One of the most common issues I deal with as someone passionate about personal privacy is fighting through common fear, uncertainty, and doubt (FUD) that is mentioned by those who don’t understand an issue thoroughly, or from people who are maliciously spreading FUD to demean a project or tool they don’t want people to use.
While this is a key issue across the privacy space, it’s often the worst in the cryptocurrency space due to the in-built incentives in cryptocurrencies that lead to greed and tribalism.
In this specific post I’ll attempt to walk through the most common FUD around Monero (both valid and invalid) and help to clarify many of these points. Note that much of the FUD spread has a sliver of truth but does not often tell the full story or approach difficult technical topics with nuance, so I’ll try to remedy some of that today by laying out the facts and letting the reader decide if that point of FUD is something that personally concerns them, or not.
All I want out of this post is people to have the chance to make well-informed decisions – I don’t expect to sway anyone or change minds, but hopefully the information container within this post will help to clarify things for you.
Let’s walk through the common FUD points one-by-one below.
Monero has an infinite supply
This one is very common from the Bitcoin crowd, and is technically true.
However, there is a lot of thought and intentional design that has gone into the supply dynamics of Monero. Monero implements a “defined supply” of 18.4m coins, and has a tail emission of 0.6XMR per block after the defined supply has been mined. That tail emission starts ~May, 2022.
This means that Monero has extremely low inflation that approaches 0% forever, and is technically “disinflationary” or “asymptotatically approaching 0% inflation”. The inflation rate is currently lower than Bitcoin and gold, and will continue to decrease. It’s also important to realize that a low inflation rate like that of Monero is a way to replace lost coins over time in circulation, but is likely even too little inflation to account for lost coins (rough estimates are ~1.5% of coins lost in circulation each year, compared to Monero’s current inflation rate of 1.12% as of writing). This would mean that Monero is in fact deflationary, even with the low perpetual issuance.
It’s also extremely important to make it clear that Monero’s supply is pre-defined, verified and enforced via consensus, and entirely predictable, just like Bitcoin’s – you can know the inflation rate and totaly supply at any point in the future without doubts.
This tail emission enables two key features in Monero
- A lower bound of network security forever (miners will always be able to rely on 0.6XMR per block, no matter the fee market)
- A dynamic block size (Monero’s blocks can grow/shrink to adapt to short-term increases in usage, with a penalty to mining rewards during these times).
For more on both of these, see the resources below.
- “Why Monero has a tail emission”:
- “How Monero Solved the Block Size Problem That Plagues Bitcoin”:
- Excellent Twitter thread on Monero’s tail emission and supply approach:
- Inherent risks in not having a defined block reward in perpetuity:
Monero’s long-term emissions as a percentage of total supply (notice they are constantly approaching 0%):
You can’t audit the Monero supply
This is probably the most common point of FUD brought against Monero, and is caused by the complexity and nuance involved in understanding how supply audits work in cryptocurrencies.
Monero’s supply can be easily audited by anyone running a Monero node, but this process does rely on the soundness of the
monerod software implementation and the validity of cryptography used in range-proofs. These range-proofs allow it to be mathematically proven that the inputs and outputs of each transaction add up to zero without revealing amounts, ensuring that the supply is sound and not inflated in any way. Every node on the network is validating these range-proofs in each transaction every time a transaction is first seen, and validating all historical range-proofs when initially syncing.
A manual audit is possible because coinbase transactions (those transactions that are mining rewards in each block including issuance + transaction fees) are intentionally transparent and amounts of these outputs are not obfuscated in any way. Monero users running a node can simply validate these totals on-demand, and all node owners are constantly verifying the amounts in transactions via range-proofs.
Unlike Bitcoin, however, Monero users cannot simply do “napkin math” and validate the supply by manually adding up UTXO amounts, as transactions are never known-spent by the network, only by the parties involved in each specific transaction. This does force some added reliance on code/cryptography over Bitcoin, but as-of-yet I know of no one validating the Bitcoin supply this way. It does remain a valuable advantage of a transparent cryptocurrency, though it comes at the cost of the transactional privacy of every user in the system.
- Excellent and nuanced blog post on auditability in cryptocurrencies:
- Very thorough and detailed talk on the issues surrounding auditability in cryptocurrencies:
- Detailed presentation from Aaron Feickert on supply auditablity in cryptocurrencies:
- Audio clip about auditability in Bitcoin and Monero:
- Anyone can easily verify the supply of Monero:
Independently verifying the supply of Monero is trivial. pic.twitter.com/wA9Og7r4Zb— Ric “el pony esponjoso” (@fluffypony) August 8, 2020
- Independent supply verification tools that confirm no hidden inflation
- These tools were written by a third-party developer in a different language (Python) and confirm that there is no auditability issue present.
- Monero vulnerability that was not exploited and was detectable
- Bitcoin vulnerability that was exploited and was detectable
- Bitcoin vulnerability that was not exploited and was detectable
Monero can’t scale
This point of FUD is one that is hard to get to the bottom of as well, as there are lots of other questions that come out of it. I’ll focus on transaction size in this one, as that is the most common complaint about Monero.
Monero is, in fact, the most scalable cryptocurrency when used privately, and even when compared with default, transparent Bitcoin usage, its transactions are only ~3-4x the size of Bitcoin transactions today. Monero’s transactions were much larger in the past, but the Monero community, researchers, and developers have worked hard to improve the efficiency of Monero, bringing transactions down from ~13kb when RingCT was first introduced to ~1.4kb today.
I’ve written an entire blog post around this topic, so for more on that see the resources below.
Monero’s hard-forks make it centralized
The key points I would make around this are walked through in detail in the Twitter thread below, but here are some bulletpoints on Monero’s hard-forks:
- Monero used to hard-fork every 6mo, but now only hard-forks as-needed for key network upgrades
- Monero’s hard-forks enable it to constantly improve and adapt its privacy protocol (among other things) to stay ahead in the privacy arms race
- Monero’s hard-forks always include thorough code review before merging, and if any key parts of consensus code are touched (like with the upcoming Bulletproofs+), the code is audited by multiple 3rd-party auditing groups/companies
- The process of deciding what goes into a hard-fork, when to hard-fork, and what approaches to take all happens publicly, either on Github or in IRC/Matrix (mostly through scheduled meetings)
- Monero has yet to have a contentious hard-fork, showing strong community support for every hard-fork so far
- Blog post on scheduled upgrades in Monero:
- Long thread on the details around how Monero hard-forks and what they mean for centralization/decentralization:
1/ Apparently the "Monero hardforks every 6mo which makes it centralized/vulnerable to attack" FUD is circulating again, so here's a quick thread on that common misconception.— Seth For Privacy (@sethforprivacy) May 26, 2021
Monero mining is centralized
Monero’s approach to mining is almost entirely unique in the cryptocurrency world, as its community has maintained a core ethos of ASIC-resistance from the inception of the project.
Monero aims for ASIC-resistance for three core reasons:
- Get back to “one CPU, one vote”
- Ensure easy access to Monero mining by as many people as possible
- Increase the security and decentralization of the network by increasing manufacturer and geographical diversity in mining Monero
This goal has been accomplished via a few different mining algorithms in Monero’s history, but the current algorithm, RandomX, has successfully prevented ASICs on the Monero network for over two years, despite a bull market and growing usage increasing the allure of mining Monero to ASIC manufacturers. I won’t go into the technical details of RandomX here, but feel free to read through the resources below for more details.
While Monero does have drastically less miners and energy used to secure the network compare to Bitcoin or Ethereum, it remains secure and extremely decentralized due to the technical approach in RandomX and the grassroots nature of the community up until now. This was made abundantly clear when ASIC-dominated coins experienced massive drops in hashrate (including Bitcoin!) when China banned mining in April, 2021:
- Excellent explainer on RandomX:
- A detailed look at why RandomX is so unique:
- Monero faired extremely well during the ban on mining in China, unlike ASIC-dominated networks:
Why is RandomX "orders of magnitude more vulnerable to centralization"?— Seth For Privacy (@sethforprivacy) December 15, 2021
Care to explain?
It's extremely decentralizing in reality, as anyone, anywhere can mine Monero with common hardware instead of relying on limited ASIC manufacturers.
Looks like Monero handled it better here: pic.twitter.com/3CbZWudRZS— Douglas Tuman (@DouglasTuman) December 14, 2021
- A look at the economics of 51% attacking Monero
That depends heavily on the type of attack, but acquiring hardware alone (in my napkin math) would require ~$150,000,000 for 51% of the network, and then require ~$100k/d in elec cost to maintain, assuming no increase in non-malicious HR.— Seth For Privacy (@sethforprivacy) December 15, 2021
Monero has no adoption
Thankfully, this one is quite easy to answer and is growing more incorrect by the day.
Monero is gaining strong acceptance in both the standard economy among merchants, FOSS projects, etc., but also completely dominates the black and grey-market economies as the preferred method of payment. Monero is consistently one of the most widely supported cryptocurrencies despite no venture capitalist investors, no pre-mine, no dev-tax, no marketing team, and no centralized corporation running things and driving adoption.
All of Monero’s adoption is due to grassroots marketing, word-of-mouth, and technical merit due to Monero protecting both sender and receiver privacy so well while keeping fees low.
- Broad and growing acceptance of Monero with merchants (over 1,200 merchants as of writing):
- Simple usage of Monero to buy gift cards to most popular online merchants:
- Using Monero to pay for travel, lodging, etc.
- ProxyStore, allowing you to purchase goods and services via Monero:
- Thread detailing some of the many ways that Monero is used around the world:
Many examples are given in these two episodes:https://t.co/HybcOTyWMFhttps://t.co/4WuTtwrQjT@AnarkioC has many similar examples, and relies on Monero/Bitcoin due to no access to ID: https://t.co/YXDqactObk— Seth For Privacy (@sethforprivacy) November 17, 2021
KYC/AML-regulated exchanges won’t support Monero/governments will ban Monero
This one is a key point of contention for me, as while I see no reason for regulated exchanges to not support Monero (in a legal or regulatory sense), I’m not really worried about whether or not centralized exchanges (the Coinbase.com’s of the world) choose to list Monero or not. Exchanges like these are an easy point of control and surveillance for malicious entities and nation states while creating immense risk to end-users for data breaches, hacks, and leaks.
Monero should be supported everywhere, but the Monero community is committed to building out on/off-ramps that can enable easy access to Monero for people around the world, without disclosing personally identifiable information or putting their own privacy and data at risk.
I’ll put some resources below to browse, but for those that specifically would like to see centralized exchanges support Monero, I’d recommend looking at the first entry from Perkins Coie.
- “Anti-Money Laundering Regulation of Privacy-Enabling Cryptocurrencies”
- Short audio clips on why KYC is harmful:
- A great explainer and guide on avoiding KYC:
- An amazing list of KYC-free exchanges, merchants, and more:
Excellent decentralized exchanges supporting Monero:
- LocalMonero, an excellent and privacy-preserving way to buy and sell Monero
- Haveno, a WIP decentralized and entirely peer-to-peer exchange
- Atomic swaps (WIP)
Monero can’t support layer-two networks (like Lightning)
While Monero does lack the complex compute capabilities of Ethereum and the simple scripting ability of Bitcoin, there have already been some fascinating approaches presented by researchers on how to support layer-two networks like Lightning on Monero without protocol changes today, in theory.
Monero’s layer-one scaling (much of which was mentioned previously in this post) also allows for a much longer runway without needing a layer-two network, even though layer-two networks could provide both better scaling and more privacy through ephemerality (transactions not being published to a permanent ledger).
For more on the possibility of layer-two networks in Monero, see the resources below. Please note, however, that none of these approaches have been deployed on Monero and may have issues not yet seen in the theoretical papers.
- “PayMo: Payment Channels For Monero”
- Twitter thread on PayMo by one of the authors:
PayMo: Payment channels for Monero!— Sri AravindaKrishnan (@aravind16coiner) November 19, 2020
Monero users can now make fast off chain payments without requiring any fork on the Monero chain! Check out the paperhttps://t.co/DoXLNoDiVa Co-authored by Giulio Malavolta, Fritz Schmidt and Dominique Schröder. @MoneroTalk @monero
- “Sleepy Channels: Bitcoin-Compatible Bi-directional Payment Channels without Watchtowers” (also applies to Monero with PayMo)
Hopefully this brief post has given you some good info and resources to come to your own well-informed conclusions, and can help to dispel some of the common myths and FUD surrounding Monero today.
If you have any questions from this post or would like more information on a specific aspect, please reach out via Signal, SimpleX, Threema, or Nostr.