Monero Activity Holds After Delistings, Study Flags Network Behavior
Monero activity has remained steady even as major cryptocurrency exchanges have pushed the privacy coin off their platforms, according to new research by TRM Labs.
Data shows transaction usage in 2024 and 2025 stayed above levels seen before 2022, suggesting demand did not fade even after many big trading platforms removed or restricted the token over traceability concerns, TRM Labs said.
In 2024, major exchanges, including Binance and Kraken, moved to delist or phase out Monero (XMR) over compliance concerns. Pressure increased this year when Dubai’s financial regulator banned privacy coins like Monero and Zcash (ZEC) on licensed platforms in the Dubai International Financial Centre (DIFC).
The findings also revealed that Bitcoin (BTC) remains the primary currency for real-world ransom payments. Ransomware operators often request Monero and sometimes offer discounts for it, but victims still tend to pay in Bitcoin.
However, darknet marketplaces appear to be moving in the opposite direction. Researchers found that 48% of newly launched darknet markets in 2025 supported only Monero, a “notable increase compared to earlier years,” the report said.
Related: What Dubai’s ban on Monero and Zcash signals for regulated crypto
Monero’s privacy holds, but network may reveal clues
While Monero’s cryptography hides the sender, recipient and amount, researchers looked beyond the blockchain to examine how the network carries transactions across the internet. They found that about 14% to 15% of Monero nodes behaved differently than expected, showing unusual timing patterns and connections clustered on certain servers.
Such behavior does not mean the network was hacked. Instead, it suggests some operators may run many connected nodes that can watch how a transaction spreads through the system. In peer-to-peer networks, computers that see a transaction earlier than others may gain clues about where it came from.
“Although Monero’s on-chain cryptography remains unchanged, network behavior can impact theoretical anonymity properties if observers can see message propagation,” the report said.
Related: Why privacy coins often appear in post-hack fund flows
Monero update targets “spy nodes”
In October 2025, Monero released a new software update called Fluorine Fermi (v0.18.4.3) aimed at improving user privacy and network security. The update introduced a better peer-selection system that steers wallets away from suspicious parts of the network and toward safer nodes.
The upgrade focuses on protecting against so-called “spy nodes,” a term used in the Monero community for nodes or groups of nodes that try to link transactions to users’ IP addresses. These nodes do not break Monero’s encryption but may observe how transactions travel across the network.
Privacy concerns around the network have been discussed for years. The issue gained more attention after a leaked 2024 video suggested investigators could monitor activity through their own nodes, sparking debate in the crypto community.
Magazine: Bitget’s Gracy Chen is looking for ‘entrepreneurs, not wantrepreneurs’
