TL;DR: Monero addresses and amounts do not appear on the blockchain and thus cannot be derived through chain analysis.
Monero's all-round reliability can be evidenced by the fact that it has a 100% perfect track record, literally not a single real-world user has ever been traced despite repeated de-anonymization efforts by the likes of the FBI, Europol and the IRS, who are otherwise successfully tracing and prosecuting Bitcoin users on the darknet and elsewhere.
With regards to ringsize and anonymity sets, note that your personal anonymity set grows (compounds) over time even if you do nothing. This is how decoy inputs with ring signatures work, since a given output will continue to appear in different ring signatures in different blocks at different times its anonymity set grows infinitely.
So no, your effective anonymity set is definitely not just CURRENT_RINGSIZE, it pretty quickly grows to hundreds, thousands and hundreds of thousands of potential outputs on the chain.
And once Triptych Seraphis increases the ringsize from 11 to 128, multiply all that by 12. GAME FUCKING OVER for anybody still trying to crack ring signatures.
Monero utilizes established, decades-old i.e. certifiably reliable cryptography and will in future integrate more comprehensive, currently experimental zero-knowledge solutions (zk-SNARKs/STARKs) once they mature and their trade-offs become less prohibitive. Research is ongoing.
Continuing advances in chain analysis have gradually eroded Bitcoin's already tenuous fungibility to the point that it can no longer compete in markets where fungibility and privacy in particular are absolutely critical. This has inevitably resulted in a piecemeal exodus from Bitcoin into Monero, which, as the world's most battle-tested privacy coin, is uniquely qualified to reliably service the transactional stealth requirements of an ever-growing number of cryptocurrency users.
Monero's surging adoption is now also being discussed on mainstream tv news reports.
Colonial Pipeline paid ransom to hacker group DarkSide: Source
Bitcoin is the greatest thing to happen to the FBI: BlockTower's Bucella
Why some hackers are ditching Bitcoin for a cryptocurrency called Monero
A common habit of FUDsters, particularly those shilling competing privacy projects, is to routinely allege that Monero is somehow broken or compromised, often while citing apparent research to that effect. While at first these claims and accompanying research might seem compelling, the fact that the Monero-using darknet and criminal underworld aren't deterred by such allegations should be your first hint that you might be dealing with some good old fashioned bullshit.
A typical FUD tactic involves citing outdated, pre-2018 data and hoping you won't think to ask about it's age. Namely, Monero is a constant work-in-progress that only keeps getting more and more secure with age, meaning it used to be somewhat less so a few years back when 0-decoy or non-fixed mixins were allowed and amounts weren't yet shielded (pre-RingCT).
At that time, these vulnerabilities could be exploited to make deducing the true spend (ring member) much easier, though stealth addresses obviously remained unassailable so you still retained a respectable degree of privacy. Some studies were published that highlighted these potential issues and in due course the Monero devs upgraded and reinforced the protocol to the point that the prevalence of previous traceability issues is now effectively zero.
Literal fake news and vaporware. The primary red flag here is that CipherTrace is seemingly claiming to be able to do something that more reputable chain analysis enterprises openly concede is not likely to be feasible, namely tracing Monero transactions. Since Monero is an open source project with a well-understood privacy protocol it is exceedingly unlikely that CipherTrace has managed to discover some devastating new vulnerability that literally every other competitor and pen-tester have missed in their consistent, years-long efforts to crack Monero.
However, what is much more likely is that CipherTrace is simply trying to generate media hype in an effort to raise their profile, and nothing gets people's attention like performing a miracle, in this case apparently cracking crypto's esteemed king of privacy.
But the dead giveaway that CipherTrace is, to put it mildly, greatly exaggerating their Monero-tracing ability is:
"Muh inflation bug" is some of the more common Monero FUD one will encounter on /biz/ and elsewhere, essentially the implication here is that because amounts are fully shielded, because we can't directly observe and tally them up like we can with Bitcoin that there is then no way of knowing what's really going on under the hood and that therefore all manner of inflationary fuckery might be happening without it being obvious. The most prevalent FUD narrative is that the devs have secretly been exploiting this bug for all these years, minting millions of extra XMR thus keeping the price so inexplicably low.....
To understand why such theories are bullshit, we first need to establish one very relevant fact: prior to the introduction of RingCT in January 2017 XMR amounts were NOT SHIELDED, meaning that while user identities remained unknown the specific amounts they were transacting were on public display for everybody to see. Obviously this would then make any profiteering from an active inflation bug impossible to hide, millions of excess XMR moving around and getting dumped on exchanges would have immediately been noticed.
So we can therefore be quite confident that up until the activation of RingCT no meaningful inflation bug was active or being exploited. There was however a dormant inflation bug discovered earlier that same year, a relic of the original Bytecoin code Monero forked off from. Subsequent audits showed that the bug was NOT exploited, as was already obvious, and the offending code was patched.
Thus, when talking about "muh inflation bug" only the RingCT-era, 2017-present day, is relevant. And this is where one can legitimately pose the question: how can we be confident that millions of excess XMR aren't being minted right now?
To which the answer is: by relying on some very clever math and counting up block rewards
Namely, within RingCT XMR amounts are set and encrypted using a zero-knowledge proving system, specifically Pedersen commitments. The resulting homomorphic hash can then have mathematical calculations performed on it to verify the validity of its hidden value. In other words, even without knowing, without being able to directly observe specific XMR amounts we can still nonetheless mathematically prove their correctness and confirm that no extra coins have materialized i.e. that inputs and outputs are balanced and everything adds up perfectly, ergo "zero-knowledge" proof.
But how can we be so certain that these Pedersen commitments actually do what they're supposed to? Well, the most significant reason is that unlike more novel ZKP variants, Pedersen commitments are an established, decades-old scheme, having debuted in 1991. That means they have 30 years of continuous use and battle-testing under their belt, we know how they work and, crucially, that they work, which thus makes them very predictable and therefore highly reliable.
As far as their implementation in Monero's codebase goes, RingCT was obviously subjected to intense stress-testing and underwent several rounds of 3rd-party auditing before finally being activated to ensure everything is working optimally.
But the most practical way to validate the opaque accounting is by summing up block rewards i.e. coinbase outputs. Since freshly-minted coins have no transaction history, they don't require shielding, meaning every single XMR coin that enters the ecosystem is briefly visible until it forever disappears into the shielded RingCT pool. Because the fixed emission rate tells us exactly how many coins should be in circulation at any given moment, as long as the tally of coins transparently entering the ecosystem = the expected in-circulation number we can be very confident that the underlying math keeping everything in check is working properly.
Furthermore, double-spending of existing amounts is prevented by key images. A key image is unique to each output and is only revealed once the funds have been spent. This allows anybody to verify that the amount to be spent hasn't already been transacted before.
Now, there are obviously no 100% guarantees when it comes to software of any kind, including highly eyeballed code like Bitcoin, which has technically had twice as many inflation bugs as Monero:
A community-funded Monerocentric Bisq fork called Haveno is currently being developed and should soon be operational. Having a dedicated zero-KYC DEX (decentralized exchange) will greatly increase user privacy while substantially offsetting the negative effects of CEX delistings. Permissionless P2P trading is the future.
Haveno will utilize 2/3 multisig and atomic swaps. Users will be able to anonymously trade Monero <-> Bitcoin and other cryptocurrencies as well as buy or sell Monero directly via bank deposit or cash-in-mail.
https://haveno.exchange/
Wallet | Device | Description | Download link |
---|---|---|---|
"Official" GUI / CLI | Windows, macOS, Linux | Default implementation maintained by the core team. Use this wallet to run a full node and obtain maximum privacy. Integrates with hardware wallets. Current version: 0.17.2.3 - Oxygen Orion. | GetMonero.org |
MyMonero | Windows, macOS, Linux | Lightweight wallet -- you don't need to download the blockchain and run a node. MyMonero was developed with the assistance of the core team. It also has web-based and iOS versions. | MyMonero.com |
Feather | Windows, macOS, Linux | The goal of Feather is to provide a simple/easy-to-use Monero wallet for every day use. It is beginner friendly, but should also cater to the needs of experienced Monero users. Feather is designed with lower-specced hardware in mind. No fancy graphics or animations, runs well on virtual machines and with live operating systems. | FeatherWallet.org |
Exodus | Windows, macOS, Linux | ⚠️ / Multi-asset wallet. | Exodus.io |
ZelCore | Windows, macOS, Linux | ⚠️ / Multi-asset wallet. It also has Android and iOS versions. | Zelcore.io |
Guarda | Windows, macOS, Linux | ⚠️ ☢️ / Multi-asset wallet. | Guarda.co |
Wallet | Device | Description | Download link |
---|---|---|---|
Monerujo | Android | Integrates with Ledger (hardware wallet). Website: https://www.monerujo.io/. | Google Play / F-Droid / GitHub |
MyMonero | Android / iOS | Website: https://mymonero.com/ | Google Play / App Store |
Cake Wallet | Android / iOS | Website: https://cakewallet.io/ | Google Play / App Store |
Edge Wallet | Android / iOS | Multi-asset wallet. Website: https://edge.app/ | Google Play / App Store |
ZelCore | Android / iOS | ⚠️ / Multi-asset wallet. Website: https://zelcore.io/ | Google Play / App Store |
Coinomi | Android / iOS | ⚠️ ☢️ / Multi-asset wallet. Website: https://www.coinomi.com/ | Google Play / App Store |
Moxi / Guarda | Android / iOS | ⚠️ ☢️ / Multi-asset wallet. Website: https://guarda.co/ | Google Play / App Store |
Exa Wallet | Android / iOS | ⚠️ Website: https://exan.tech/ | Google Play / App Store |
Wookey Wallet | Android / iOS | ⚠️ Website: https://wallet.wookey.io/ | Google Play / F-Droid / App Store |
Exodus | Android / iOS | ⚠️ / Multi-asset wallet. Website: https://www.exodus.io/monero/) | Google Play / App Store |
Your balance is unlocked after 10 confirmations (which means 10 mined blocks). A block is mined approximately every two minutes on the Monero network, so that would be around 20 minutes.
The fastest and most direct way is by using the ExploreMonero blockchain explorer. You will need to recover the transaction key from your wallet (complete guide for GUI / CLI).
Before any action there are two things to check:
Settings
, under Debug info
).Because Monero is different from Bitcoin, wallet synchronization is not instant. The software needs to synchronize the blockchain and use your private keys to identify your transactions. Check in the lower left corner (GUI) if the wallet is synchronized.
You can't send transactions and your balance might be wrong or unavailable if the wallet is not synced with the network. So please wait.
If this is not a sufficient answer for your case and you're looking for more information, please see this answer on StackExchange.
This question is beautifully answered on StackExchange.
You have decided to use Monero's wallet and run a local node. Congratulations! You have chosen the safest and most secure option for your privacy, but unfortunately this has an initial cost. The first reason for the slowness is that you will need to download the entire blockchain, which is considerably heavy (+70 GB) and constantly growing. There are technologies being implemented in Monero to slow this growth, however it is inevitable to make this initial download to run a full node. Consider syncing to a device that has an SSD instead of an HDD, as this greatly impacts the speed of synchronization.
Now that the blockchain is on your computer, the next time you run the wallet you only need to download new blocks, which should take seconds or minutes (depending on how often you use the wallet).
The way to skip downloading the blockchain is connecting your wallet to a public remote node. You can follow this guide on how to set it up. You can find a list of public remote nodes on MoneroWorld.
Be advised that when using a public remote node you lose some of your privacy. A public remote node is able to identify your IP and opens up a range for certain attacks that further diminish your privacy. A remote node can't see your balance and it can't spend your XMR.
To restore your wallet with the 25 word mnemonic seed, please see this guide.
To restore your wallet with your keys, please see this guide.
This question is beautifully answered on StackExchange. Check this page for the GUI instructions, and this page for the CLI instructions.
This question is beautifully answered on StackExchange. Check this page for the GUI instructions, and this page for the CLI instructions.
If you want to support other Monero users by making your node public, you can follow the instructions on MoneroWorld, under the section "How To Include Your Node On Moneroworld".
This question is beautifully answered on StackExchange.
Bitcoin's inherent lack of fungibility has real-world consequences: the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) now maintains a blacklist of tainted digital currency (mostly BTC) addresses. Your funds can and will be seized if Uncle Sam decides they are somehow connected to sanctioned persons or associated "suspicious activity".
How do I block digital currency?
Once it has been determined that your institution is holding digital currency that is required to be blocked pursuant to OFAC’s regulations, you must ensure that access to that digital currency is denied to the blocked person and that your institution complies with OFAC regulations related to blocked assets.
Blocked digital currency must be reported to OFAC within 10 business days. 202-622-2490 or ofac_feedback@treasury.gov
No, Taproot and Schnorr signatures most definitely will NOT make Monero redundant, due to its fundamental transparency Bitcoin can never and will never be as airtight as Monero.
“I think what we’re going to see soon is Schnorr, Taproot, and Tapscript, which open the door to a lot of improvements,” Antonopoulos said, “But they still do not involve zero-knowledge proofs or the types of ring signatures and stealth addresses that are done in Monero. Bitcoin is not a privacy coin.”
https://cointelegraph.com/news/bitcoin-will-never-be-truly-private-says-andreas-antonopoulosNo, Lightning Network also most definitely will NOT make Monero redundant, privacy as an afterthought on Layer 2 will never pass darknet-tier OPSEC muster on account of the increased attack surface. Another layer = added complexity = larger attack surface = greater statistical likelihood of exploits and data leakage, which can be used for heuristic attacks. Therefore, robust Layer 1 privacy will always be prioritized by those who require the best possible privacy guarantees.
https://en.wikipedia.org/wiki/Attack_surface
https://en.wikipedia.org/wiki/KISS_principle
https://en.wikipedia.org/wiki/Overengineering
Attack surface aside, Lightning Network also has inconsistent privacy guarantees to begin with. Users are still advised to CoinJoin both before and after and to keep other considerations in mind i.e. yet more things to worry about getting just right. Meanwhile, Monero users simply hit [send] and are done with it all.
"The important thing we need to achieve in the base layer is not scaling; the important thing we need to achieve in the base layer that CAN NOT be achieved in the layers above is fungiblity and privacy with strong guarantees and simple primitives. And if we have privacy primitives and fungibility primitives in the base layer than we can do scaling in the second layer and we can do it securely. Otherwise, we have a privacy problem. And that privacy problem will get magnified as we go up the layers. If you can do analysis on the base layer, that gives a great degree of insight into what's happening above."
Andreas Antonopoulos Bitcoin Q&A: Layered Scaling and Privacy
Premine shenanigans aside, it should also be noted that PirateChain is actually an asset chain of Komodo which is itself a fork of Zcash™ , meaning PirateChain inherits many of Zcash™'s liabilities and is dependent on Zcash™ for the majority of current and future core (zk-SNARKs) development. In other words, if Zcash™ sinks, PirateChain also goes down with the ship.
PirateChain's primary selling point is that it uses zk-SNARKs and, unlike Zcash™, that it is fully private by default i.e. transparent transactions are disabled. While that definitely makes it preferable to Zcash™ privacywise, the theoretically superior privacy that zk-SNARKs offer is offset by their novelty and immaturity, which makes their reliability more questionable than older, more established tech. Namely, newer and insufficiently tested cryptography like zk-SNARKs carries with it risks of systemic failure that cannot be mitigated without years, typically decades worth of peer review and battle-testing, especially given the insane levels of mathematical complexity involved i.e. "moon math." This is why some cryptographers would not be surprised if zk-SNARKs ultimately end up proving defective on account of some yet-undiscovered fatal flaw. Only time will tell.
Like Zcash™, PirateChain is also highly vulnerable to spam attacks. An attack costing just $0.45 was able to bring the network to its knees, cripple wallet software, and revealed that the network couldn't even handle 10% of its claimed capacity of 31 transactions per second. At the time of writing, this vulnerability STILL has not been fully patched. Most of PirateChain's "largest anonymity set of any cryptocurrency" is comprised of spam.
Also worth highlighting is that PirateChain's bold claims of an invulnerability to 51% attacks (as dPOW tends to be advertised) are essentially a marketing ploy also borrowed from Komodo's dodgy playbook. A security model that truly provides such an impressive degree of protection would obviously be adopted by every other chain in existence, the fact that nobody else is using it tells you everything you need to know.