Top 15 Monero Myths and Concerns Debunked

No cryptocurrency is without its shortcomings, and Monero is no exception. In fact, the community has made a YouTube series covering the privacy weaknesses of Monero from a technological standpoint.

That said, there are some common criticisms levied toward Monero that are either outdated, or incorrect, while others are presenting a very narrow view of the problem in question. In this article we hope to set the record straight on these criticisms.

This is a common criticism over Monero, which causes many to give it a wide berth, and it is by far the one where the response of the community isn’t quite so cut and dry as just correcting an incorrect assumption.

The reality is, we, as a community, do not yet know what the regulatory response will be to something like Monero yet. We do know that cryptocurrencies in general are on the radar of many government agencies, and have reason to believe Monero is, moreso than others, for the above stated reasons, but, as of yet, few moves have been made by the governments of any country in regards to outright banning Monero.

Even so, the Monero community is committed to fighting the good fight. We believe financial privacy is something that is essential for freedom, and that everyone should have the option to transact privately without governments, corporations, or anyone else spying on you.

One reassurance we can give, however, is that at one point Bitcoin had the exact same reputation that Monero does now. It was thought to be the criminal’s coin, and completely private and anonymous, but slowly, over time, the public came to accept Bitcoin regardless.

Now one might argue that Bitcoin’s reputation changed as people realized that it really wasn’t private or anonymous, but this isn’t true, as the notion that Bitcoin is completely private and can’t be traced is still pervasive not only in the general public, but amongst those regulating the industry. These people still believe it is private, so they basically believe it to be what Monero actually is, and yet we’re quickly moving into a world where it is gaining acceptance with the public, businesses, and governing bodies. This suggests, given enough time, Monero might see this same acceptance.

Monero does indeed have fewer wallet options than many existing coins. This is because Monero was developed from the ground up. It’s on a completely different codebase than Bitcoin. This means Monero can’t just fork the Bitcoin core wallet, or any other wallets that exist for Bitcoin like most coins do, and take advantage of existing infrastructure. As well, it means that Monero is not as easily added to third party wallets, such as Exodus.

And yet, slowly but surely, wallets of all kinds are beginning to appear for Monero. It was a meme for many years that Monero did not have a GUI, and no mobile wallet support, but now, nothing could be further from the truth. There are wallets that cater to Monero specifically, such as Monerujo for Android, and Cake Wallet for both iOS and Android, as well as new ones such as Wookey, Exa Wallet, and more. Furthermore, third party wallets are beginning to add Monero, albeit at a slower rate, including Exodus and Guarda, and we expect this trend to only continue as time goes on and Monero’s codebase matures.

This criticism is also a bit of a tricky one. Admittedly, in some areas, Monero is indeed more difficult to use than Bitcoin. Examples of this are in the longer address, and syncing taking a long time, even on a light wallet, because a wallet cannot simply check the blockchain without scanning each output to see if it belongs to the account in question.

That said, in many ways, Monero builds on, if not outright improves, the user experience of cryptocurrency, particularly when it comes to privacy.

We invite the reader to read articles on the steps Bitcoiners recommend for maintaining privacy. The list is long, confusing, and difficult to get perfectly, with often the consequences for a mistake being compromised privacy. One example of this is the suggestion to tumble or mix your Bitcoin, but after the mixing process, if the resulting outputs are merged or otherwise move into the same wallet, the mixing could have been for naught, as tracing the outputs provide high linkability. Another example is the fact that many recommend mining your own Bitcoin if you want it to remain completely ambiguous as to how the Bitcoin outputs were obtained, a notion which is laughable in the current mining ecosystem.

With Monero, this laundry list of details are all but completely done away with. Every Monero transaction retains a high level of privacy every time, without the user needing to do anything or use external software. While Bitcoin makes it difficult to get privacy right for all except the most experienced user, Monero makes it difficult to get it wrong, for everyone, all the time. As far as trade-offs go, we think the longer addresses and sync time are more than worth it.

And even after discussing everything above, the fact remains that user experience often gets better over time, and Monero is no exception. The UX of a coin may be dramatically improved after a few years, but the foundations of it are much harder to change.

This criticism is most commonly given with Bitcoin in mind. What if Bitcoin adopts privacy technologies that allow adequate privacy. What would be the use for Monero?

The reality is, we don’t see Bitcoin ever putting privacy on the first layer. At best, it would be on second layers, or through certain wallets, such as Samourai and Wasabi. This means the privacy is opt-in, which research shows is always inferior to privacy that is on by default. Even if this technology was adopted by a decent percentage of Bitcoin users (which is itself a stretch of the imagination), the privacy would be inferior.

While the reasons for opt-in privacy inferiority would be big enough to make it’s own article, we want to elaborate with a crude example here. Privacy, from a technological standpoint, is about hiding in a crowd. The bigger and more homogeneous the crowd, the better the privacy of the individual. Conversely if either the crowd is small, or large, but everyone wears different, unique clothing, it would be easier to identify an individual.

This means that since Bitcoin is forcing people to take extra steps to be a part of this crowd, many will not do it, and those that do, may do it poorly. The end result ends up being a small crowd, and identifying individual outputs is much easier. But it gets worse. In addition to the crowd being small, every individual is more or less unique from each other, depending on the privacy protocol they chose to use. Some might choose Samourai, which has one way of mixing, while others may choose Wasabi which has another, and the list goes on. This ultimately leads to unique characteristics about each transaction. Coupled with the small crowd, the privacy is quite weak.

We compare the above to Monero, which enforces privacy at a protocol level. This means that everyone is a part of the crowd by default, and everyone utilizes the same privacy (the one dictated by the protocol). The crowd is both large, and homogeneous, resulting in much stronger privacy.

But let’s take a step back and follow a hypothetical, where, somehow, Bitcoin does indeed put privacy on the base layer. It’s robust, on-by default, and mandatory. What would be the need for Monero?

Well, for some, there wouldn’t be one, and it may be surprising to hear, but many of us Monero folks wouldn’t care. All we want is for there to be a privacy preserving, fungible way for individuals to transact with each other across the globe, and if Bitcoin miraculously does it in a way that actually protects privacy through mandatory, base-layer technology, then many of us would happily switch over. Good luck getting this to happen though.

That said, Monero does offer many features beyond privacy that Bitcoin does not. The dynamic blocksize enabled by a tail emission, a different code base, a policy of low fees, a different elliptic curve, and more. In particular the dynamic blocksize should be highlighted here, as it enables a theoretically limitless transaction throughput with only storage and bandwidth being the choke points. In short, a theoretical Bitcoin with privacy just doesn't offer everything Monero does.

Switching gears one last time for this question, less often this argument applies to technology like an ethereum smart contract using zk-SNARKS, which, once again, does not have mandatory privacy on the base layer of the main chain, so the anonymity sets will be quite small and of dubious ability to adequately protect privacy. For other comparisons, please see our article comparing Monero to the other major privacy coins.

Not anymore! Thanks to the wondrous technology of bulletproofs, added in October 2018, transaction sizes are drastically reduced (by over 80%), leading to a similar drop in transaction fees. In fact, as of time of writing, Monero is cheaper per byte than Bitcoin, and further optimizations of the technology are bringing these even lower.

These optimizations are varied and frequent. One example is clever optimizations in the bulletproofs themselves, shrinking the math required for both computation and verification, sometimes by up to 25%.

In addition, there are new, exciting ring signature schemes in the works, such as CLSAG, which will replace the current MLSAG scheme, and further shrink the size of the entire transaction by 25-35%. Beyond this, are even newer, more bleeding edge technologies with completely different proving systems that have the potential to keep current transaction sizes, but have ring sizes of over one hundred, such as Triptych, Arcturus, and Lelantus, all of which are smaller and more efficient than current schemes.

In the 2017-2018 era, the Monero community made a commitment to keep ASICs off of the network. This was done by continuously hard forking every six months to a new proof-of-work algorithm, which would stop ASICs from taking over the network. The printer analogy in our article on mining in Monero explains how this works.

What most people don't know is that Monero's hard forks did not begin for the reasons of changing its proof-of-work. Monero had been hard forking every six months prior to this as well, going back as far as 2015. Why do these hard forks in the first place? Ask any person that works on privacy and they will tell you that privacy is an arms race. One side makes good privacy, the other develops tools that can break said privacy, causing the first side to develop stronger technology, and the cycle goes on and on.

A major example of pre-PoW change hard forks is the inclusion of RingCT in 2017, arguably the biggest changes to Monero ever that increased Monero's privacy by many orders of magnitude. We simply think it’s too soon to ossify the protocol, especially with exciting new privacy technologies in the works, such as Triptych and Lelantus. That said, we work hard to ensure our development, research, and more are as decentralized as possible. We have an article that covers that topic as well, so be sure to check it out.

All this to say, the decentralized development team is finding it too difficult and exhausting to keep up this schedule and is looking to transition to a hard fork every nine months or even every year. This is because the community feels, with advancements like Triptych and Arcturus, we're getting close to what we are hoping will be a truly robust privacy with few weak points, leading to the lack of necessity for sustained, protocol-changing development. And on the proof-of-work front several community members created RandomX as a last gambit to keep ASICs off of the network. At time of writing, we’re still in the middle of this experiment, and have yet to see if it will be successful in the long term, but one of the desired results has come to pass, another reason for rapid forking removed, enabling a slower forking schedule.

This is not, and never was, the coin of Riccardo ‘fluffypony’ Spagni. He didn’t even make it. It was started by a pseudonymous individual known as thankful_for_today, and there’s a very interesting story about that for another time. Fluffypony gained notoriety as both a core team member/lead maintainer, as he gave much time and resources to help the coin grow, as well as through his traveling and speaking at conferences. With these two things combined, he became a sort of unofficial face for Monero, and was usually the gateway through which people found us. Due to the awful CEO culture that was pervasive in the cryptocurrency scene, they assumed that he was the founder and leader of Monero, both of which are not true.

In present day, fluffypony is still a part of the core team, but is no longer the lead maintainer of the codebase, and has stepped back to work on his own personal projects. Monero continues along just fine.

This is an indisputable fact, and is not something to be argued. moneromooo is a well known member of the Monero community. So much so that the community raised funds via our crowdfunding platform, the Community Crowdfunding System (CCS) for them to work full time on Monero. New work proposals are submitted every quarter, so if the community is ever unsatisfied with work done, they simply need not crowdfund his next proposal.

As one can imagine, working on Monero full time rather than on a volunteer basis will result in large amounts of accumulated work. Since Monero did not have a premine, ICO, and takes no founder’s reward, we otherwise do not have full time engineers working on the project, and people contribute what they can, when they can, and it’s simply not feasible to expect these contributions to outweigh a full time worker.

That said, there is still great effort to have checks and balances. A member of the core team still merges the code after review, so it’s not a case where an individual both makes and integrates the code, thereby bypassing any oversight needed to catch an egregious error or malicious intent.

One common complaint about most coins smaller than Bitcoin is how easy it is to theoretically 51% attack them. Indeed, several small coins, such as Vertcoin did get successfully 51% attacked several times.

Most of these concerns arise from the website https://www.crypto51.app/ which shows how much it would cost to rent the hashrate from NiceHash, a platform which rents out mining hardware for cloud mining. At one point in time, this website listed an attack on Monero to cost around $6,300 for one hour. While this price may cause many of us to gawk, it’s not outside the realm of possibility for a wealthy business or individual to be able to conduct a sustained attack on the network.

This, thankfully, is no longer the case. A keen eyed reader will see that the website has actually taken Monero off of their application, due to the inclusion of RandomX. Once again, the reader is encouraged to read our article on RandomX for details, but due to the CPU-friendly nature of the algorithm, no longer can businesses like NiceHash just purchase ASICs for Monero to rent out to whoever is willing to rent them. Now, they have to compete with CPUs, which are much more prevalent and easier to obtain.

The exact cost of hardware to 51% attack the Monero network has not been calculated, and indeed, is not as easily calculated as other coins with ASICs period.

The two boogeymen of the mining space are ASICs and botnets, and moving away from one necessarily means moving closer toward another. If one needs a CPU to mine Monero, then hackers can theoretically take control of many hundreds if not thousands of vulnerable computers and force them to mine Monero on their behalf, costing them nothing, and outcompeting those with only a couple of computers in their households.

The first rebuttal to this argument is about the owners of botnets themselves. While we don’t condone hacking others’ computers, the barrier to entry to owning and operating a botnet is far lower than that of owning ASICs. One requires software – often quite freely available and open source – and the time and an acumen for sniffing out vulnerable computers. The other requires incredible amounts of capital and access to manufacturing. One can be done by a kid in a basement, and the other only by the extremely wealthy. This leads us to conclude that, if the worst fears of miners were to come true, the botnets themselves would be more decentralized than ASICs would be.

That said, the Monero community is confident that this issue is overblown. The engineers of RandomX deliberately designed the protocol to require 2GB of RAM memory to work. In other words, many small, vulnerable virtual private servers (VPS) will simply not have the capacity, and if they did, the uptick in resources used would be very noticeable to a system administrator, leading to immediate investigation. In other words, it can’t run silently in the background like compromised computers taking part in a DDOS attack, or silently sniffing passwords. When the miner is on, everyone knows it.

This reduces the amount of computers a botnet would be able to successfully compromise to those of the greatly technologically inept, or those that are never checked on, rather than the plethora of vulnerable computers that the proponents of this argument assume are at risk.

This criticism comes from the real-world occurrence. A group of individuals, not known to the community, forked Monero and created their own coin: MoneroV. Since it was a chain fork, individuals were able to claim an equivalent amount of MoneroV as they had in Monero, i.e. if you had 100 Monero, you could use the same seed on a MoneroV wallet to get 100 MoneroV.

This led to a surprising, and unexpected consequence: a loss of privacy. To explain it, we will give an example. If I think of a number that you have to guess, but I give you three numbers, only one of which is correct, you will not know which is the correct answer. Let’s say I tell you the numbers 88, 25, and 19. You are clever however, and ask me for another set of three numbers, but one of them must still be the correct number. I give you 54, 88, and 92. You see that the number 88 appears in both sets, so it must be the correct number, and you would be right.

The attack on Monero’s privacy works the same way. Monero relies on ring signatures, which are assembled on the local wallet to obfuscate transaction outputs. If I was to spend an output on the Monero chain, with one assembled ring, and spend the same output on the MoneroV chain, on a different assembled ring, without making sure that the ring is composed of the same decoys, then the true output becomes obvious, much in the same way the number 88 became obvious as the correct number.

Several solutions were posited, including creating tools for people to fork from Monero responsibly, a blackball database of tainted outputs, and upping the ringsize, but ultimately, none of these were required. MoneroV never gained any traction, and the amount of people who claimed their coins and put their privacy in danger were very few.

It should be noted that this danger to privacy does NOT come from a code fork of Monero, but rather a chain fork. This means that any coin that takes the code of Monero and starts from scratch with their own genesis block will not put either chain in danger. Only if a coin forks the actual blockchain from the current Monero blockchain because of a disagreement, similar to the Bitcoin / Bitcoin Cash debacle, would the chains be in danger. This would mean the fork would be fighting against the established community, and those that choose not to take part and claim their coins from the other chain would not be in danger.

That said, we do see it as naive to think there will never be an attack on Monero in this way, which is why other solutions are in the works to either increase the ringsize, or move to a different proving scheme altogether, many of which were mentioned in the ‘high transaction fees’ section.

The history of Monero is an interesting one, and it may surprise many to hear that it did indeed start as a scam. The creator, thankful_for_today, was likely in league with a cryptocurrency group that made the CryptoNote protocol, but had devious intentions to scam people out of their money using it.

Their initial coin efforts failed, so they created Monero as a way to try again. This again failed as the community quickly realized something was amiss and took hold of the coin. Even so, the devious creators had one last trick up their sleeve. They released to the public deliberately deoptimized mining software, keeping the optimized version for themselves so as to outmine others and make lots of money off of the block rewards.

This succeeded for a time, but was also quickly caught by the Monero community, fixed, and the optimized miner was released to all. The community, realizing what happened, chose not to relaunch the coin, as it was difficult to gauge both how much the scammers had made off with, and how much time and effort it would take to rebuild from scratch. Despite the difficulty in ascertaining how many coins the scammers received, it is also known that in this period many good-faith miners had independently re-optimized the code themselves, and sold off their profits, ensuring a more fair distribution, and that the scammers were not the only ones to get a large number of coins in this time. One such account can be read here.

With the benefit of hindsight, some might criticize the decision to not relaunch the coin, and if these scammy origins are enough to push one away from the good work Monero has done, then there is no argument to sway them. Regardless of the initial frustrations the scammer creators caused, Monero has thrived and used its combined community intellect and passion to make a powerful technology. Our current core team, as well as the past members, were not enriched by the cripple mine, and to our knowledge, nobody involved in the initial scam lasted in the Monero community longer than the first few weeks of the coin’s existence.

This is a difficult question to answer. One answer commonly given is that we can add up the coinbase transactions (when new Monero is rewarded to a miner for solving a block). These transactions are transparent, and if we add them up we should get the total number of Monero in circulation.

It’s important to note however, that if shenanigans were to happen that increase the amount of Monero beyond what we expect to see from the coinbase transactions, they would not happen on the coinbase transactions themselves, but in a regular transaction between wallets. This would only happen in one of three ways.

One, if the cryptography that proves no Monero was created or destroyed in a transactions is fundamentally flawed. Two, if the implementation (code) of the solid cryptography is flawed. Three, if neither is flawed, but computers become powerful enough to punch through our current cryptographic schemes, and create false proofs.

This one is the most difficult to answer because of the constant fluctuation of mining in general. In fact, it may be that after this article is published this may not be the case anymore, and the next day it may become the case again. Technology in general is hard to write about definitively due to the fast moving nature of the industry, and this is especially true with mining and hashrate.

We’re not avoiding the concern, don’t worry. Let’s address it by looking at the difference between hardware centralization and pool centralization.

The fact that mining on Bitcoin can only be done on very specific hardware that is not easily accessible means that the best hardware is centralized around the manufactures. Since setting up a mining pool is trivial, we expect to see these manufacturers deploy their own mining pools, on which their ASICs mine, and indeed, we see this to be the case with the major ASIC manufacturing companies today.

This is not a solvable problem. The centralized mining pools own the hardware, the pool, and the hashes, and there is nothing that anyone can do about it.

Pool centralization, while the end result is similar, has very different, and much more changeable underpinnings. Because Monero has egalitarian mining, every miner can choose where to point their hashes. People often choose to point at a bigger pool, simply because this means they will see blocks found more often than a smaller pool.

Although, it should be noted that their individual cut of the block reward will be smaller since they are sharing it with many more people. Smaller pools find blocks less often, but each miner gets a larger portion of the block reward, and the end result is a miner actually makes an equivalent amount of money whether they are on a smaller pool or larger one, so we encourage miners to point their hash to smaller pools to further decentralize the mining.

But we digress.

You’ll notice in our encouragement for decentralization above, the fact that the miner has the power to switch pools. At any point, whether from better education, a rallying call for decentralization, or increased competition amongst pools, the hash distribution can change based off of individual miners changing where they point their hashes. The same can’t be said for mining that is centralized on the hardware level, as the ASIC manufacturers have no incentive to point to any pool other than their own, and they will not do so.

So that fact that the bulk of Monero’s hashrate is concentrated into a couple of pools is not something we are stuck with, and indeed, may be due to lack of education about mining in general. It’s something that can be fixed because the problem does not lie at the root level, unlike with Bitcoin’s hardware centralization.