What Happened
This article exists because Monero appears in OPNorange coverage of scam laundering operations, Iranian self-custody behavior, and the privacy tool environment — and we have described funds entering Monero as becoming significantly harder to trace. That framing is accurate but incomplete. A reader who takes it to mean Monero is cryptographically unbreakable, full stop, would be drawing the wrong conclusion. This is the more precise picture.
Monero launched in 2014 as a fork of the Bytecoin/CryptoNote codebase and has become the dominant privacy-by-default cryptocurrency. It is used by everyone from privacy advocates and journalists operating under authoritarian governments, to ransomware operators and darknet markets. TRM Labs reported in February 2026 that Monero is now the exclusive payment option on nearly half of all new darknet markets launched in 2025. XMR hit new all-time highs above $590 in early 2026, with analysts citing growing demand for credible privacy tools amid expanding CBDC discussions and surveillance infrastructure. The IRS has spent over $1.25 million trying to crack it. That dual reality tells you something meaningful about what Monero actually does.
How It Actually Works
Monero uses three interlocking privacy technologies. Understanding what each one does is the prerequisite for understanding where they can fail.
Ring signatures address sender privacy. When you send Monero, your wallet creates a transaction input that includes your actual output alongside a set of decoys pulled from the blockchain. The current ring size is 16, meaning your real spend is hidden among 15 other possible spenders. An outside observer can see that one of 16 parties sent the transaction, but cannot determine which one. The ring signature cryptographically proves that one of the ring members signed without revealing which. This is the mechanism that prevents transaction graph analysis of the kind that makes Bitcoin traceable.
Stealth addresses address receiver privacy. When someone sends you Monero, the sender computes a unique one-time public key for that specific transaction using your public view key and a random value. This stealth address appears on the blockchain and has never been used before. It cannot be linked to your published Monero address or to any other transactions. Only you, scanning the blockchain with your private view key, can recognize which outputs belong to you. Every incoming transaction looks like it goes to a fresh address that has no history.
RingCT addresses amount privacy. Implemented in January 2017 and mandatory for all transactions since September 2017, Ring Confidential Transactions hide the amount being sent using Pedersen commitments. These are cryptographic constructions that allow the network to verify that inputs equal outputs (that no Monero was created or destroyed) without revealing the actual values. Bulletproofs, added in 2018, improved the efficiency of these proofs and reduced transaction sizes. The result is that transaction amounts are not visible to anyone without the sender's or receiver's key.
Dandelion++ addresses network-level privacy. Standard cryptocurrency broadcast propagation reveals the IP address of the originating node when a transaction is announced to the network. Dandelion++ routes new transactions through a small chain of peers before broadcasting broadly, obscuring which node originated the transaction and making IP-based surveillance significantly harder.
What the IRS, Chainalysis, and CipherTrace Have Actually Done
In August 2020, CipherTrace announced Monero tracing tools developed for the U.S. Department of Homeland Security. The announcement was widely covered and widely misunderstood. CipherTrace's own CEO described the tools as probabilistic rather than deterministic: 'You can say: I have 98% probability that this went from this address to this address, or 78%, or that type of thing.' The tools provided transaction search and visualization capabilities but explicitly 'laid the groundwork' for wallet identification and exchange attribution rather than achieving it. The Monero community reviewed the claims and found nothing beyond what Monero researchers had already published.
In September 2020, the IRS-CI posted a $625,000 bounty for Monero tracing tools, received 23 applications, and awarded contracts to Chainalysis and Integra FEC in October 2020. Each contract was worth up to $625,000, with $500,000 upfront and $125,000 upon successful testing. Neither firm has published results. When TechTarget's SearchSecurity asked Chainalysis global public sector CTO Gurvais Grigg about their Monero tracing capabilities, he replied: 'As a policy we do not discuss details of any Monero tracing capabilities we may have.'
The honest interpretation of that silence is ambiguous. It could mean Chainalysis has meaningful capabilities they do not want to disclose. It could mean they have limited capabilities they do not want to advertise as limited. What it does not mean is that Monero's cryptography has been broken. Chainalysis has also noted, separately, that criminals often choose Bitcoin over Monero for operational reasons: it is easier to buy, sell, and exchange, and many criminals are not particularly worried about being traced. That observation from the firm that most profits from tracing cryptocurrency is significant.
Where Monero Actually Breaks Down
The FloodXMR attack, first published in a 2019 academic paper and presented at IEEE in 2021, is the most significant known on-chain attack. It works as follows: an attacker floods the Monero network with their own transactions, seeding the blockchain with outputs they control. As their outputs accumulate, they represent a growing share of the decoy pool. When a future transaction includes one of their outputs as a decoy alongside the real spend, they can eliminate their own outputs from contention, progressively narrowing which input is real. Under the modeled assumptions, an attacker could deanonymize up to 47.63% of transaction inputs over 12 months at a cost of approximately $1,747 — though this assumed ring sizes from 2018-2019. Current ring size of 16 and improved decoy selection algorithms make the attack considerably more expensive and less effective.
In March 2024, Monero experienced what researchers called a suspected black marble flooding attack. Daily transactions surged from a baseline of 15,000 to 25,000 per day to between 115,000 and 140,000 for nearly a month. The Monero Research Lab analyzed the incident and documented countermeasures, though the full privacy impact on transactions made during that period remains uncertain. The attack surfaced a real vulnerability that is being actively addressed through protocol upgrades.
The more practical and realistic attack surface is not cryptographic at all. It is at the edges. Every Monero user has to acquire it somehow and eventually convert it into something usable. If you buy Monero on Binance with a verified account, Binance knows you bought it and how much. If you convert traceable Bitcoin into Monero through an instant exchange, investigators can work backward from the Bitcoin side. If you withdraw XMR to a KYC exchange after transacting, the exchange logs the receipt. In 2024, Finnish investigators successfully traced Monero transactions connected to hacker Julius Kivimäki, leading to his conviction — not by breaking the cryptography, but through off-chain metadata and the edges of the transaction chain.
Timing correlation is a related risk. If you deposit to a service using Monero and withdraw from the same service shortly after, and an investigator has data on both the deposit and withdrawal timing, correlation is sometimes possible even without on-chain visibility. This is a known limitation, especially against adversaries who control or have access to exchange-level data.
The least-discussed but most practically dangerous attack vector is endpoint compromise. A 2025 academic study demonstrated that RAM forensics against a running Monero wallet can recover private keys and full transaction histories from memory. This completely bypasses on-chain privacy. If your device is seized while the wallet is open, or if malware is running at the operating system level, no cryptographic protection on the blockchain matters. The privacy Monero provides is on-chain privacy. It assumes your device and keys are secure. If that assumption fails, everything else fails with it.
What This Means for Your Threat Model
The answer to 'is Monero actually anonymous' is: yes, on-chain, with meaningful caveats about the edges and active flooding attacks. The cryptographic design is sound. The three-layer protection of ring signatures, stealth addresses, and RingCT is genuinely strong and represents the best available privacy by default in any major cryptocurrency. The Monero project's own FAQ puts it honestly: 'There is no such thing as 100% anonymous.' The practical privacy you get from Monero depends heavily on how you acquire it, how you transact with it, and how you exit it.
For a Bitcoin holder thinking about their threat model, Monero is relevant in a specific context: as an intermediate layer that breaks the transaction graph link between different parts of your Bitcoin activity. Used correctly, with non-KYC acquisition, Tor routing, and no direct conversion back to a KYC exchange, Monero meaningfully increases the analytical cost of tracing your financial activity. Used carelessly, at a KYC exchange with clear entry and exit points, the on-chain privacy provides limited protection because investigators can simply work the edges.
BTC-XMR atomic swaps are worth understanding as a practical tool. By 2026, they are integrated into multiple wallets with usable interfaces, no centralized operator, and no KYC requirement. The swap is atomic: both sides complete or neither does, eliminating counterparty risk. The privacy property is that even if the Bitcoin side of the swap is fully chain-analyzed, once value crosses into Monero the link to specific future XMR outputs is broken by ring signatures, stealth addresses, and RingCT. Best practices: use fresh Bitcoin UTXOs, generate a new XMR subaddress for each swap, route over Tor, and avoid bringing those flows back to KYC exchange perimeters if plausible deniability matters. This is why Monero appears repeatedly in high-value laundering cases as an intermediate layer: BTC in, XMR anonymization, then exit.
One structural trade-off worth knowing: because all amounts are hidden in Monero, the total circulating supply cannot be independently verified on-chain. In principle, a subtle cryptographic bug in RingCT could enable undetectable inflation. The Monero project and independent researchers audit for this, and no such bug has been found. But it is a genuine distinction from Bitcoin, where the supply schedule is transparently verifiable by anyone running a node.
The regulatory pressure on Monero is itself informative. Binance delisted it in February 2024. Kraken delisted it for Irish and Belgian users in June 2024 and for all EEA users in October 2024. The EU's MiCA framework and broader AML regulations are progressively pushing Monero off regulated platforms. This delistings trend matters practically: it makes Monero harder to acquire and liquidate, which is a real operational cost. It does not mean the privacy is broken. It means regulators are uncomfortable with something they cannot surveil.
What to Watch
The Monero Research Lab is actively developing Full-Chain Membership Proofs (FCMP++), a proposed protocol upgrade that would replace ring signatures with a cryptographic construction that includes every output on the blockchain as a potential decoy rather than a selected subset. This would eliminate the ring-size limitation that makes FloodXMR-style attacks feasible. Related work on Seraphis and Jamtis, new transaction and address constructions, aims to increase the anonymity set further and modernize key handling. None of these upgrades have shipped to mainnet yet. When they do, they will represent a significant strengthening of Monero's sender privacy guarantees.
Also watch for whether any law enforcement case publicly documents a successful on-chain Monero trace through cryptographic means rather than edge analysis. To date, no such case has been publicly documented. Every confirmed Monero-related prosecution has relied on off-chain evidence, exchange data, or edge correlation — not a break in the ring signature or RingCT cryptography.