as when they send funds to themselves ("churning"). Finally, "Temporal Analysis", shows that predicting the right output in a ring signature could potentially be easier than previously thought.[15] In 2018, researchers presented possible vulnerabilities in a paper titled "An Empirical Analysis of Traceability in the Monero Blockchain".[16]
In September 2020, the United StatesInternal Revenue Service'scriminal investigation division (IRS-CI), posted a $625,000 bounty for contractors who could develop tools to help trace Monero, other privacy-enhanced cryptocurrencies, the BitcoinLightning Network, or other "layer 2" protocol.[17][6] The contract was awarded to blockchain analysis groupsChainalysis and Integra FEC.[6]
In 2021, researchers presented a transaction-flooding attack against Monero’s transaction-graph privacy at the IEEE International Conference on Blockchain and Cryptocurrency. Under specific assumptions about transaction structure and fees, the "FloodXMR" attack modelled how an adversary who floods the blockchain with their own transactions could, over time, deanonymize a substantial fraction of new transaction inputs at relatively low cost.[18]
Mining
Monero GUI running on a remote node
Monero uses aproof-of-work algorithm, RandomX, to validate transactions. The method was introduced in November 2019 to replace the former algorithm CryptoNightR.[citation needed] Both algorithms were designed to be resistant to ASIC mining, which is commonly used to mine other cryptocurrencies such asbitcoin.[19][20] Monero can be mined somewhat efficiently on consumer-grade hardware such asx86,x86-64,ARM andGPUs, a design decision which was based on Monero project's opposition to mining centralisation which ASIC mining creates,[21] but has also resulted in Monero's popularity amongmalware-based non-consensual miners.[22][23]
Use
Monero's privacy features have made it popular for illicit purposes.[10][24][25]
Monero is a common medium of exchange ondarknet markets.[5] In August 2016, dark marketAlphaBay permitted its vendors to start accepting Monero as an alternative to bitcoin.[5] The site was taken offline by law enforcement in 2017,[28] but it was relaunched in 2021 with Monero as the sole permitted currency.[29]Reuters reported in 2019 that three of the five largest darknet markets accepted Monero, though bitcoin was still the most widely used form of payment in those markets.[10]
In late 2017, malware and antivirus service providers blocked Coinhive, aJavaScript implementation of a Monero miner that was embedded in websites and apps, in some cases by hackers. Coinhive wrote the script as an alternative to advertisements; a website or app could embed it, and use website visitors'CPU to mine the cryptocurrency while the visitor is consuming the content of the webpage, with the site or app owner getting a percentage of the mined coins.[30] Some websites and apps did this without informing visitors, or in some cases using all possible system resources. As a result, the script was blocked by companies offeringad blocking subscription lists, antivirus services, and antimalware services.[31][32] Coinhive had been previously found hidden inShowtime-owned streaming platforms[33] andStarbucks Wi-Fi hotspots in Argentina.[7][34] Researchers in 2018 found similar malware that mined Monero and sent it toKim Il-sung University inNorth Korea.[35]
Ransomware
Ransomware deployed in 2021 byREvil. The hackers are demanding payment in Monero.[36]
Monero is sometimes used byransomware groups. According toCNBC, in the first half of 2018, Monero was used in 44% of cryptocurrencyransomware attacks.[37]
The perpetrators of the 2017WannaCry ransomware attack, which was attributed by the US government to North Korean threat actors,[38] attempted to exchange the ransom they collected in Bitcoin to Monero.Ars Technica andFast Company reported that the exchange was successful,[39][7] butBBC News reported that the service the criminals attempted to use,ShapeShift, denied any such transfer.[40]The Shadow Brokers, who leaked the exploits which were subsequently used in WannaCry but are unlikely to have been involved in the attack, began accepting Monero as payment later in 2017.[39]
In 2021,CNBC, theFinancial Times, andNewsweek reported that demand for Monero was increasing following the recovery of a bitcoin ransom paid in theColonial Pipeline cyber attack.[8][6][41] The May 2021 hack forced the pipeline to pay a $4.4M ransom in bitcoin, though a large portion was recovered by the United States federal government the following month.[41] The group behind the attack,DarkSide, normally requests payment in either bitcoin or Monero, but charge a 10–20% premium for payments made in bitcoin due to its increased traceability risk.[6] Ransomware groupREvil removed the option of paying ransom in bitcoin in 2021, demanding only Monero.[6] Ransomware negotiators, groups that help victims pay ransoms, have contacted Monero developers to understand the technology.[6] Despite this, CNBC reported that bitcoin was still the currency of choice demanded in most ransomware attacks, as insurers refuse to pay Monero ransom payments because of traceability concerns.[8]
Regulatory responses
The attribution of Monero to illicit markets has influenced some exchanges to forgo listing it. This has made it more difficult for users to exchange Monero for fiat currencies or other cryptocurrencies.[8] Exchanges in South Korea and Australia have delisted Monero and other privacy coins due to regulatory pressure.[42]
In 2018,Europol and its directorRob Wainwright wrote that the year would see criminals shift from using bitcoin to using Monero, as well as Ethereum,Dash, andZcash.[43]Bloomberg andCNN reported that this demand for Monero was because authorities were becoming better at monitoring the Bitcoin blockchain.[44][43]
On 20 February 2024, the cryptocurrency exchangeBinance delisted Monero, citing regulatory compliance.[45]
On 11 April 2024,Kraken announced that they would be delisting Monero for users located in Ireland and Belgium on 10 June. Monero deposits and trades were suspended on 10 May.[46] On 31 October 2024, Kraken halted all trading and deposits of Monero for users in theEEA. In the following months, Monero withdrawals were suspended for EEA users, and any remaining Monero balances were converted to bitcoin.[47][non-primary source needed] The United StatesInternal Revenue Service (IRS) has offered funding for contractors that can develop Monero tracing technologies.[17]
^Bahamazava, Katsiaryna; Nanda, Rohan (March 2022). "The shift of DarkNet illegal drug trade preferences in cryptocurrency: The question of traceability and deterrence".Forensic Science International: Digital Investigation.40 301377.doi:10.1016/j.fsidi.2022.301377.
^Alsalami, Nasser; Zhang, Bingsheng (2019). "SoK: A Systematic Study of Anonymity in Cryptocurrencies".2019 IEEE Conference on Dependable and Secure Computing (DSC). pp. 1–6.doi:10.1109/DSC47296.2019.8937681.
^Moser, Malte et al. (2018). "An Empirical Analysis of Traceability in the Monero Blockchain".Proceedings on Privacy Enhancing Technologies.2018 (3): 143.doi:10.1515/popets-2018-0025.
^Chervinski, João Otávio Massari; Kreutz, Diego; Yu, Jiangshan (2021). "Analysis of Transaction Flooding Attacks Against Monero".2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). IEEE. pp. 1–8.doi:10.1109/ICBC51069.2021.9461084.