Monero

Monero (XMR) is a decentralized cryptocurrency. It uses a public distributed ledger with privacy-enhancing technologies that obfuscate transactions to achieve anonymity and fungibility. Observers cannot decipher addresses trading monero, transaction amounts, address balances, or transaction histories.

The protocol is open source and based on CryptoNote, a concept described in a 2013 white paper authored by Nicolas van Saberhagen. The cryptography community used this concept to design Monero, and deployed its mainnet in 2014. Monero uses ring signatures, zero-knowledge proofs, "stealth addresses", and IP address obscuring methods to obfuscate transaction details. These features are baked into the protocol, though users can optionally share view keys for third party auditing. Transactions are validated through a miner network running RandomX, a proof of work algorithm. The algorithm issues new coins to miners, and was designed to be resistant to ASIC mining.

Monero has the third largest developer community among cryptocurrencies, behind bitcoin and Ethereum. Its privacy features have attracted cypherpunks and users desiring privacy measures not provided in other cryptocurrencies. It is increasingly used in illicit activities such as money laundering, darknet markets, ransomware, and cryptojacking. The United States Internal Revenue Service (IRS) has posted bounties for contractors that can develop monero tracing technologies.

Background
Monero's roots can be traced back to CryptoNote, a cryptocurrency protocol first described in a white paper published by Nicolas van Saberhagen (presumed pseudonymous) in October 2013. The author described privacy and anonymity as "the most important aspects of electronic cash" and called bitcoin's traceability a "critical flaw". A Bitcointalk forum user "thankful_for_today" coded these ideas into a coin they dubbed BitMonero. Other forum users disagreed with thankful_for_today's direction for BitMonero, so forked it in 2014 to create monero. Monero translates to coin in Esperanto, and the Esperanto moneroj is sometimes used for plural. Both van Saberhagen and thankful_for_today remain anonymous.

Monero has the third largest community of developers, behind bitcoin and Ethereum. The protocol's lead maintainer was previously South African developer Riccardo Spagni. Much of the core development team chooses to remain anonymous.

Privacy
Monero's key features are those around privacy and anonymity. Even though it is a public and decentralized ledger, all transaction details are obfuscated. This contrasts to bitcoin, where all transaction details, user addresses, and wallet balances are public and transparent. These features have given Monero a loyal following among crypto anarchists, cypherpunks, and privacy advocates.

The addresses of users sending Monero are protected through ring signatures, which groups a sender's address with other addresses. Obfuscation of transaction amounts began in 2017 with the implementation of ring confidential transactions (RingCTs). Developers also implemented a zero-knowledge proof method, "Bulletproofs", which guarantee a transaction occurred without revealing its value. Monero recipients are protected through "stealth addresses", addresses generated by users to receive funds, but untraceable to an owner by a network observer. These privacy features are enforced on the network by default, though users have the option to share a private view key to permit third party auditing of their wallet, or a transaction key to audit a transaction.

Monero uses Dandelion++, a protocol which obscures the IP address of devices producing transactions. This is done through a method of transaction broadcast propagation; new transactions are initially passed to one node on Monero's peer-to-peer network, and a repeated probabilistic method is used to determine when the transaction should be sent to just one node or broadcast to many nodes in a process called flooding. This method was motivated by the growing blockchain analysis market and the potential use of botnets for analysis.

Efforts to trace transactions
In April 2017, researchers highlighted three major threats to Monero users' privacy. The first relies on leveraging the ring signature size of zero, and ability to see the output amounts. The second, "Leveraging Output Merging", involves tracking transactions where two outputs belong to the same user, such as when they send funds to themselves ("churning"). Finally, "Temporal Analysis", shows that predicting the right output in a ring signature could potentially be easier than previously thought. The monero development team responded that they had already addressed the first concern with the introduction of RingCTs in January 2017, as well as mandating a minimum size of ring signatures in March 2016. In 2018, researchers presented possible vulnerabilities in a paper titled "An Empirical Analysis of Traceability in the Monero Blockchain". The monero team responded in March 2018.

In September 2020, the United States Internal Revenue Service's criminal investigation division (IRS-CI), posted a $625,000 bounty for contractors who could develop tools to help trace Monero, other privacy-enhanced cryptocurrencies, the bitcoin Lightning Network, or other "layer 2" protocols. The contract was awarded to blockchain analysis groups Chainalysis and Integra FEC.

Mining
Monero uses a proof of work algorithm, RandomX, to validate transactions. The method was introduced in November 2019 to replace the former algorithm CryptoNightR. Both algorithms were designed to be resistant to ASIC mining, which is commonly used to mine other cryptocurrencies such as Bitcoin. Monero can be mined somewhat efficiently on consumer grade hardware such as x86, x86-64, ARM and GPUs, a design decision which was based on Monero project's opposition to mining centralisation which ASIC mining creates, but has also resulted in Monero's popularity among malware-based non-consensual miners.

Illicit use
Monero's privacy features have made it popular for illicit purposes.

Darknet markets
Monero is a common medium of exchange on darknet markets. In August 2016, dark market AlphaBay permitted its vendors to start accepting Monero as an alternative to bitcoin. The site was taken offline by law enforcement in 2017, but it was relaunched in 2021 with monero as the sole permitted currency. Reuters reported in 2019 that three of the five largest darknet markets accepted Monero, though bitcoin was still the most widely used form of payment in those markets.

Mining malware
Hackers have embedded malware into websites and applications that hijack victim CPUs to mine Monero (sometimes called cryptojacking). In late 2017, malware and antivirus service providers blocked Coinhive, a JavaScript implementation of a Monero miner that was embedded in websites and apps, in some cases by hackers. Coinhive generated the script as an alternative to advertisements; a website or app could embed it, and use website visitor's CPU to mine the cryptocurrency while the visitor is consuming the content of the webpage, with the site or app owner getting a percentage of the mined coins. Some websites and apps did this without informing visitors, and some hackers implemented it in way that drained visitors' CPUs. As a result, the script was blocked by companies offering ad blocking subscription lists, antivirus services, and antimalware services. Coinhive had been previously found hidden in Showtime-owned streaming platforms, as well as Starbucks Wi-Fi hotspots in Argentina. Researchers in 2018 found similar malware that mines Monero and sends it to Kim Il-sung University in North Korea. In September 2018, Monero established the Malware Response Workgroup, a community team of volunteers to provide resources, education and assistance for the mitigation and prevention of Monero mining malware.

Ransomware
Monero is sometimes used by ransomware groups. According to CNBC, in the first half of 2018, Monero was used in 44% of cryptocurrency ransomware attacks.

One group behind the 2017 WannaCry ransomware attack, the Shadow Brokers, attempted to exchange the ransom they collected in bitcoin to Monero. Ars Technica and Fast Company reported that the exchange was successful, but BBC News reported that the service the criminal attempted to use, ShapeShift, denied any such transfer. The Shadow Brokers began accepting monero as payment later in 2017.

In 2021, CNBC, the Financial Times, and Newsweek reported that demand for Monero was increasing following the recovery of a bitcoin ransom paid in the Colonial Pipeline cyber attack. The May 2021 hack forced the pipeline to pay a $4.4M ransom in bitcoin, though a large portion was recovered by the United States federal government the following month. The group behind the attack, DarkSide, normally requests payment in either bitcoin or Monero, but charge a 10-20% premium for payments made in bitcoin due to its increased traceability risk. Ransomware group REvil removed the option of paying ransom in bitcoin in 2021, demanding only Monero. Ransomware negotiators, groups that help victims pay ransoms, have contacted Monero developers to understand the technology. Despite this, CNBC reported that bitcoin was still the currency of choice demanded in most ransomware attacks, as insurers refuse to pay Monero ransom payments because of traceability concerns.

Regulatory responses
The attribution of Monero to illicit markets has influenced some exchanges to forgo listing it. This has made it more difficult for users to exchange Monero for fiat currencies or other cryptocurrencies. Exchanges in South Korea and Australia have delisted Monero and other privacy coins due to regulatory pressure.

In 2018, Europol and its director Rob Wainwright wrote that the year would see criminals shift from using bitcoin to using Monero, as well as Ethereum, dash, and zcash. Bloomberg and CNN reported that this demand for Monero was because authorities were becoming better at monitoring the bitcoin blockchain.

Publicity

 * After many online payment platforms shut down access for white nationalists following the Unite the Right rally in 2017, some of them, including Christopher Cantwell and Andrew Auernheimer ("weev"), started using and promoting Monero.
 * In December 2017, The Monero team announced a partnership with 45 musicians and several online stores for Monero to be used as a form of payment for their merchandise.
 * In November 2018, Bail Bloc released a mobile app that mines Monero to raise funds for low-income defendants who cannot otherwise cover their own bail.