Get the Finder app 🥳

Track your credit score

Free

What is Monero (XMR)?

Find out how Monero works, whether it’s truly anonymous and what you should know about its coin.

Updated . What changed?

Fact checked
Promoted

Swyftx Cryptocurrency Exchange

Swyftx Cryptocurrency Exchange logo
  • 170+ cryptocurrencies
  • Fast online ID verification & deposits
  • Low fees and spreads
  • Demo mode for beginner traders
Go to site

We’re committed to our readers and editorial independence. We don’t compare all products in the market and may receive compensation when we refer you to our partners, but this does not influence our opinions or reviews. Learn more about Finder.

Monero (XMR) is a cryptocurrency that was created in 2014 with the goal of being anonymous and private.

Just like Bitcoin, no one knows the real identity of Monero's creator. But unlike Bitcoin, Monero wallet balances and payments remain concealed. These characteristics have made it attractive for those seeking private transactions and cryptocurrency speculators.

This guide explains how Monero actually works, how private it really is, its pros and cons and what to consider before buying.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade.

Monero logo

Live Monero (XMR) price

Loading...

Data sourced from Binance

Monero at a glance

Ticker symbolXMR
UsePrivate currency
Year released2014
OriginBytecoin fork
Maximum supply18.4 million
Consensus algorithmRandomX
Notable team membersRiccardo Spagni
Mineable?Yes

What is Monero?

Monero was devised in 2013 and launched in 2014 by a mysterious cryptographer known only as Nicolas van Saberhagen. The name is a pseudonym and von Saberhagen's real identity is still unknown.

Monero is a cryptocurrency that's intended to offer complete privacy for all transactions.

Monero vs Bitcoin

It's similar to Bitcoin in many ways, with two key differences:

  1. It's designed to be completely anonymous and private. By contrast, Bitcoin wallet balances and transaction information are completely public.
  2. It uses a very different mining scheme to Bitcoin, which is largely focused on ensuring that people are still able to profitably mine it at home.

It's important to note that all privacy cryptocurrencies are still experimental. All of them have pros and cons and none of them is perfect.

A privacy-conscious cryptocurrency user should not ask "is this private?" when choosing a coin, because there are always gradients of privacy, with different pros and cons. Instead, they need to ask "is this private enough for my needs?" and "what are the pros and cons?".

By finding out how Monero works, you may be able to better answer those questions yourself.

How does Monero work?

At the surface level, Monero works the same way as Bitcoin. It's a public cryptocurrency that uses a blockchain, so anyone can buy, sell, use and try to mine it.

Its main difference compared to Bitcoin is the privacy it offers, but before we dive into that, some of the other differences include dynamic scalability, fungibility, separated spend and view keys and attempts at ASIC mining resistance.

Monero's dynamic scalability

Monero's block size automatically adjusts to the network load, within certain limits.

This helps keep fees low even as network activity increases. But it's not a perfect scaling solution, as there's a limit to how high block size can scale up.

It also doesn't address underlying scalability issues such as nodes needing to download the entire blockchain.

Monero's fungibility

As a side effect of its privacy, XMR is more fungible than Bitcoin. While "clean" BTC can attract premium prices compared to "dirty" BTC, all XMR tokens should have the same value.

Separate spend and view keys

Also as a side effect of its privacy, Monero uses separate spend and view key pairs. The spend key is used to sign transactions, the same way a Bitcoin private key is. But the view key is only used to view transactions and wallet balances.

ASIC resistance

Monero has attempted to resist application-specific integrated circuit (ASIC) mining, in an effort to keep mining decentralised around the world on home computers, rather than locked up by professional, dedicated crypto mining businesses. Results have been mixed.

Maintaining ASIC resistance is an arms race between developers and mining chip manufacturers, requiring frequent hard forks from developers and counter-efforts from manufacturers.

Over time, it's become clear that this arms race favours the manufacturers. Monero hard forked to the RandomX mining algorithm on 30 November 2019 as a final attempt at ASIC resistance.

Monero mining

Monero is a proof of work cryptocurrency, like Bitcoin. This means it's mined in a similar way, with thousands of computers all around the world solving math problems in a race to find the correct answer. Like Bitcoin mining, it uses a system where the more miners there are, the harder it is to mine coins.

For a more detailed explanation of proof of work mining, you can read the complete guide to Bitcoin mining.

There are a number of differences between Bitcoin and Monero mining though. For example, Monero mining difficulty adjusts each block, while Bitcoin difficulty only adjusts every two weeks on average. The biggest difference is that Monero uses RandomX for ASIC-resistance. This means it's most efficient to mine Monero with general purpose processors, such as CPUs.

The reason for this can be clearly seen in a chart of Monero's mining power, or "hashrate."

Picture not described

The sharp drops in April 2018 and March 2019 were anti-ASIC forks. The sharp rise in November 2019 was the RandomX fork.

Essentially, the first two peaks were because small groups of miners kept dominating the network with powerful hardware, which made mining unprofitable for everyone else. The third spike was because lots of people were suddenly able to mine with weaker hardware, so the total hashrate went back up sharply, and more people were sharing the mining profits more evenly.

Monero mining profitability

To work out whether mining Monero will be profitable, you need to do some calculations based on:

  1. Your hardware - how many hashes per second you can perform and how much energy it consumes
  2. Your electricity prices - how much mining will cost you in energy bills
  3. Current Monero prices - how much you'll earn from successful mining

Monero mining calculators can make it easier to work out whether XMR mining will be profitable, because they let you simply enter a number of hashes per second, and how much you pay for electricity, and they then tell you whether mining will be profitable at current Monero prices.

To find out how many hashes per second you'll get with different hardware, and how much electricity it consumes, you can either do some test mining, or search for RandomX hardware benchmarks.

How to mine Monero (step by step guide)

  1. Work out whether Mining Monero is profitable
  2. Download your preferred Monero mining software
  3. Run and configure your mining software
  4. Join a mining pool (optional)
  5. Start mining

Examples of popular Monero mining software include SRBMiner, XMRig and XMR-STAK-RX. In all cases, a reasonable amount of experience with computers is needed to safely mine Monero.

This is not an endorsement of any of those miners. Remember that you should always be cautious when downloading software, especially when it concerns cryptocurrency. You should only download open source mining software, from the official source, and only if you are confident it's completely safe to do so.

How Monero privacy works

Public blockchains by their very nature are completely transparent, public and open. So unlike most other systems, you can't just make a blockchain private by putting a password on accounts or encrypting transactions.

For any anonymous cryptocurrency, the challenge of blockchain privacy can be summed up as needing to find a way of simultaneously:

  • Letting anyone verify that transactions are correct and valid
  • Not letting anyone see what those transactions are

Nicolas van Saberhagen was one of the first people to find a way of doing this, with a system they called "CryptoNote", which is built around a cryptographic technique called "ring signatures".

The ring signature system was first proposed in a 1991 paper, where it was called a "group signature scheme". It was further refined into the ring signature system in a 2001 paper and evolved a bit more over the years. Then Nicholas van Saberhagen applied it to blockchain cryptocurrencies in a 2013 paper. Monero was released a year later.

Ring signatures explained

Say you have a group of 10 government officials, all of whom have their own unique signature. One of these officials wants to leak a secret and prove that it really was leaked by 1 of the 10 government officials, but they also want to keep their identity a secret.

To do this, the leaker can create a ring signature, comprised of all 10 signatures. This ring signature can now be signed by any of the officials without anyone knowing which of the 10 signed it.

This is what ring signatures do. The way it actually works is beyond the scope of this guide, but it involves a lot of maths and computer science.

How Monero uses ring signatures

Monero uses ring signatures as a way for miners to know that a transaction has been signed and is valid, without knowing exactly which transaction they're signing.

Just like the whistleblower in the example above creates a ring signature out of 10 real signatures, Monero creates a ring signature out of a bunch of real transactions. To do this, it needs to create a bunch of decoy transactions alongside the real one. These decoys are known as mixins, because they're "mixed in" to transactions.

Now anyone who tries to trace Monero transactions gets confounded by all those decoys which were obscuring the real transaction. This is where Monero began. Since then the network has had to constantly and quickly evolve to maintain user privacy.

How to hold Monero

To get the most out of Monero, you should choose a suitable wallet. Simply holding Monero in an exchange wallet, for example, may not offer the level of privacy you want and can pose security risks.

Learn more about how to find the best Monero wallet.

How Monero is developing

Monero is constantly evolving to remain secure and anonymous, in a constant game of cat and mouse.

Privacy isn't a thing you achieve, it's a constant cat-and-mouse battle.”

Riccardo Spagni, Monero core developer

This is because in its initial form, it was trivial for anyone to track Monero transactions if they really wanted to and there were two glaring problems with its ring signature system.

The problemThe consequenceThe solution
The mixins had to be real transactions that had already occurred on Monero, of the same denomination as the transaction someone wanted to send.It was relatively easy to pick out the real transaction among the mixins.

User privacy took the form of plausible deniability ("you can't prove that I sent that transaction") rather than true anonymity ("you don't know who sent that transaction").

Confidential transactions, which conceal the denomination of transactions.

This was implemented in Monero's ring signature system with the RingCT update in 2017.

Now the mixins can be any previous transaction of any denomination.

Users could choose how many mixins they wanted to include in a transaction.Most people used zero mixins because doing so lowered their transaction fees.

Consequently, whenever someone's zero-mixin transaction appeared in another transaction as a mixin, it was obviously the decoy.

Make mixins mandatory for all transactions.

Zero-mixin transactions were banned in 2016 and the minimum number of mixins allowed was set at 4.

This minimum mixin requirement has been increased over time and as of September 2019 is set at 10.

Monero's solutions often had to be refined and tweaked over time.

For example, up until 2018 anyone could choose their own ring size (number of mixins) as long as it was above the minimum required. But this unintentionally created a new vulnerability, by making it easy to identify individuals who would consistently use the same, unconventional number of mixins.

Even today, a number of ongoing improvements are needed before Monero can be called completely private.

Is Monero really anonymous?

Thanks to a principle called the "cascade effect", it's possible to map out a significant portion of the Monero network and identify the real transaction among the mixins in many cases.

The cascade effect is basically the principle where if you can identify one real transaction among the mixins anywhere in the network, then you know that transaction is a mixin when you see it somewhere else.

So by identifying enough real transactions, you can start ruling them out as mixins elsewhere, which lets you identify even more real transactions – a cascade, in other words.

Because most transactions used no mixins in Monero's early days, there's unfortunately a very solid foundation on which you can start building up the cascade effect. Because of the cascade effect, making mixins mandatory did not immediately solve the problem of zero mixins. It's gradually repairing that security hole, but it didn't fix it overnight.

The real threat to Monero's anonymity comes from the fact that people can leverage a wide range of different techniques to identify mixins in as many places as possible, then use the principles of the cascade effect to start mapping out the entire network.

As of September 2019, Monero has three known privacy vulnerabilities.

VulnerabilityHow it worksPotential solution
The most recent transaction is statistically likely to be the real one.Simply by assuming that the most recently timestamped transaction among the mixins is the real one, then following that trend along the cascade effect, you can map an estimated 80% of the Monero network.This actually isn't too much of a problem because that 80% figure is probabilistic.

In other words, an attacker only knows that they've mapped an estimated 80% of the network. They don't know which 80% and don't know that it actually is 80%.

A technique called a "closed set attack" lets you quickly identify thousands of real transactions to kickstart the cascade effect.Leveraging a mathematical principle called "closed sets", researchers have developed a formula which can quickly identify thousands of mixins in the Monero network, with the current ring size.

This can be used to kickstart the cascade effect and de-anonymise a portion of the network.

The published formula works for the current Monero ring size of 11 (10 mixins).

A higher ring size will necessitate a different, harder-to-develop formula.

By itself, this isn't too much of a problem. The main issue is that it can be combined with other techniques and used as a basis for leveraging the cascade effect to map recent transactions.

You can cheaply spam the Monero network to create thousands of mixins of your own.Spam the Monero network with transactions, so when you see your transactions used as mixins, you know they're not real.

This attack is extremely affordable.

Median Monero transaction fees are $0.002 and the Monero network averages 5,000 transactions per day.

Accounting for the fact that spamming would raise transaction fees, it's estimated that someone could get near-perfect oversight of the entire Monero network for just a few hundred dollars a day.

Larger ring signatures would help and as a side effect would also raise transaction fees, making this attack more expensive.

Additionally, higher daily transaction volumes would help. The community can also outspend attackers by spamming the network with transactions of their own.

Overall, most experts agree that most Monero transactions from 2014 to 2016 have likely been de-anonymised for a long time now.

Currently, between all of Monero's current privacy vulnerabilities, lingering historic vulnerabilities (such as having no minimum ring size) and the cascade effect, it's easy for anyone to de-anonymise the Monero network if they really want to.

There may also be more vulnerabilities and practical attacks which have not yet been made public.

Fortunately, even once you strip away all the additional privacy Monero offers, it's still pseudonymous like Bitcoin. As such, Monero users who want to preserve their privacy can still use similar methods as they would with Bitcoin, such as Tor.

Monero vs other privacy coins

There are also other privacy coins, but they similarly have their own vulnerabilities and pros and cons to consider.

For all its issues, Monero still offers a much higher level of privacy than most other so-called "privacy coins".

Zcash vs Monero

Where Monero uses ring signatures, Zcash uses zero knowledge proofs.

Other than Monero, Zcash is the world's best-known privacy coin. Although like Monero, users will still have better privacy when using Zcash with Tor.

Zcash is widely regarded to offer the highest degree of privacy of any cryptocurrency, but only if you trust it.

This is because Zcash employed a trusted set-up. What this basically means is that you can only trust its privacy and the sanctity of monetary supply if you also trust the circumstances around its trusted set-up "ceremony".

These circumstances offer an extremely high level of trust, but it's still a good old fashioned human-to-human type of trust, rather than a cryptographic level of trustlessness. This is a deal-breaker for some people.

There's also no way of confirming the size of the total Zcash supply, which is a deal-breaker for other people.

DASH vs Monero

DASH has integrated CoinJoins into its system, where Monero uses ring signatures.

CoinJoins have been widely used in Bitcoin, as a system where multiple users agree to swap coins among each other to better conceal their spending trail.

The problem with CoinJoins is that the other users know who they're swapping coins with and who's sending funds where. Consequently, it's a very incomplete sort of privacy.

In DASH, CoinJoins are carried out automatically by DASH masternodes, with a similar downside. The masternode itself (as in, the human who operates the masternode) can see who the parties to private transactions are and where the funds are going.

As such, DASH privacy is also very flawed and incomplete.

Where to buy and trade Monero

Name Product Deposit methods Fiat Currencies Cryptocurrencies
Credit card,Cryptocurrency,Debit card,Osko,PayID
USD, AUD, GBP, CAD, EUR, CNY, RUB, TRY, NGN, UAH & 40+ more

268
cryptocurrencies

Get $5 cashback when you make your first PayID/Osko deposit on Binance.com/au.
Binance is the world’s largest exchange by trading volume. Get started with instant zero fee AUD deposits and withdrawals in Australia, and enjoy low trading fees, a wide selection of cryptocurrencies and 24/7 local customer support.
Electronic Funds Transfer,Wire transfer,Osko,PayID,Ethana Custody
USD, EUR, GBP, JPY, CAD, CHF, AUD

47
cryptocurrencies

Buy, sell and trade a range of digital currencies on this high-liquidity exchange – suitable for beginners right through to advanced traders.

UK residents: In addition to normal crypto trading, Kraken offers margin lending. As this is a regulated activity which they are not authorised to offer in the UK, we advise you not to use this service. If you're interested in margin trading, see authorised providers.
Credit card,Cryptocurrency
USD, EUR, AUD, CAD, CHF, CZK, DKK, GBP, HUF, ILS & 20+ more

115
cryptocurrencies

Trade various coins through a global crypto to crypto exchange based in the US.
Cryptocurrency
USD, EUR, GBP, JPY

164
cryptocurrencies

Cryptocurrencies are a highly volatile investment product. Your capital is at risk.
Spot trade all of the major cryptos on this full-featured exchange and margin trading platform.
HitBTC Multi-currency Exchange
HitBTC Multi-currency Exchange
Bank transfer (SEPA),SWIFT
USD, EUR

212
cryptocurrencies

Buy crypto with fiat (USD/EUR) and trade over 150 other digital assets on this Europe-based exchange platform.
loading

Compare up to 4 providers

Step-by-step guide to buying Monero

Disclaimer: Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Disclosure: At the time of writing the author holds BTC, BNB.

More guides on Finder

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Go to site