Highly Anonymized Cryptocurrency Monero Peeks Out Of The Shadows

Weezer and Mariah Carey merch are part of a mainstream push for a cryptocurrency that hackers are surreptitiously mining on hijacked computers.

Highly Anonymized Cryptocurrency Monero Peeks Out Of The Shadows
[Photo: Flickr user Larissa Green]

Over the past year, the privacy-focused cryptocurrency monero has grown by more than 3,000%, and in recent weeks soared to new heights, trading above $330 for the first time amid promises by its developers of lower transaction fees.


The price surge, which echoes the recent explosion in bitcoin’s value, also coincides with another trend: hackers are quietly hijacking significant numbers of computers to run code that mines the currency. In recent months, crypto-jacking malware has reportedly been secretly mining monero as people watched videos on websites owned by Showtime and Ultimate Fighting Challenge and as customers at Starbucks cafes in Argentina used Wi-Fi. According to Reuters, the Russian pipeline giant Transneft said last week that it had discovered software surreptitiously mining the cryptocurrency on some of its computers. “It could have a negative impact on the productivity of our processing capacity,” Transneft vice-president Vladimir Rushailo reportedly told company executives.

The three-year-old currency’s privacy-focused design has also made it handy for darknet drug deals and money laundering. In September the Milan-based security firm Neutrino reported that someone had moved payouts that had been collected in May’s widespread WannaCry ransomware attack from bitcoin to monero, which is presumably easier to surreptitiously convert into fiat currency. (In June, a leaked NSA memo linked the WannaCry worm to North Korea.)

Still, monero’s developers are hoping that the currency’s ease of mining and privacy features—the very features that make it so appealing to hackers and criminals—can help it baby-step into the mainstream. They’ve enlisted some star power too: Earlier this month, the monero team announced a partnership that lets people spend the cryptocurrency at official online stores for big-name musicians like Dolly Parton, Weezer, Mariah Carey, and the Backstreet Boys. Dubbed Project Coral Reef, the initiative offers discounts when buying music or merchandise from some of the 35 participating artists using monero.

“Project Coral Reef is a very important step towards the mainstream adoption of monero,” Riccardo “fluffypony” Spagni, the currency’s core developer and lead maintainer, said in a statement.

Spagni, who is based in South Africa, is also the founder of Globee, a cryptocurrency payment processor that’s involved in Coral Reef. He launched the music-merch project with Naveen Jain, a Bay Area entrepreneur who’s also the founder of Clique Here, an entertainment marketing firm that works with some of the artists participating in the partnership, and digital creative agency Sparkart.


As with most cryptocurrencies, monero transactions are recorded in a shared, cryptographically verified ledger known as a blockchain, using numeric addresses that have no meaning in the outside world. But unlike bitcoin, where it’s possible to monitor the flow of currency from address to address and therefore infer connections between users, monero uses additional cryptographic techniques to obscure who’s sending how much money to whom.

That anonymity, say its developers, makes monero more like cash. Assuming the math and engineering hold up to growing scrutiny from rival currency promoters, independent researchers, and government crypto experts, there’s effectively no way to distinguish between units of monero that have been involved in illicit or unsavory transactions and those that have only ever been used to buy legitimate goods like Marilyn Manson memorabilia.

Monero’s supporters emphasize that this anonymity can help keep legitimate users’ transactions private from a slew of bad actors. “Consumers using monero can trust that their transaction information will not be hijacked by thieves or commoditized by data brokers,” Jain said in a statement.

Some of the artists participating in a monero promotion [Image: Project Coral Reef]

Crypto-Jacking—And A New Way To Fund Journalism and Bail

Monero’s other attraction—for legitimate users and cybercriminals alike—relates to how it’s mined. Unlike other popular cryptocurrencies, monero’s underlying algorithms make it practical to mine with conventional computers as opposed to the specialized hardware required by popular cryptocurrencies like bitcoin.

AdGuard, makers of ad-blocking software, estimated that in recent months so-called cryptomining had been used on thousands of sites with a total estimated traffic of a billion monthly visits. This week, the firm said it had also found four video-streaming and file-sharing websites—with an estimated total 992 million monthly visits—have been mining monero without their visitors’ knowledge, generating more than an estimated $326,000 per month by today’s monero prices.


And, as monero’s prices continue to rise, malicious mining software will likely become more prevalent, says Cameron Camp, a researcher at security firm ESET. In one case the firm publicized in September, a crypto-jacking cybercriminal made over $60,000 in monero over three months. “Quite frankly, criminals are looking for return on investment,” he says.

Spagni readily acknowledges the nefarious uses for monero, and in an interview he condemned the illicit mining of monero. But, he argued, the same technology used by crypto-jackers could be put to good use, like raising charitable funds or paying for content on the internet.

Monero’s price has surged 3,000% this year [Chart: Tradingview]
“I don’t agree with anyone’s computer being abused without their knowledge,” he says. “Yet the technology that is being abused presents an entirely new way of monetizing a service on the internet.” This could enable a “free” version of Netflix or provide a new funding stream for journalism.

“Imagine if traditional news outlets didn’t have to have paywalls or be covered with ads because your computer mined whilst you read their articles,” he wrote. He said he hoped monero “ultimately opens up access to internet services to all people regardless of financial standing.”

At least one VPN product even offers free service to users, whose computers automatically mine monero as they use it. Popular torrent index The Pirate Bay has mined monero using visitors’ CPUs since October. And an app called Bail Bloc lets Mac OS users volunteer their CPUs to mine monero in order to pay bail for poor people awaiting trial, helping to keep them out of jail.


The New Inquiry magazine, which helped build the app with the Bronx Freedom Fund, used historic data and monero mining simulations to estimate that if 5,000 people were to run Bail Bloc for one year, they could make enough money to free 1,800 people from pretrial detention, given that average bail is less than $1,000. The app lets you see how many people are donating to the effort on a near-daily basis, and how many people the mined money has helped.

Bail Bloc’s statistics page

Even more privacy is coming to monero, say its developers. Future versions of the currency are slated to use an in-development tool called Kovri, an anonymizing service similar to Tor, which will make it harder to track monero users through their use of the public internet.

Monero’s developers are also testing an improvement to its confidential transaction protocol that would use a type of mathematical proof nicknamed “bulletproofs” to make sending the currency cheaper and more data-efficient. Should those upgrades succeed, they could help make the currency even more compelling for both legitimate and more nefarious purposes.

Related: How To Make A Secret Phone Call

Monero is “like the internet version of cash,” Jain said in a phone interview. “Criminals have been moving cash around since the invention of cash.”


Correction: An earlier version of this story described Spagni as one of monero’s creators. He is a core developer of the currency; the creators’ identities are unknown. Fast Company regrets the error.  

About the author

Steven Melendez is an independent journalist living in New Orleans.