Why Are More Cybercriminals Using Monero Cryptocurrency?

In the cryptocurrency game, Monero is undoubtedly a big player. Whether it’s being traded, invested in, or even mined, there are plenty of reasons to get involved with this crypto. However, Monero is now being used for more illicit purposes, i.e. by cybercriminals. So, why is Monero becoming so popular among malicious actors?


What Is Monero (XMR)?

Before we get into Monero’s use by cybercriminals, let’s run through a quick overview of what it is.

Launched in 2014 by a group of developers (most unknown) via a Bytecoin hard fork, Monero’s goal has always been to offer users both privacy and anonymity. This peer-to-peer network’s privacy coin, XMR, can be traded like other big assets like Bitcoin and Ethereum, and uses a proof of work consensus mechanism known as RandomX.

Since its launch, Monero has risen through the ranks to become one of the most popular cryptocurrencies in the world, with a current worth of around $170 (though this is constantly fluctuating). Many individuals choose to both trade and mine Monero to make a profit, but this crypto’s use can stretch beyond above-board.

So why, exactly, is this coin now so commonly used in the cybercrime industry?

Why Is Monero Used in Cybercrime?

Monero’s prevalence in the cybercrime world mostly comes down to one key component of its design: anonymity.

Of course, the vast majority of cybercriminals want to remain anonymous at all times to evade the authorities, so it’s expected for these malicious individuals to do what they can to conceal their identity. This is where Monero can be of use.

Today, Bitcoin stands as the most popular currency used by cybercriminals. However, though using Bitcoin offers a lot more privacy than using traditional currencies, there are still through ways Bitcoin transactions can be tracked. On the Bitcoin blockchain, any and all transactions are recorded and can be viewed. Recipient addresses can be seen by the sender, which exposes the recipient in question to discovery.


On top of this, every single Bitcoin in circulation is uniquely recognizable via its serial number, making it even easier for it to be tracked from wallet to wallet.

The tracking of illicit Bitcoin payments was highlighted in 2021, when the FBI seized the ransom taken in the Colonial Pipeline ransomware attack. The ransom, paid in Bitcoin, was recovered from a DarkSide ransomware-as-a-service affiliate, who used that type of ransomware to attack the company and steal their data.

News of this seizure spread quickly, with many malicious actors realizing that using Bitcoin wasn’t as anonymous as they had once thought. Because of this evident risk of exposure, cybercriminals have decided to develop sneakier ways of evading law enforcement. The use of Monero is one way through which this can be done.

Unlike Bitcoin and many other cryptocurrencies, Monero transactions do not expose any address information to the sender or the receiver. This feature is known as the ring signature, and makes it incredibly difficult to track the source or destination of Monero funds. This added layer of anonymity allows cybercriminals to more easily remain elusive.

Because of its potential risks, many exchanges, such as Coinbase, do not offer Monero for trade. This makes the use of Monero somewhat limited in an above-board setting. For example, if a criminal wanted to take their Monero earnings and sell it on their go-to exchange, this may not be possible if the platform has de-listed it. Other privacy coins like Dash and ZCash have also been de-listed from some exchanges because of their involvement in illicit activities.

But this by no means makes Monero impossible to profit from. A number of big exchanges, such as Binance, still allow you to buy Monero, and offers a number of Monero trading pairs. So cybercriminals can unfortunately still benefit financially by using Monero.

How Is Monero Used in Cybercrime?

More and more malicious individuals and groups have adopted Monero for payment. This includes REvil, one of the world’s most prolific Ransomware-as-a-Service (RaaS) operators. This dangerous group initially offered discounts to victims who chose to pay the requested ransom using Monero instead of Bitcoin. But now, REvil demands all of its ransom payments in the Monero.

Other ransomware groups have also been known to add premiums to ransoms that are paid in Bitcoin instead of Monero. In fact, some groups now only accept payments in the form of Monero.

Another malicious entity, known as AlphaBay, also used Monero during its operation. AlphaBay was a darknet marketplace that operated as an onion service via the Tor network. While AlphaBay initially only accepted Bitcoin payments, the service adopted Monero payments in 2016, which actually played a role in the growth of the crypto’s popularity in illicit settings.

Monero is also used in cryptojacking. This is an illegal process that involves the hijacking of a victim’s computer in order to mine cryptocurrency. This allows the malicious actor to profit from crypto mining without incurring any upfront hardware, electricity, or maintenance costs. In many cryptojacking cases, Monero is chosen as the crypto to mine, as the XMR rewards that an attacker will receive from mining in this way will therefore be untraceable.

The Monero Hard Fork

In August 2022, the Monero blockchain underwent a hard fork to increase the cryptocurrency’s level of privacy even further. The hard fork involved an increase in the sizes of the “rings” used in Monero’s ring signature feature. When the ring size increases, more transaction signatures can be merged, increasing each user’s degree of anonymity within the network.

While this hard fork is good news for users in general, it also provides an increased level of anonymity for cybercriminals. The better a malicious actor can conceal their identity, the more ideal for them, so Monero’s privacy developments are unfortunately helping these illicit individuals as well as legal users.

Monero’s Use in Cybercrime Is Only Increasing

While many crypto traders still use Monero for legitimate reasons, there’s no denying that its presence in the internet’s criminal underbelly is growing with time. With Monero’s high levels of privacy and anonymity, it’s no surprise that it’s become a favorite among cybercriminals, and it’s likely that we’ll continue to see its prevalence grow in this illicit industry in the future.