Is Converting Bitcoin to Monero Just as Private as Buying Monero Directly?

By Diego Salazar

Monero is a cryptocurrency that values privacy above all else, but what most people don’t understand is that the privacy granted by using it is neither bulletproof nor absolute in certain situations. Make no mistake, Monero is about as private as it gets in the trustless realm, but there are some considerations that users must take to ensure their privacy remains strong.

The same is true in other areas of life really. As an example, you can stay off of all social media in an effort to keep your life private, but if you are constantly with friends who snap selfies with you in them, say that they’re with you in the subtitle, and tag your location, much of your effort may be for naught. The social media conglomerate can still build a profile on you despite the fact that you personally are not on their platform.

One of the oft-spoken of situations where people do not consider all of the implications and potentially leaked metadata is the issue of trading Bitcoin for Monero. It is commonly considered in the community that purchasing Monero with Bitcoin will be a full cleanse, and that the user retains all privacy benefits once they get into Monero, despite coming from a transparent chain.

In a similar vein, it’s considered by some to be just as private to get Monero from non-KYC and KYC sources. The thinking goes that it is similar to getting cash at a bank. In that scenario, the bank itself knows your face and name, and knows how much you have in your account overall, and how much you withdrew in cash, but doesn’t know what you do with the cash afterwards. With Monero’s privacy guarantees, it should be just so with getting Monero from a KYC/AML source, right?

Well, not quite.

First, let's take a quick step back and define what we mean by KYC/AML. This acronym stands for Know Your Customer (KYC) / Anti-Money Laundering (AML) laws, which require exchanges and businesses to collect identifying information on their customers. The larger the amount of money exchanged, the more information is needed. As the name implies, this is all done in the name of minmizing risk of people laundering money.

Back to Monero. To be sure, moving your money into Monero from a KYC source is astronomically better for privacy than using a KYC source to purchase something like BTC or any other transparency coin, but there are still considerations to be made about what is revealed, and what that revealed information could mean for your privacy and safety.

Even sticking with the cash and bank scenario, if you withdraw a large amount from the bank, since the bank knows your details (including your home address) the teller can see how much is in your account, and can potentially make nefarious plans depending on your wealth. This is rare, and since the money is in the bank rather than at your house, what they can accomplish in this scenario is relatively small. The same isn’t true for Monero, which is not secured by a third party, but rather yourself. Being your own bank isn’t always easy.

Similarly, moving from BTC to XMR, regardless of how it’s done, leaves traces on the Bitcoin blockchain. While this is indeed less damaging than going BTC to BTC because, on the other side of the exchange is Monero’s mandatory privacy, the implications of leaving a trace behind must be considered. These traces compound to even greater effect if there was KYC involved anywhere in the process.

Imagine a scenario where dirty Bitcoins were received for a good or service, something that is only possible because of Bitcoin’s radical transparency. You don't know that these Bitcoins are dirty, as you don't have the tech to check each Bitcoin, so you, being a crypto-savvy person, aren’t comfortable with this fact, and you don’t have the money to pay a chain anlysis company to check for you. So, you decide to exchange to Monero to be safe.

You deposit your Bitcoin onto an exchange, and swap them out for Monero, which you then pull out to your local wallet. This scenario already is a bit of a stretch, because the exchange may flag your dirty Bitcoins and lock down your account, and you may or may not get them back, but for the sake of this example we’re going to assume they let the swap happen.

At this point, if the government becomes interested in following the trail of these Bitcoins, they will follow them to the exchange, subpoena the KYC information on the depositor, see that they were swapped to Monero (suspicious), and come knocking on your door.

Please understand, this is not saying you should avoid swapping Bitcoin to Monero to avoid looking suspicious. You were already suspicious because you accepted dirty Bitcoin, and if you didn’t swap they’d still use blockchain analysis, and still come a’knocking. Rather, this example merely highlights that there is significant risk in using transparency coins at all, and swapping to a private, fungible coin like Monero doesn’t erase the footprints left in the transparent blockchain.

For the individual interested in their own privacy, usage of transparent blockchains should be kept minimal, and with extreme caution. KYC should be avoided whenever possible, as this metadata can still be used to build a case and ask questions, and god forbid this KYC info (alongside trade information) gets leaked from exchanges due to incompetence. Even if you only bought and withdrew Monero from the exchange, this leaked information would still reveal how much Monero you had and where you are located. All information that we can all agree nobody would want just floating out in cyberspace.

In summary, while using Monero does indeed negate many, many attacks and minimizes metadata leakage by default, the user themselves can do many things to ultimately destroy their own privacy. One of the least considered is the implications of using either a transparency chain as a pathway to Monero, or a KYC source to acquire it, to say nothing of using both at once.

This article is not meant to fear-monger, but rather to encourage users to think critically about their decisions and remind them that even the best privacy can be fragile under certain circumstances. Users must be vigilant to protect their own privacy by making smart decisions about what to purchase, where, and from whom.

Further reading