Monero#Mining malware

{{Infobox cryptocurrency

| currency_name = Monero

| image_1 = Monero-Logo.svg

| precision = 10⁻¹²

| subunit_ratio_1 = {{frac|1000}}

| subunit_name_1 = millinero

| subunit_ratio_2 =

| subunit_name_2 =

| plural = moneroj

| ticker_symbol = XMR

| code = XMR

| author = Nicolas van Saberhagen

| white_paper = "[https://bytecoin.org/old/whitepaper.pdf CryptoNote v 2.0]"

| forked_from = Bytecoin{{efn|group=infobox| Source code fork shouldn't be confused with hard forks or soft forks.}}

| initial_release_date = {{Start date and age|df=yes|2014|4|18|p=y}}

| latest_release_version = 0.18.4.0

| latest_release_date = {{Start date and age|df=yes|2025|04|05|p=y}}

| code_repository = {{URL|https://github.com/monero-project/}}

| status = Active

| operating_system = Linux, Windows, macOS, Android, FreeBSD

| platforms = x86, x86-64, ARM, RISC-V

| source_model = FOSS

| license = MIT License

| website = {{URL|getmonero.org}}

| ledger_start =

| timestamping = Proof-of-work

| hash_function = RandomX

| block_time = 2 minutes

| block_explorer =

| block_reward = XMR 0.6 ≥{{cite web |last1=Trajcevski |first1=Milko |title=Monero (XMR) Tail Emission Upgrade Explained |url=https://finance.yahoo.com/news/monero-xmr-tail-emission-upgrade-123734186.html |website=Yahoo!Finance |date=8 June 2022 |publisher=FX Empire |access-date=8 July 2024 |archive-date=3 December 2024 |archive-url=https://web.archive.org/web/20241203162517/https://finance.yahoo.com/news/monero-xmr-tail-emission-upgrade-123734186.html |url-status=live }}

| circulating_supply = >18,444,828 (2024-06-02)

| supply_limit = Unlimited

| footnotes = {{notelist|group=infobox}}

| programming_languages = C++

}}

Monero ({{IPAc-en|m|ə|ˈ|n|ɛr|oʊ}}; Abbreviation: XMR) is a cryptocurrency which uses a blockchain with privacy-enhancing technologies to obfuscate transactions to achieve anonymity and fungibility. Observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.{{Cite book |last1=Braun-Dubler |first1=Nils |url=https://books.google.com/books?id=QLbrDwAAQBAJ |title=Blockchain: Capabilities, Economic Viability, and the Socio-Technical Environment |last2=Gier |first2=Hans-Peter |last3=Bulatnikova |first3=Tetiana |last4=Langhart |first4=Manuel |last5=Merki |first5=Manuela |last6=Roth |first6=Florian |last7=Burret |first7=Antoine |last8=Perdrisat |first8=Simon |date=2020-06-16 |publisher=vdf Hochschulverlag AG |isbn=978-3-7281-4016-6 |pages=165–167 |language=en |access-date=22 July 2023 |archive-date=29 October 2023 |archive-url=https://web.archive.org/web/20231029203223/https://books.google.com/books?id=QLbrDwAAQBAJ |url-status=live }}

The protocol is open source and based on CryptoNote v2, a concept described in a 2013 white paper authored by Nicolas van Saberhagen. Developers used this concept to design Monero, and deployed its mainnet in 2014. The Monero protocol includes various methods to obfuscate transaction details, though users can optionally share view keys for third-party auditing.{{Cite book |last1=Lacity |first1=Mary C. |url=https://books.google.com/books?id=htmPEAAAQBAJ |title=Blockchain Fundamentals for Web 3.0: - |last2=Lupien |first2=Steven C. |date=2022-08-08 |publisher=University of Arkansas Press |isbn=978-1-61075-790-4 |pages=9–33 |language=en |access-date=22 July 2023 |archive-date=29 October 2023 |archive-url=https://web.archive.org/web/20231029203229/https://books.google.com/books?id=htmPEAAAQBAJ |url-status=live }} Transactions are validated through a miner network running RandomX, a proof-of-work algorithm. The algorithm issues new coins to miners and was designed to be resistant against application-specific integrated circuit (ASIC) mining.

Monero's privacy features have attracted cypherpunks and users desiring privacy measures not provided in other cryptocurrencies. A Dutch–Italian study published in 2022 decisively concluded "For now, Monero is untraceable. However, it is probably only a matter of time and effort before it changes."Bahamazava K, Nanda R. The shift of DarkNet illegal drug trade preferences in cryptocurrency: The question of traceability and deterrence. For Sci Int: Dig Investigation. 2022;40 doi: 10.1016/j.fsidi.2022.301377.

Due to its perceived untraceability Monero is gaining increased use in illicit activities such as money laundering, darknet markets, ransomware, cryptojacking, and other organized crime. The United States Internal Revenue Service (IRS) has posted bounties for contractors that can develop Monero tracing technologies.

Background

Monero's roots trace back to CryptoNote v2, a cryptocurrency protocol first introduced in a white paper published by the presumed pseudonymous Nicolas van Saberhagen in October 2013.{{Cite magazine|title=Monero, the Drug Dealer's Cryptocurrency of Choice, Is on Fire|magazine=WIRED|url=https://www.wired.com/2017/01/monero-drug-dealers-cryptocurrency-choice-fire/|url-status=live|access-date=2017-11-22|archive-url=https://web.archive.org/web/20181210020727/https://www.wired.com/2017/01/monero-drug-dealers-cryptocurrency-choice-fire/|archive-date=2018-12-10}} In the paper, the author described privacy and anonymity as "the most important aspects of electronic cash" and characterized bitcoin's traceability as a "critical flaw". A Bitcointalk forum user known as "thankful_for_today" implemented these ideas into a coin they called BitMonero. However, other forum users disagreed with thankful_for_today's direction for BitMonero and decided to fork it in 2014, leading to the creation of Monero. Monero translates to coin in Esperanto. Both van Saberhagen and thankful_for_today remain anonymous.

Monero has the third-largest community of developers, behind bitcoin and Ethereum.{{Cite web|last=Murphy|first=Hannah|date=2021-06-22|title=Inside monero, emerging crypto of choice for cybercriminals|url=https://www.ft.com/content/13fb66ed-b4e2-4f5f-926a-7d34dc40d8b6|access-date=2021-06-22|website=Financial Times|archive-date=3 November 2021|archive-url=https://web.archive.org/web/20211103084755/https://www.ft.com/content/13fb66ed-b4e2-4f5f-926a-7d34dc40d8b6|url-status=live}} The protocol's lead maintainer was previously South African developer Riccardo Spagni.{{Cite web|last=Melendez|first=Steven|date=2017-12-18|title=Highly Anonymized Cryptocurrency Monero Peeks Out Of The Shadows|url=https://www.fastcompany.com/40505925/highly-anonymous-cryptocurrency-monero-peeks-out-of-the-shadows|access-date=2021-06-22|website=Fast Company|language=en-US|archive-date=18 December 2017|archive-url=https://web.archive.org/web/20171218191652/https://www.fastcompany.com/40505925/highly-anonymous-cryptocurrency-monero-peeks-out-of-the-shadows|url-status=live}} Much of the core development team chooses to remain anonymous.{{Cite web|last=Sigalos|first=MacKenzie|date=2021-06-13|title=Why some cyber criminals are ditching bitcoin for a cryptocurrency called monero|url=https://www.cnbc.com/2021/06/13/what-is-monero-new-cryptocurrency-of-choice-for-cyber-criminals.html|access-date=2021-06-22|website=CNBC|language=en|archive-date=13 June 2021|archive-url=https://web.archive.org/web/20210613145410/https://www.cnbc.com/2021/06/13/what-is-monero-new-cryptocurrency-of-choice-for-cyber-criminals.html|url-status=live}}

Improvements to Monero's protocol and features are, in part, the task of the Monero Research Lab (MRL), some of whom are anonymous.{{cn|date=April 2023}}

Privacy

File:CryptoNote blockchain analysis ambiguity.gif create ambiguity in blockchain analysis]]

Monero's key features are those around privacy and anonymity.{{Cite news|last=Hern|first=Alex|date=2017-12-11|title=Missed the bitcoin boom? Five more baffling cryptocurrencies to blow your savings on|work=The Guardian|url=https://www.theguardian.com/technology/shortcuts/2017/dec/11/missed-bitcoin-boom-five-more-baffling-cryptocurrencies-to-blow-your-savings-on|url-status=live|access-date=2018-12-11|archive-url=https://web.archive.org/web/20181215223218/https://www.theguardian.com/technology/shortcuts/2017/dec/11/missed-bitcoin-boom-five-more-baffling-cryptocurrencies-to-blow-your-savings-on|archive-date=2018-12-15|issn=0261-3077}} Even though it is a public and decentralized ledger, all transaction details are obfuscated.{{Cite news|last=Wilson|first=Tom|date=2019-05-15|title=Explainer: 'Privacy coin' Monero offers near total anonymity|language=en|work=Reuters|url=https://www.reuters.com/article/us-crypto-currencies-altcoins-explainer-idUSKCN1SL0F0|access-date=2021-06-11|archive-date=6 October 2023|archive-url=https://web.archive.org/web/20231006222512/https://www.reuters.com/article/us-crypto-currencies-altcoins-explainer-idUSKCN1SL0F0|url-status=live}} This contrasts to bitcoin, where all transaction details, user addresses, and wallet balances are public and transparent. These features have given Monero a loyal following among crypto anarchists, cypherpunks, and privacy advocates.

The transaction outputs, or notes, of users sending Monero are obfuscated through ring signatures, which groups a sender's outputs with other decoy outputs.{{cn|date=July 2024}} Encryption of transaction amounts began in 2017 with the implementation of ring confidential transactions (RingCTs).{{Cite web|title=Bittercoin: true blockchain believers versus the trough of disillusionment|url=https://techcrunch.com/2017/03/12/bittercoin-true-blockchain-believers-vs-the-trough-of-disillusionment/|url-status=live|archive-url=https://web.archive.org/web/20181220033922/https://techcrunch.com/2017/03/12/bittercoin-true-blockchain-believers-vs-the-trough-of-disillusionment/|archive-date=2018-12-20|access-date=2018-12-19|website=TechCrunch|date=13 March 2017 }} Developers also implemented a zero-knowledge proof method, "Bulletproofs", which guarantee a transaction occurred without revealing its value.Alsalami, Nasser; Zhang, Bingsheng (2019). "SoK: A Systematic Study of Anonymity in Cryptocurrencies". 2019 IEEE Conference on Dependable and Secure Computing (DSC). pp. 1–6. {{doi|10.1109/DSC47296.2019.8937681}}. Monero recipients are protected through "stealth addresses", addresses generated by users to receive funds, but untraceable to an owner by a network observer. These privacy features are enforced on the network by default.

Monero uses Dandelion++, a protocol which obscures the IP address of devices producing transactions. This is done through a method of transaction broadcast propagation; new transactions are initially passed to one node on Monero's peer-to-peer network, and a repeated probabilistic method is used to determine when the transaction should be sent to just one node or broadcast to many nodes in a process called flooding.{{Cite journal |last1=Bojja Venkatakrishnan |first1=Shaileshh |last2=Fanti |first2=Giulia |last3=Viswanath |first3=Pramod |date=2017-06-13 |title=Dandelion: Redesigning the Bitcoin Network for Anonymity |journal=Proceedings of the ACM on Measurement and Analysis of Computing Systems |volume=1 |issue=1 |pages=22:1–22:34 |doi=10.1145/3084459|arxiv=1701.04439 |doi-access=free }}{{Cite journal |last1=Fanti |first1=Giulia |last2=Venkatakrishnan |first2=Shaileshh Bojja |last3=Bakshi |first3=Surya |last4=Denby |first4=Bradley |last5=Bhargava |first5=Shruti |last6=Miller |first6=Andrew |last7=Viswanath |first7=Pramod |date=2018-06-13 |title=Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees |journal=Proceedings of the ACM on Measurement and Analysis of Computing Systems |volume=2 |issue=2 |pages=29:1–29:35 |doi=10.1145/3224424|arxiv=1805.11060 |doi-access=free }}

= Efforts to trace transactions =

In April 2017, researchers highlighted three major threats to Monero users' privacy. The first relies on leveraging the ring signature size of zero, and ability to see the output amounts. The second, "Leveraging Output Merging", involves tracking transactions where two outputs belong to the same user, such as when they send funds to themselves ("churning"). Finally, "Temporal Analysis", shows that predicting the right output in a ring signature could potentially be easier than previously thought.Kumar, Amrit et al. (2017). "[https://eprint.iacr.org/2017/338 A Traceability Analysis of Monero's Blockchain] {{Webarchive|url=https://web.archive.org/web/20170710043945/http://eprint.iacr.org/2017/338|date=2017-07-10}}". Cryptology ePrint Archive. Retrieved 2020-12-20. In 2018, researchers presented possible vulnerabilities in a paper titled "An Empirical Analysis of Traceability in the Monero Blockchain".Moser, Malte et al. (2018). "An Empirical Analysis of Traceability in the Monero Blockchain". Proceedings on Privacy Enhancing Technologies. 2018 (3): 143. {{doi|10.1515/popets-2018-0025}}.

In September 2020, the United States Internal Revenue Service's criminal investigation division (IRS-CI), posted a $625,000 bounty for contractors who could develop tools to help trace Monero, other privacy-enhanced cryptocurrencies, the Bitcoin Lightning Network, or other "layer 2" protocol.Franceschi-Bicchierai, Lorenzo (2020-09-12). "[https://www.vice.com/en/article/the-irs-wants-to-buy-tools-to-trace-privacy-focused-cryptocurrency-monero/ The IRS Wants to Buy Tools to Trace Privacy-Focused Cryptocurrency Monero] {{Webarchive|url=https://web.archive.org/web/20250504043425/https://www.vice.com/en/article/the-irs-wants-to-buy-tools-to-trace-privacy-focused-cryptocurrency-monero/ |date=4 May 2025 }} ". Motherboard. Retrieved 2020-12-17. The contract was awarded to blockchain analysis groups Chainalysis and Integra FEC.

Mining

File:Monero GUI 0.12.3.0.png

Monero uses a proof-of-work algorithm, RandomX, to validate transactions. The method was introduced in November 2019 to replace the former algorithm CryptoNightR.{{cn|date=July 2024}} Both algorithms were designed to be resistant to ASIC mining, which is commonly used to mine other cryptocurrencies such as bitcoin.{{Cite news|url=https://www.economist.com/business/2018/05/19/how-a-few-companies-are-bitcoining-it|title=How a few companies are bitcoining it|date=2018-05-19|newspaper=The Economist|access-date=2018-12-11|issn=0013-0613|archive-date=2018-12-09|archive-url=https://web.archive.org/web/20181209053922/https://www.economist.com/business/2018/05/19/how-a-few-companies-are-bitcoining-it|url-status=live}}{{Cite news|url=https://www.theguardian.com/technology/2017/dec/13/video-site-visitors-unwittingly-mine-cryptocurrency-as-they-watch-report-openload-streamango-rapidvideo-onlinevideoconverter-monero|title=Billions of video site visitors unwittingly mine cryptocurrency as they watch|last=Gibbs|first=Samuel|date=2017-12-13|work=The Guardian|access-date=2018-12-11|issn=0261-3077|archive-date=2020-11-13|archive-url=https://web.archive.org/web/20201113180709/https://www.theguardian.com/technology/2017/dec/13/video-site-visitors-unwittingly-mine-cryptocurrency-as-they-watch-report-openload-streamango-rapidvideo-onlinevideoconverter-monero|url-status=live}} Monero can be mined somewhat efficiently on consumer-grade hardware such as x86, x86-64, ARM and GPUs, a design decision which was based on Monero project's opposition to mining centralisation which ASIC mining creates,{{cite web |last1=Oberhaus |first1=Daniel |title=What Is an ASIC Miner and Is It the Future of Cryptocurrency? |url=https://www.vice.com/en/article/what-is-an-asic-miner-bitmain-monero-ethereum/ |website=Vice.com |date=9 April 2018 |publisher=Vice Media |access-date=8 January 2022 |language=en |archive-date=18 August 2022 |archive-url=https://web.archive.org/web/20220818084146/https://www.vice.com/en/article/3kj5dw/what-is-an-asic-miner-bitmain-monero-ethereum |url-status=live }} but has also resulted in Monero's popularity among malware-based non-consensual miners.{{Cite web|url=https://www.theverge.com/2017/12/19/16796084/backdoor-coin-mining-hacks-are-spreading-as-prices-rise|title=Backdoor coin-mining hacks are spreading as prices rise|last=Brandom|first=Russell|date=2017-12-19|website=The Verge|access-date=2018-12-11|archive-date=2018-12-11|archive-url=https://web.archive.org/web/20181211045111/https://www.theverge.com/2017/12/19/16796084/backdoor-coin-mining-hacks-are-spreading-as-prices-rise|url-status=live}}{{Cite web|url=https://www.zdnet.com/article/cyber-attackers-are-cashing-in-on-cryptocurrency-mining-but-heres-why-theyre-avoiding-bitcoin/|title=Cyber attackers are cashing in on cryptocurrency mining - but here's why they're avoiding bitcoin|last=Palmer|first=Danny|website=ZDNet|access-date=2018-12-11|archive-date=2019-03-26|archive-url=https://web.archive.org/web/20190326082433/https://www.zdnet.com/article/cyber-attackers-are-cashing-in-on-cryptocurrency-mining-but-heres-why-theyre-avoiding-bitcoin/|url-status=live}}

Use

Monero's privacy features have made it popular for illicit purposes.Kshetri, Nir (2018). "Cryptocurrencies: Transparency Versus Privacy". Computer. IEEE Computer Society. 51 (11): 99–111. {{doi|10.1109/MC.2018.2876182}}.{{Cite news|date=2016-08-23|title=Meet Monero, the Currency Dark Net Dealers Hope Is More Anonymous Than Bitcoin|work=Motherboard|url=https://www.vice.com/en/article/monero-cryptocurrency-dark-net-drug-dealers-hope-more-anonymous-than-bitcoin-alphabay/|url-status=live|access-date=2018-11-18|archive-url=https://web.archive.org/web/20181118122721/https://motherboard.vice.com/en_us/article/jpgv8k/monero-cryptocurrency-dark-net-drug-dealers-hope-more-anonymous-than-bitcoin-alphabay|archive-date=2018-11-18}}

After many online payment platforms shut down access for white nationalists following the Unite the Right rally in 2017, some of them, including Christopher Cantwell and Andrew Auernheimer ("weev"), started using and promoting Monero.{{cite news|last1=Hayden|first1=Michael Edison|date=27 March 2018|title=White supremacists are investing in a cryptocurrency that promises to be completely untraceable|work=Newsweek|url=https://www.newsweek.com/white-supremacists-cryptocurrency-monero-bitcoin-861104|url-status=live|access-date=6 September 2018|archive-url=https://web.archive.org/web/20190407152515/https://www.newsweek.com/white-supremacists-cryptocurrency-monero-bitcoin-861104|archive-date=7 April 2019}}{{cite news|last1=Cox|first1=Joseph|date=5 March 2018|title=Neo-Nazis Turn to Privacy-Focused Cryptocurrency Monero|work=Motherboard|url=https://www.vice.com/en/article/neo-nazis-monero-weev-daily-stormer/|url-status=live|access-date=6 September 2018|archive-url=https://web.archive.org/web/20180906124928/https://motherboard.vice.com/en_us/article/neqy7z/neo-nazis-monero-weev-daily-stormer|archive-date=6 September 2018}}

= Darknet markets =

Monero is a common medium of exchange on darknet markets. In August 2016, dark market AlphaBay permitted its vendors to start accepting Monero as an alternative to bitcoin. The site was taken offline by law enforcement in 2017,{{cite web|last1=Statt|first1=Nick|date=July 14, 2017|title=Dark Web drug marketplace AlphaBay was shut down by law enforcement|url=https://www.theverge.com/2017/7/14/15975140/alphabay-dark-web-drug-marketplace-police-shutdown-silk-road|url-status=live|archive-url=https://web.archive.org/web/20170715042453/https://www.theverge.com/2017/7/14/15975140/alphabay-dark-web-drug-marketplace-police-shutdown-silk-road|archive-date=July 15, 2017|website=The Verge|publisher=Vox Media}} but it was relaunched in 2021 with Monero as the sole permitted currency.{{cite magazine|last1=Greenberg|first1=Andy|date=September 23, 2021|title=He Escaped the Dark Web's Biggest Bust. Now He's Back|url=https://www.wired.com/story/alphabay-desnake-dark-web-interview/|url-status=live|magazine=Wired|publisher=Condé Nast Publications|archive-url=https://web.archive.org/web/20210923132523/https://www.wired.com/story/alphabay-desnake-dark-web-interview/|archive-date=September 23, 2021}} Reuters reported in 2019 that three of the five largest darknet markets accepted Monero, though bitcoin was still the most widely used form of payment in those markets.

= Mining malware =

In late 2017, malware and antivirus service providers blocked Coinhive, a JavaScript implementation of a Monero miner that was embedded in websites and apps, in some cases by hackers. Coinhive generated the script as an alternative to advertisements; a website or app could embed it, and use website visitors' CPU to mine the cryptocurrency while the visitor is consuming the content of the webpage, with the site or app owner getting a percentage of the mined coins.{{Cite news|last=Thomson|first=Iain|date=19 October 2017|title=Stealth web crypto-cash miner Coinhive back to the drawing board as blockers move in|work=The Register|url=https://www.theregister.co.uk/2017/10/19/malwarebytes_blocking_coin_hive_browser_cryptocurrency_miner_after_user_revolt/|url-status=live|access-date=3 November 2017|archive-url=https://web.archive.org/web/20171107023801/https://www.theregister.co.uk/2017/10/19/malwarebytes_blocking_coin_hive_browser_cryptocurrency_miner_after_user_revolt/|archive-date=7 November 2017}} Some websites and apps did this without informing visitors, or in some cases using all possible system resources. As a result, the script was blocked by companies offering ad blocking subscription lists, antivirus services, and antimalware services.{{Cite news|last=Goodin|first=Dan|date=30 October 2017|title=A surge of sites and apps are exhausting your CPU to mine cryptocurrency|work=Ars Technica|url=https://arstechnica.com/information-technology/2017/10/a-surge-of-sites-and-apps-are-exhausting-your-cpu-to-mine-cryptocurrency/|url-status=live|access-date=3 November 2017|archive-url=https://web.archive.org/web/20171103213655/https://arstechnica.com/information-technology/2017/10/a-surge-of-sites-and-apps-are-exhausting-your-cpu-to-mine-cryptocurrency/|archive-date=3 November 2017}}.{{Cite news|last=Tung|first=Liam|title=Android security: Coin miners show up in apps and sites to wear out your CPU|work=ZDNet|url=https://www.zdnet.com/article/android-security-coin-miners-show-up-in-apps-and-sites-to-wear-out-your-cpu/|url-status=live|access-date=2017-11-22|archive-url=https://web.archive.org/web/20171205130450/http://www.zdnet.com/article/android-security-coin-miners-show-up-in-apps-and-sites-to-wear-out-your-cpu/|archive-date=2017-12-05}} Coinhive had been previously found hidden in Showtime-owned streaming platforms{{Cite web|title=Showtime's Websites May Have Used Your CPU to Mine Cryptocoin While You Binged on Twin Peaks|url=https://gizmodo.com/showtimes-websites-may-have-used-your-cpu-to-mine-crypt-1818763497|access-date=2021-06-22|website=Gizmodo|date=25 September 2017|language=en-us|archive-date=24 June 2021|archive-url=https://web.archive.org/web/20210624210954/https://gizmodo.com/showtimes-websites-may-have-used-your-cpu-to-mine-crypt-1818763497|url-status=live}} and Starbucks Wi-Fi hotspots in Argentina.{{Cite web|title=Hackers Hijacked an Internet Provider to Mine Cryptocurrency with Laptops In Starbucks|url=https://www.vice.com/en/article/an-argentine-isp-was-hacked-to-inject-cryptocurrency-miner-code-into-starbucks-wi-fi/|access-date=2021-06-22|website=Vice.com|date=14 December 2017|language=en|archive-date=24 June 2021|archive-url=https://web.archive.org/web/20210624211534/https://www.vice.com/en/article/evabb7/an-argentine-isp-was-hacked-to-inject-cryptocurrency-miner-code-into-starbucks-wi-fi|url-status=live}} Researchers in 2018 found similar malware that mined Monero and sent it to Kim Il-sung University in North Korea.{{Cite web|last=Kharpal|first=Arjun|date=2018-01-09|title=Hackers have found a way to mine cryptocurrency and send it to North Korea|url=https://www.cnbc.com/2018/01/09/north-korea-hackers-create-malware-to-mine-monero.html|access-date=2021-06-22|website=CNBC|language=en|archive-date=9 July 2022|archive-url=https://web.archive.org/web/20220709095448/https://www.cnbc.com/2018/01/09/north-korea-hackers-create-malware-to-mine-monero.html|url-status=live}}

= Ransomware =

File:Revil-ransom-demand.png. The hackers are demanding payment in Monero.{{Cite magazine|last=Barrett|first=Brian|date=2 July 2021|title=A New Kind of Ransomware Tsunami Hits Hundreds of Companies|url=https://www.wired.com/story/kaseya-supply-chain-ransomware-attack-msps/|url-status=live|archive-url=https://web.archive.org/web/20210703001806/https://www.wired.com/story/kaseya-supply-chain-ransomware-attack-msps/|archive-date=3 July 2021|magazine=WIRED}}]]

Monero is sometimes used by ransomware groups. According to CNBC, in the first half of 2018, Monero was used in 44% of cryptocurrency ransomware attacks.{{Cite news|last=Rooney|first=Kate|date=2018-06-07|title=$1.1 billion in cryptocurrency has been stolen this year, and it was apparently easy to do|work=CNBC|url=https://www.cnbc.com/2018/06/07/1-point-1b-in-cryptocurrency-was-stolen-this-year-and-it-was-easy-to-do.html|url-status=live|access-date=2018-09-06|archive-url=https://web.archive.org/web/20180906124540/https://www.cnbc.com/2018/06/07/1-point-1b-in-cryptocurrency-was-stolen-this-year-and-it-was-easy-to-do.html|archive-date=2018-09-06}}

The perpetrators of the 2017 WannaCry ransomware attack, which was attributed by the US government to North Korean threat actors,{{Cite web |last=Uchill |first=Joe |date=2017-12-19 |title=WH: Kim Jong Un behind massive WannaCry malware attack |url=https://thehill.com/policy/cybersecurity/365580-wh-kim-jong-un-ordered-release-of-disastrous-wannacry-malware/ |access-date=2023-06-13 |website=The Hill |language=en-US |archive-date=13 June 2023 |archive-url=https://web.archive.org/web/20230613035446/https://thehill.com/policy/cybersecurity/365580-wh-kim-jong-un-ordered-release-of-disastrous-wannacry-malware/ |url-status=live }} attempted to exchange the ransom they collected in Bitcoin to Monero. Ars Technica and Fast Company reported that the exchange was successful,{{Cite web|last=Gallagher|first=Sean|date=2017-08-04|title=Researchers say WannaCry operator moved bitcoins to "untraceable" Monero|url=https://arstechnica.com/gadgets/2017/08/researchers-say-wannacry-operator-moved-bitcoins-to-untraceable-monero/|access-date=2021-06-22|website=Ars Technica|language=en-us|archive-date=22 July 2018|archive-url=https://web.archive.org/web/20180722095629/https://arstechnica.com/gadgets/2017/08/researchers-say-wannacry-operator-moved-bitcoins-to-untraceable-monero/|url-status=live}} but BBC News reported that the service the criminals attempted to use, ShapeShift, denied any such transfer.{{Cite news|date=2017-08-04|title=Wannacry money laundering attempt thwarted|language=en-GB|work=BBC News|url=https://www.bbc.com/news/technology-40826056|access-date=2021-06-22|archive-date=13 July 2023|archive-url=https://web.archive.org/web/20230713112047/https://www.bbc.com/news/technology-40826056|url-status=live}} The Shadow Brokers, who leaked the exploits which were subsequently used in WannaCry but are unlikely to have been involved in the attack, began accepting Monero as payment later in 2017.

In 2021, CNBC, the Financial Times, and Newsweek reported that demand for Monero was increasing following the recovery of a bitcoin ransom paid in the Colonial Pipeline cyber attack.{{Cite web|last=Browne|first=Ed|date=2021-06-15|title=Monero developer expects more criminal groups to use the crypto for ransoms|url=https://www.newsweek.com/monero-developer-criminal-groups-use-crypto-ransoms-justin-ehrenhofer-1600884|access-date=2021-06-22|website=Newsweek|language=en|archive-date=21 March 2023|archive-url=https://web.archive.org/web/20230321002936/https://www.newsweek.com/monero-developer-criminal-groups-use-crypto-ransoms-justin-ehrenhofer-1600884|url-status=live}} The May 2021 hack forced the pipeline to pay a $4.4M ransom in bitcoin, though a large portion was recovered by the United States federal government the following month. The group behind the attack, DarkSide, normally requests payment in either bitcoin or Monero, but charge a 10–20% premium for payments made in bitcoin due to its increased traceability risk. Ransomware group REvil removed the option of paying ransom in bitcoin in 2021, demanding only Monero. Ransomware negotiators, groups that help victims pay ransoms, have contacted Monero developers to understand the technology. Despite this, CNBC reported that bitcoin was still the currency of choice demanded in most ransomware attacks, as insurers refuse to pay Monero ransom payments because of traceability concerns.

= Regulatory responses =

The attribution of Monero to illicit markets has influenced some exchanges to forgo listing it. This has made it more difficult for users to exchange Monero for fiat currencies or other cryptocurrencies. Exchanges in South Korea and Australia have delisted Monero and other privacy coins due to regulatory pressure.Ikeda, Scott (2020-11-17). "[https://www.cpomagazine.com/data-privacy/south-koreas-new-crypto-aml-law-bans-trading-of-privacy-coins-monero-zcash/ South Korea's New Crypto AML Law Bans Trading of "Privacy Coins" (Monero, Zcash)] {{Webarchive|url=https://web.archive.org/web/20201216083805/https://www.cpomagazine.com/data-privacy/south-koreas-new-crypto-aml-law-bans-trading-of-privacy-coins-monero-zcash/|date=2020-12-16}}". CPO magazine. Retrieved 2020-12-17.

In 2018, Europol and its director Rob Wainwright wrote that the year would see criminals shift from using bitcoin to using Monero, as well as Ethereum, Dash, and Zcash.{{Cite web|last=Kottasová|first=Ivana|date=2018-01-03|title=Bitcoin is too hot for criminals. They're using monero instead|url=https://money.cnn.com/2018/01/03/technology/bitcoin-popularity-criminals-monero/index.html|access-date=2021-06-22|website=CNNMoney|archive-date=11 February 2023|archive-url=https://web.archive.org/web/20230211212620/https://money.cnn.com/2018/01/03/technology/bitcoin-popularity-criminals-monero/index.html|url-status=live}} Bloomberg and CNN reported that this demand for Monero was because authorities were becoming better at monitoring the Bitcoin blockchain.{{Cite web|last=Kharif|first=Olga|date=2 January 2018|title=The Criminal Underworld Is Dropping Bitcoin for Another Currency|url=https://www.bloomberg.com/news/articles/2018-01-02/criminal-underworld-is-dropping-bitcoin-for-another-currency|url-status=live|archive-url=https://web.archive.org/web/20210604094359/https://www.bloomberg.com/news/articles/2018-01-02/criminal-underworld-is-dropping-bitcoin-for-another-currency|archive-date=2021-06-04|access-date=2021-06-04|website=Bloomberg}}

On 20 February 2024, the cryptocurrency exchange Binance delisted Monero, citing regulatory compliance.{{cite web |title=Binance Delisting Sparks Privacy Concerns |url=https://www.ft.com/content/971ac694-f250-412c-9fe0-f956378a751a |website=ft |publisher=Financial Times |access-date=21 February 2024 |archive-date=21 February 2024 |archive-url=https://web.archive.org/web/20240221052622/https://www.ft.com/content/971ac694-f250-412c-9fe0-f956378a751a |url-status=live }}{{subscription required}}

On 11 April 2024, Kraken announced they would be delisting Monero for users located in Ireland and Belgium on June 10, 2024. As of 10 May 2024 Monero deposits and trades have been suspended.{{Cite web |title=Notice of asset delisting in Ireland and Belgium for Monero (XMR) |url=https://support.kraken.com/hc/en-us/articles/notice-of-asset-delisting-in-ireland-and-belgium-for-monero-xmr |website=Kraken |access-date=14 April 2024 |archive-date=15 April 2024 |archive-url=https://web.archive.org/web/20240415172000/https://support.kraken.com/hc/en-us/articles/notice-of-asset-delisting-in-ireland-and-belgium-for-monero-xmr |url-status=live }} On October 31, Kraken halted all trading and deposits of Monero for all users located in the EEA, and on December 31, suspended all Monero withdraws and converted any remaining Monero balances to bitcoin.{{Cite web |title=Support for Monero (XMR) in Europe |url=https://support.kraken.com/hc/en-us/articles/support-for-monero-xmr-in-europe |access-date=2025-02-01 |website=Kraken}}{{primary source inline|date=July 2024}}

In May 2025, as part of anti-money laundering measures, the EU announced that starting in 2027 it would prohibit financial institutions and crypto-asset service providers from maintaining anonymous accounts associated with privacy-preserving coins such as Monero.{{cn|date= May 2025}}