Monero – the Bitcoin of the Darknet

Bitcoins are the currency of choice when it comes to Darknet markets.

Darknet marketplaces, which are online stores on the Darknet, are shopping stops for drugs, credentials, weapons, hacking services, and other illegal services and goods. Bitcoin has historically been the barter medium of choice, but that is starting to change.

Users of Zion Market, Darknet Wall Street, Trade Route, and Majestic Garden (all Darknet marketplaces) have noticed an increase in sellers preferring Monero over other types of cryptocurrency.

Many cybercrime marketplaces have accepted Monero, Etherium, Litecoin, Zcash, and many other currencies. It was less than a decade ago when criminals preferred WebMoney or Reloadit gift cards. However, the value and the anonymity of cryptocurrency has created a radical shift in payment types. In October of 2017, a brand new Darknet marketplace called Libertas would only accept Monero as the supported currency for purchases.

Bitcoin has historically dominated the space as far as the preferred cryptocurrency.  However, Bitcoin is not anonymous. A distributed blockchain keeps track of all transactions, essentially making it a public ledger. Normally you only see wallet addresses and not personally identifiable information within the information available on the Bitcoin blockchain. Law enforcement is changing that by getting smarter about linking identities to Bitcoin wallets. Furthermore, if you wish to trade your Bitcoin for paper-based currency, you have to go through an exchange. These service providers often require identification or some form of identity verification, which exposes the Bitcoin holder.

Many people who use Monero believe it provides better privacy protection than Bitcoin. Your Monero address never appears on the underlying blockchain. How does this work?

When someone sends you Monero, they use your wallet address to generate a new one-time address that only you can spend from. This is known as a stealth address. These addresses essentially look the same, making it difficult (or nearly impossible) to track the money flow. Your Monero wallet searches the blockchain for the stealth addresses that belong to you.

When you decide to use your Monero currency by sending payment to another Monero wallet, you (sort of) mix your stealth address with a couple of random ones the other person owns. This creates a new stealth address owned by the recipient, and you simply complete the transaction to that newly created address.

Today, Monero protects sender and recipient privacy in the associated blockchain operation by hiding the underlying identities. However, it is still possible to see the amounts sent in each transaction. Additionally, if someone is monitoring the blockchain transaction they could potentially record the IP address of each party involved in the transaction. This could possibly reveal the identity of the participants. It is a problem for those wishing to remain completely anonymous.

There is a proposed solution in the works for Monero that adds additional layers of privacy to solve this potential IP issue. RingCT stands for Ring Confidential Transactions, and it is currently being tested in a network environment. Other solutions, such as project Kovri, implement Monero using anonymization techniques and networks such as the Invisible Internet Project (I2P) that hides IP addresses during transactions.

Monero is also getting to be more valuable to cybercriminals. A new wave of malware is essentially hijacking computer systems in order to mine the cryptocurrency. The criminals are not necessarily after the CPU. Graphics processors (GPUs) can also be used to perform complex blockchain operations, netting profits for cybercriminals. High-end video gaming systems can be used to mine cryptocurrency by using this approach.

Obviously using a single computer is not very effective for mining purposes, but if a criminal can take over thousands (or even millions) of systems, the profits can be quite lucrative. One example of this is the Zealot malware campaign. In September 2017, We Live Security reported about a new form of malware being installed on Web servers and infecting victim machines to mine for Monero.

Back to the topic….it is easy to understand why attackers might choose Monero as the cryptocurrency of choice. Monero is extremely difficult to trace, and mining favors computer or server CPUs and GPUs. This is in contrast to specialized hardware needed for Bitcoin mining.