The former lead maintainer of the Monero repository (the guy who hijacked Bitmonero from TFT 2 weeks after launch), and founder of scam Tari, a to be launched coin with 30% premine, attempts to manipulate a naïve Zcash user into believing Monero has a bigger anonymity set than Zcash. Well, the thing is that even if only 5 people were using Zcash, Zcash would still have better privacy than 1 million people using Monero. The reason is simple, in Monero it doesn't matter how many people use it because the real spend is included among the inputs of each transaction and obfuscated with 15 decoys. Of these 15 decoys, 11 can be eliminated just by looking at decoy age. Therefore the real anonymity set of every XMR transaction is AT MOST 4.2 (source: Monero Research Labs, for one). Zcash, OTOH, uses zk proofs & zk-SNARKs. Which means the anonymity set is equal to the total number of shielded outputs onchain. Ricardo Spagni is being charged with 378 counts of fraud and forgery in SA.

Coinmarketcap never updated Dero's supply when Stargate hit mainnet in 2022, it kept showing the Atlantis based supply. Today CMC still shows the circulating supply of ~2 years ago but has also added a warning over "an anomalous" spike. FUDers must have paid some good money to get CMC to show that warning. As a reminder, Dero is in alpha and has randomness reuse in place that allows auditing all transaction amounts. If there was a proofs bug, there would have been other signs and CMC, which is not a CEX and doesn't run a Dero node, definitely has no way of detecting "an anomalous spike". If you wanted proof that Dero FUDers are getting desperate, this CMC warning is it.

Have you heard of QUBIC? I hadn't until last year. It's a new AI coin created this cycle, $160M mcap. The founder is a crypto legend, CfB. Some seem to think Cfb could be Satoshi (I don't think so personally, but the cult is strong). While I'm not familiar with Qubic's tech in depth, they definitely could be making it to the cypherpunk history books. Contrary to all the fake OG cypherpunks cowering in fear and bending their knee to Palantir, scared to say/explain how Monero is trivial to trace and obsolete because "Palantir & Chainalysis work with law enforcement and could create me trouble", these Qubic guys DGAF. Knowingly or unknowingly, Qubicans are probably on track to expose the biggest crypto scam since Bitconnect (Monero). In true cypherpunk fashion and just like Satoshi would have done, they're voting with their CPUs by mining XMR (because they can, and the valuation is outrageously high) and selling it for QUBIC (because they believe in decentralized AGI). Monero is a huge instance of the market being lied to, as the tech is 100% obsolete and trivial to trace (as they even admitted themselves with OSPEAD). Chainalysis inflates its valuation artificially and probably controls most of the hash. If someone who is not aligned with & brainwashed by Chainalysis starts mining Monero, the game changes. This is why I think Qubicans are absolutely right to believe that QUBIC is worth more than Monero, and if by accident they end up controlling enough hash they might even make it unsustainable for Chainalysis to artificially inflate XMR's market cap to keep scamming with it. A high market cap is key to their crime marketing strategy to label Monero as the biggest privacy coin and to attract more victims into their honeypot. Some Monero crybabies are already screaming for help on Reddit, by the way.

A few words on Tari, Spagni's latest scam: Tari utilizes Mimblewimble protocol for privacy and launched with a 30% supply premine. This has the same effect on tokenomics as an inflation bug exploited on day 1, so I'd expect it to pump hard early on and dump non stop thereafter. Privacy: think Monero but without rings, where inputs and outputs (Pedersen Commitments) of all transactions happening in a certain block are aggregated together to make it difficult to map a specific input to output. But, OTOH, you know exactly when a commitment is spent, and also by logging everything you trace everything. Tari also has no smart contracts, no VM. Just Tariscript similar to Bitcoin's script. All Monero scammers are shilling this in full force.

Serial scammers from the Solana trenches Jake Gagain (1, 2) and Crashiusclay (1, 2, 3) are now shilling Monero. What's going on here? Let's see...Solana is owned by the so called Paypal mafia, just like Ethereum. David Sacks (Trump's crypto tzar and former COO of Paypal) was one of Solana's early investors. Chamath, a friend of Sacks, has been one of Solana's biggest promoters. Palantir was funded by (among others) Paypal co-founder Peter Thiel (Vitalik was awarded a Thiel Fellowship in 2014) and David Sacks (Craft Ventures). Palantir's mission has always been "data analysis tools for intelligence and law enforcement" (a honeypot like Monero is a great fit) and originally used Paypal's fraud prevention algorithm. Today Palantir has a product called Foundry for Crypto, which maps offchain identities to onchain activity. Palantir and Chainalysis were both seed funded also by In-Q-Tel (CIA's Venture arm). Jaka Gagain shilled Saitama in 2021, a scam that was infiltrated & exposed by an FBI Trojan horse crypto project. Later, Jake Gagain turned into full time Solana pump and dump promoter/serial scammer. Why are these Palantir KOLs promoting Monero now? Is it because Monero is private (we know it's not), or because it feeds grants to their Chainalysis/Foundry for Crypto business (it has to be this one)?

If Monero isn't private, then why are EU CEXes delisting it for MiCA?
EU CEXes have also delisted USDT for not being MiCA compliant, does that mean USDT is private?

If Monero isn't private, then here is my transaction ID trace it.
To trace Monero one has to: analyze the full node for timing patterns (like those employed by OSPEAD); run multiple sybil nodes to collect offchain metadata; have access to transaction data filed quarterly by centralized exchanges. Monero tracing requires computational resources that the average individual doesn't have access to, just like the average individual cannot afford to bribe a Facebook/X employee to dox a Facebook account. Does that make Facebook private?

If Monero isn't private, then why is it the most used currency of DNMs?
Monero is not the most used currency of DNMs, BTC is. Does that mean BTC is private?

If Monero isn't private, then why can't you name one single case where Monero was traced?
Case 1: Lazarus Wannacry Monero Traced (2017);
Case 2: Columbian DNM admin in Chainalysis IRS presentation (2020);
Case 3: Julius Aleksanteri Kivimäki Monero traced (2022);
Case 4: Yuta Kobayashi Monero traced (2024).

Study the tech and you will realize Monero simply cannot be private (and never will). Everything else is just crime marketing and/or mental gymnastics by those who have got no clue about its tech or are paid to promote it (eg: Jake Gagain, CrashiusClay, Zachxbt, EdgeWallet).

If privacy is a niche, then why does almost everyone use a pseudonym online? Why do people share fake countries, fake names, fake ages, and fake professions when chatting online? Privacy is an instinct, just like sex. We don't need Naomi Campbell to promote privacy and raise awareness about privacy. Just like people instinctively know what to do when they find themselves in front of a person they find attractive, they also instinctively seek privacy when they feel exposed. This is also why compliant privacy L1s are as likely to succeed as compliant sex (imagine: "by law, only missionary sex is allowed") dating apps.

Awareness of exposure is what pushes people towards privacy. It's not that most crypto users don't care about privacy, but there is simply a very low awareness of exposure in crypto right now. Most still think that by buying crypto they are exiting the banking system and going dark, few know that by buying crypto (through KYC) they're broadcasting to the entire world/engraving onchain their financial & KYC data, forever.

Why was the Cypherpunk Manifesto written by cryptographers and not poets? Because cryptographers and engineers were the population with the highest awareness of exposure in the electronic age. While everyone else thought that the internet was a black box where everyone is anonymous and free, cryptographers and engineers had a deep knowledge of its insides and how they could or were being used for surveillance.

Why have people from Darknet Markets stopped using Monero despite the heavy crime marketing we see? The reason is simply because criminals talk to each other (in jail). After a certain point, stories that lead to Monero get out. These stories increase awareness of exposure and therefore have pushed them to seek alternatives outside of XMR.

So is privacy something only few outliers/rebels care about? Not really, everyone cares about privacy. It's a biological instinct baked in each of us (remember the good ole fig leafs?). The reason why it doesn't matter as much in crypto as in messaging apps, is that in crypto there is still a relatively low awareness of exposure.

Like I've said before, privacy doesn't really need any crime marketing. Honeypots, on the other hand, do. Privacy doesn't because people naturally seek privacy as awareness of exposure increases through stories of surveillance/failures in what we thought was private (not suggestions about how to go dark for the purpose of committing a crime, ie crime marketing). One of the sources of fuel for this awareness is, of course, the constant clash of laws with the real life and the gap that there will always be between laws and real life (which I discussed here). By the way, this is an important philosophical concept discussed by Agamben, Benjamin, Schmitt and others: the perpetual gap between normative order (law) and ontological reality (life). Whenever this gap is violated, awareness spikes higher.

🚨Kaspersky has issued a report about a sophisticated malware campaign that targets exposed Docker APIs to mine Dero. The malware consists of 2 parts, nginx and cloud. The first (nginx) continuously scans for exposed environments to inject itself, while cloud is the dero miner software. In other words, this malware spreads on its own. In 2025, Kaspersky found 485 exposed Docker API ports per month globally.

In 2023, Crowdstrike discovered the first-ever Dero cryptojacking campaign targeting Kubernets. In '24 Wiz Security documented an updated variant of the same malware.

Why are these advanced hackers going to such great lengths to mine Dero? The current market cap and liquidity are extremely low. Since Dero isn't really easy to cash out this looks a lot like spec mining via a sophisticated malware campaign. The reason? Maybe Dero's tech: state of the art privacy (in a league of its own as explained here), smart contracts with interpreter VM (the only L1 in crypto), egalitarian cpu mining.

To evaluate Monero's honeypot risk score let's look at the ratio of daily transactions (~25k) and the total number of Monero nodes (~14k), and then compare it to that of other coins like BTC (~22k nodes, 396k TXs), ETH (11214 nodes, 1.5M TXs) , LTC (1167 nodes, 200K TXs). This can measure the likelihood that the current amount of Monero nodes is organic and not inflated by Sybil nodes. Based on data available online, Monero's transactions per node ratio (~1.7) is more than 10x lower than that of Bitcoin (~18) and very close to 1. This suggests that Monero's node network is dominated by sybil nodes at a ratio of 10-to-1 (10 XMR sybil nodes for every user node).

Another way to interpret the low ratio, in practical terms, is that for every Monero daily transaction there is 1 dedicated node in the network serving the broadcaster of the transaction. By comparison, in ETH and LTC a node serves, on average, 133 and 173 transactions per day respectively. Bitcoin makes a good, realistic benchmark because it is the original cypherpunk coin (not the case with ETH and LTC) with a community that always encouraged its users to run full nodes as part of its culture. The amount of sybil XMR nodes per user node is probably even higher when we consider that the average Monero user is less likely than the average BTC user to run their own node.

Like I've been explaining for a while, Monero is obsolete privacy tech turned honeypot by Palantir/Chainalysis (both funded by In-Q-Tel) via crime marketing. Monero tracing exploits its old privacy tech (UTXO accounting model & key images) but offchain metadata is also crucial (ie: Sybil nodes generate profit). In BTC/LTC/ETH tracing, OTOH, offchain metadata play a marginal role, which is why in coins like ETH and LTC the tx-per-node ratio is so high as there is no utility/profit generated by Sybil nodes.

To be able to use offchain metadata consistently, Palantir/Chainalysis would need a huge enough network of full Monero nodes in order to maximise the probability that any user not using a full node sends the transaction to a node that reports back to Chainalysis. And in cases where users run their own nodes, to still be able to tell which node a specific transaction originated from despite Dandelion. Monero's outstandingly low tx/node ratio suggests a huge sybil network 10x the size of organic Monero nodes is already in place.

XMR PROOF OF SYBIL: When TARI launched, it reached 11,300 full nodes within 24h from Monero's total 12,560 nodes.

The event was immortalized in a tweet by @Donttracemebruh. Even if we completely disregard TARI's huge 30% premine and its founder's poor reputation (recently involved in the CSS hack controversy), 11k nodes in 24h (even before marketing started) doesn't make any sense unless the nodes were the Monero Sybil nodes controlled by one entity that decided to run TARI in parallel.

That would explain how TARI bootstrapped its node infrastructure so quickly. For Monero, that implies a Sybil-to-user node ratio of at least 10:1, in the same range as estimated when comparing Monero to Bitcoin.

In addition to the transaction per node ratio, this is an even stronger piece of evidence that Monero has been fully Sybiled by a network of at least 11,000 nodes (min 90% of nodes).

Everyone in Monero seems to finally agree with the proposition that Monero has no receiver privacy. Monero's defense has now been reduced to "you can see receiver's output, but you can't tell when that output is spent". This is also blatantly false. Here is a list of ways to detect when an output TXO1 is spent:

1. OSPEAD/output age analysis: if the owner of the output spends TXO1 too soon or too late, the output will be exposed as the real spend because it will be too old or too young for the decoy selection algo to have picked it.
2. Cluster analysis: if we've sent money more than once to the owner of the output, or if we know of other outputs they control because we collect information from CEXes (or other offchain metadata), then whenever TXO1 appears in a transaction with other outputs from the same spender we know that it's being spent.
3. Spam attack: If after sending TXO1 we start spamming the chain with new outputs by sending dust amounts to ourselves, then if TXO1 appears in a transaction where a sufficient number of spam TXOs are included, by exclusion we can find out where TXO1 is spent. Note that we don't need 15 spam TXOs to be included, we need just enough spam TXOs to make sure the specific age range of our target output is over represented in the target transaction.
4. Key image analysis: TXO1 is included in a transaction where we recognise enough spent outputs among decoys (because we aggregate data with exchanges that give us the key images of their spent TXOs)
5. A combination of the 4 methods listed so far can pretty much deanonymize any Monero transaction.

None of these attack vectors are possible on Dero, because it uses the account model with homomorphic encryption. Some will argue that today, since Dero has sender and receiver rings, a spam attack can still do damage. However, even with rings, a spam attack (alone) still does trivial damage thanks to homomorphic encryption because you still have no way of knowing which one is the sender or the receiver ring. So even if we see an account we recognize in a transaction, we've no idea if our target is receiving money or spending (whether it's spender or receiver ring). Moreover, while in Monero a TXO has to be emptied every time it's spent, in Dero accounts are simply updated and can be updated multiple times. So a spam attack provides trivial information about a transaction on Dero, while on Monero a spam attack alone can be fatal.

In other words, Monero has no receiver privacy and no sender privacy.

Need to trace Monero? Look no further, a new unicorn has entered the Monero tracing scene: Naxo LLC.

According to its website, Naxo, whose founders seem to be former law enforcement agents, specializes in investigating alternative currencies not supported by commercially available blockchain investigative tools. That sounds like code for: be prepared to pay a premium.

Two months ago Naxo publicly announced that they purchased Moonstone Research (for an undisclosed amount). I've written about Moonstone Research and Justin's likely connection to Chainalysis before. Speaking of Justin, Naxo says (among others) Justin also has extensive experience developing and supporting compliance programs, most notably at DV Chain and Cake Wallet where he spent the early part of his career. [...] At Moonstone, Justin developed the company’s flagship product, Crescent Discovery, which helps investigative teams deanonymize Monero transactions. Justin was VP of Operations at Cake Wallet for 2 years from 2021 until 2023 before launching MR. And by the way, Cake wallet's code is not reproducible (maybe for compliance reasons? 🤷‍♂️).

Tracing Monero requires aggregating various data that exchanges report quarterly to Chainalysis. Moreover, Chainalysis is likely the owner or co-owner of a sybil network of at least 11 300 Monero nodes. This network was accidently exposed during Tari's XMR merge mining launch (which was promoted in unison by all Cake wallet employees). Spy nodes help collect offchain metadata that make Monero cheaper to trace.

Contrary to Moonstone Research, which was run by Justin alone and lacked the credibility to attract serious customers, Naxo has many former seasoned LE agents in its ranks so I can totally recommend Naxo if you need to trace Monero. Also, there is no data on who funds Naxo, but they attend Chainalysis conferences in NYC so I'm sure they have access to all the deep capabilities of Chainalysis and/or Palantir. They also seem much more approachable than Chainalysis, perfect for smaller customers that want Monero tracing without the red tape. So if you're in the market for tracing XMR, I'd go for Naxo.

As a potential customer and privacy activitst, I give Naxo full 5 stars. ⭐️⭐️⭐️⭐️⭐️

Lockbit's affiliate admin panel was hacked last month. The leaked database (which refers to activity from December 18, 2024 to April 29, 2025) paints an interesting picture of what percentage of blackhat hackers favors Monero over Bitcoin today (tldr: max 35%).

So what's Lockbit? It's a Russian criminal enterprise that offers ransomware as a service (RaaS) to blackhat hackers. These hackers don't disclose responsibly the vulnerabilities they find but opt to exploit and blackmail their victims. Hackers who wish to use Lockbit's ransomware must register on Lockbit and pay a one time $777 registration fee. When they successfully penetrate a target, they deploy Lockbit's ransomware to encrypt everything and start negotiating with the victim for a payment (ransom) in exchange for the decryption key of the data. If the victim doesn't pay then the data is published online. If the ransom is successful (ie: victim pays) Lockbit receives 20% of the ransom, while the hacker takes 80%.

In the registration process Lockbit requires its affiliates to pick one payment option, either BTC or XMR (not both). Once registrants pick an option then a unique registration address is generated where they need to send their payment to have access to Lockbit's ransomware panel. Based on data from the past 6 months that was just leaked (the best data available today), only 35% opted for XMR (1335) while 65% (2338) opted for BTC. Considering also that this is not the currency of the ransom to be paid, but the currency with which to pay a $777 registration fee, liquidity has no impact but is merely a question of what these blackhat hackers consider more private. As of today, the vast majority of blackhat hackers consider BTC to be more private than XMR.

If your tech is not private then the word gets out one way or another. Even if your propaganda/censorship machine is impeccable in appearance, peer to peer real life stories kick in at some point. Today, however, there are also plenty of public reports of Monero being traced, dating back from 2017 (Lazarus) till 2024 (Yuta Kobayashi). The technical explanation is simple: monero has no receiver privacy and senders can be exposed through a combination of data derived from OSPEAD analysis, cluster analysis, spam attack, key image analysis and spy nodes (explained in-depth here).

🚨Interpol just took down Monero-only Darknet Market Archetyp by tracing financial flows. In its 5 years of activity Archetyp amassed 612,000 users and a total transactions volume of over $289m (in XMR). While you can find the full Interpol PR here, here is a noteworthy quote:

By tracing financial flows (Archetyp was a Monero-only DNM), analysing digital forensic evidence, and working closely with partners on the ground, authorities were able to deliver a decisive blow to one of the most prolific drug markets on the dark web.

Archetyp's admin was arrested in Barcelona and other top vendors are being hunted down in Sweden and Germany. Like I've been arguing for a while, DNMs are honeypots and, as Monero's crime marketing suggests, Palantir/Chainalysis likely play a key role. Crime marketing consists of openly encouraging people to commit crimes with Monero (such as selling drugs online) with the promise of impunity (something Monero influencers do a lot). Chainalysis/Palantir then generate ROI by offering premium tracing services to LE to catch the criminals of their own making.

By the way, in March 2025 Chainalysis was sued by bankrupt crypto lender Celsius over 'sham audit confirming $3.3B of AUM'. Just so you've an idea of their moral/ethical compass.

To conclude, this piece of news only confirms what I've been saying for a long time and what advanced hackers (like those indirectly surveyed in the Lockbit admin panel leak) have known for a while: Monero is obsolete privacy tech turned honeypot by Chainalysis & Co.