Monero
The CryptoNote Paper That Started Everything
In December 2012, an anonymous author writing under the pseudonym Nicolas van Saberhagen published a whitepaper titled "CryptoNote v 1.0." An improved version followed in October 2013. The paper diagnosed a fundamental privacy problem with Bitcoin and proposed a cryptographic solution so thorough that it would spawn an entirely new family of cryptocurrencies.
Van Saberhagen's central observation was that Bitcoin's public ledger, while pseudonymous, was not actually private. Every transaction was permanently visible to anyone who cared to look. With enough chain analysis — tracking coins as they flowed from address to address — it was possible to build detailed pictures of financial behavior. The paper called this a "transaction history problem" and proposed two cryptographic primitives to solve it: ring signatures and stealth addresses.
Who van Saberhagen actually was — and whether the name represented one person or a group — has never been definitively established. The mystery added an aura appropriate to a project dedicated to anonymity.
The Bytecoin Detour
A Shadowy Launch
The first implementation of the CryptoNote protocol was a coin called Bytecoin (BCN), launched in 2012. When Bytecoin was announced to the broader public in 2014, it claimed to have been running for two years — which meant its blockchain was already 80% mined. This was deeply suspicious. A coin that launches secretly and mines most of its supply before public knowledge is almost by definition a scheme to enrich insiders at the expense of later buyers.
The Bytecoin launch left a bad taste. The technology was genuinely interesting, but the distribution was seen as fundamentally unfair. A group of developers decided that the right response was not to abandon CryptoNote but to fork it — to take the technical foundation and restart it with an honest, public launch.
The Fork That Became Monero
In April 2014, a developer forum user named thankful_for_today announced a fork of Bytecoin's codebase under the name BitMonero (from "bit" as in Bitcoin and "monero," the Esperanto word for coin). The launch was genuinely public, allowing anyone to mine from the beginning.
The name was quickly shortened to Monero, and the project attracted a small but technically capable community. Critically, thankful_for_today turned out to be a difficult collaborator — autocratic, unresponsive to community feedback, and resistant to changes the broader group wanted. Within weeks, the Monero community voted to fork the project again, replacing thankful_for_today's leadership with a more collaborative team of seven core developers, most of whom worked pseudonymously.
This community-driven governance structure, shaped by its earliest crisis, became a defining feature of the project. Monero has always emphasized decentralized development and resistance to any single point of control.
The Technical Foundation
Ring Signatures: Hiding the Sender
The ring signature mechanism is one of Monero's most elegant privacy contributions. When a user sends Monero, their transaction does not simply link their address to the recipient's address. Instead, the sending address is mixed with a collection of other addresses from the blockchain — called "decoys" — to form a ring.
From outside, an observer can see that someone in this ring of addresses signed the transaction, but cannot determine which ring member was the actual sender. The ring size (the number of decoys) has grown over Monero's history, improving anonymity as the mix-in set gets larger.
An important refinement came with Ring Confidential Transactions (RingCT), introduced in 2017. RingCT extended Monero's privacy by also hiding the amount of each transaction. Before RingCT, transaction amounts were visible even if sender and receiver identities were obscured. After RingCT became mandatory, all three elements — sender, receiver, and amount — were cryptographically hidden by default.
Stealth Addresses: Hiding the Receiver
Ring signatures address the question of who is sending. Stealth addresses address who is receiving.
When a sender wants to pay a Monero address, they do not simply send funds to a publicly visible address. Instead, they generate a one-time address derived from the recipient's public key and post the funds there. Only the recipient, using their private "view key," can scan the blockchain and detect that funds were sent to them. To any outside observer, the one-time address looks like just another random address on the blockchain — there is no way to link it to the recipient's public address without the view key.
This means that Monero addresses are reusable without sacrificing privacy. On Bitcoin, reusing an address means all incoming transactions are publicly linked. On Monero, every incoming transaction lands at a fresh, unlinkable one-time address.
Dandelion++ and Kovri
Privacy on Monero extends beyond the blockchain itself. The network layer — how transactions are broadcast across nodes before they land in a block — can also leak information. A passive observer monitoring the network could potentially trace a transaction back to the IP address where it first appeared.
Monero addressed this with Dandelion++, a propagation protocol that routes new transactions through a random path of nodes before broadcasting them widely, making it much harder to identify the originating IP. The project also explored a deeper integration with I2P (the Invisible Internet Project) through an initiative called Kovri (later Monero I2P), though full integration remained a work in progress.
Tail Emission and Long-Term Supply
Most cryptocurrencies have a fixed maximum supply. Bitcoin will cap at 21 million coins. Monero took a different approach.
Monero's initial emission curve reduced block rewards over time, reaching a point in 2022 where the main emission ended. At that point, the protocol switched to a "tail emission" of 0.6 XMR per block — a small, perpetual inflation rate that continues indefinitely. The rationale was practical: without block rewards, miners must rely entirely on transaction fees to secure the network. Monero's developers argued that relying solely on fees could create long-term security risks if fee revenue proved insufficient. The tail emission provides a permanent, predictable baseline income for miners, ensuring the network remains economically secure even decades from now.
Monero in Practice: Privacy as a Default
One of Monero's core philosophical positions distinguishes it sharply from privacy-optional systems. On Ethereum, for example, privacy requires opting into special tools or protocols. On Monero, all transactions are private by default. There is no "transparent mode," no opt-out, no way to accidentally expose your financial information.
This design choice has made Monero popular among privacy advocates, journalists operating in repressive environments, and ordinary users who simply believe financial privacy is a basic right. It has also drawn attention from regulators and law enforcement agencies, who have found Monero transactions effectively impossible to trace using conventional blockchain analysis tools. Several exchanges, under regulatory pressure, have delisted XMR.
The debate around Monero encapsulates a fundamental tension in cryptocurrency: between the financial privacy that advocates argue should be a human right, and the transparency that regulators argue is necessary to prevent illicit activity. Monero has staked out the clearest possible position on one side of that debate — and built robust cryptography to back it up.