Monero activity has remained steady even after major cryptocurrency exchanges pushed the privacy coin off their platforms, according to a recent study from TRM Labs.
The data shows that transaction usage in 2024 and 2025 remained higher than before 2022, suggesting that demand has not waned even after many gigantic trading platforms removed or restricted the token due to traceability concerns, TRM Labs he said.
In 2024, major exchanges including Binance and Kraken decided to delist or phase out Monero (XMR) due to compliance concerns. Pressure increased this year when Dubai’s financial regulator banned the employ of privacy coins such as Monero and Zcash (ZEC) on licensed platforms in the Dubai International Financial Center (DIFC).
The findings also revealed that Bitcoin (BTC) remains the primary currency for real-world ransom payments. Ransomware operators often demand Monero and sometimes offer discounts for it, but victims still pay in Bitcoin.
However, darknet markets seem to be heading in the opposite direction. Researchers found that 48% of newly launched darknet markets in 2025 were exclusively Monero-powered, a “significant increase compared to previous years,” the report said.
Related: What Dubai ban on Monero and Zcash signals for regulated cryptocurrencies
Monero’s privacy is preserved, but the network may reveal clues
While Monero’s cryptography hides the sender, recipient and amount, researchers have gone beyond the blockchain to examine how the network moves transactions across the Internet. They found that approximately 14% to 15% of Monero nodes were behaving differently than expected, showing unusual timing patterns and connections clustered on certain servers.
This behavior does not mean that the network has been hacked. Instead, it suggests that some operators can run multiple connected nodes that can watch as a transaction spreads through the system. In peer-to-peer networks, computers that see a transaction before others can get clues about its source.
“While the cryptography on the Monero blockchain remains unchanged, the behavior of the network may impact the theoretical properties of anonymity if observers can see message propagation,” the report said.
Related: Why privacy coins often show up in post-hack fund flows
Monero update targets ‘spying nodes’
In October 2025, Monero released a recent software update called Fluorine Fermi (v0.18.4.3) aimed at improving user privacy and network security. The update introduced a better peer selection system that steers wallets away from suspicious parts of the network and towards more secure nodes.
The update focuses on protection against so-called “spy nodes” – a term used in the Monero community to refer to nodes or groups of nodes that attempt to associate transactions with users’ IP addresses. These nodes do not break Monero’s encryption, but they can observe how transactions move around the network.
Online privacy issues have been discussed for years. The issue gained more attention after a leaked video from 2024 suggested that investigators could monitor activity through their own nodes, sparking debate in the crypto community.
Warehouse: Bitget’s Gracy Chen is looking for “entrepreneurs, not wannabe entrepreneurs”
