Repost desde /r/monero, publicado por MasteringMonero:
MONERO SECURITY
For a couple of weeks now Monero is facing an orchestrated media campaign claiming a dubious 51% attack.
State actors (see Qubic’s ties for reference) use a mining pool that gathered up to 38% of the hashes to utilise a “selfish mining attack” that is known to work if one or more cooperating miners/pools reache roughly 1/3 of the hashrate.
Many people ask what they can do to help resolve the situation in the short, mid and long term.
Some people jump to fast conclusions that involve changing the PoW algo with unknown and potentially unintended consequences.
Calls for consenus change need to be taken very seriously, especially since it is understood to be a social engeneering attack vector in itself.
So the most obvious answer is honest mining by everybody who has a material or immaterial stake in Monero.
However there is an ongoing price suppression attack against Monero for well over half a decade using the biggest CEX to manipulate prices as low as possible - thanks to naked shorting (issuing paper coins) against their users claims.
This partially breaks miner incentives and has a direct impact on the global hashrate aka the security budget of the Monero network.
The most effective and easiest way may therefore be withdrawing all user owned Monero funds from CEX be it Kraken, KuCoin or Bitfinex (you shouldn’t use any other CEX anyways!)
Doing your part can be as easy as withdrawing coins to a wallet you yourself control and spread the message to other people, friends and family who might not be aware of the situation or their silent contribution to the ongoing attack.
STATISTICS
| DEX | Liquidity | |
|---|---|---|
| RetoSwap | 7.7K XMR (~$2.3M) | |
| Eigenwallet | 2.7 BTC (~$0.3M) |
STATE OF THE MONERO EXCHANGE ECOSYSTEM
Caveat: This is a well crafted, extensive list of all major exchanges dealing (or pretending to) in Monero.
If you can not find your go to exchange on this list treat it as “extremely high risk” and a potential scam.
This list gets updated as new information becomes available. At the end you will find some recommendations for exchanges and wallets.
USE CUSTODIAL CEX AKA “CRYPTOBANKS” WITH EXTREME CAUTION
Only day traders should use these third parties for their trading stack and ideally withdraw after closing a position.
Newcomers should make themselves comfortable with hardware wallets before buying on a CEX and always and immediately withdraw, what they bought.
| Custodial CEX | Fractional reserve risk | XMR status - AVOID |
|---|---|---|
 Gate |
Extremely high  + KYC risk + Scam alert  (“delisted” 12/2024) |
 withdrawals closed > months *KYC since 01/24 |
| HitBTC |
Extremely high + Scam alert |
withdrawals closed > years |
| Huobi/HTX |
Extremely high + Scam alert |
withdrawals closed > months (despite claims of being “operational”; delisted 09/22, but since “relisted” a trading pair) |
| MEXC |
Extremely high + KYC risk + Scam alert |
withdrawals closed > months incidents with XMR, partial *KYC since 02/24 |
| Poloniex |
Extremely high + Scam alert |
withdrawals closed > years (despite claims of being “operational”) |
| WhiteBIT |
Extremely high + Scam alert |
withdrawals closed > months |
| XT.COM |
Extremely high + KYC risk + Scam alert |
withdrawals closed > months incidents with XMR |
| CoinEx | Extremely high + KYC risk |
withdrawals closed > months incidents with XMR, ARRR, *KYC since 01/24 |
| KuCoin | Extremely high + KYC risk |
withdrawals closed > months regular incidents with XMR, *KYC since 01/24 |
| NonLogs | Extremely high |
relatively unknown, centralized server , untrusted operator |
| withdrawals permanently closed (despite claims to be open for 3 months from delisting) |
||
| withdrawals permanently closed (despite claims to be open for 2 months from delisting) |
||
| withdrawals permanently closed (despite claims to be open for 1 week from delisting) |
||
| Custodial CEX | Fractional reserve risk | XMR status - USE WITH EXTREME CAUTION |
|---|---|---|
| Bitfinex | High + KYC risk |
incidents with XMR |
| Tradeogre |
+ Scam alert (non-operational 07/2025) |
| Custodial CEX | Fractional reserve risk | XMR status - USE WITH CAUTION |
|---|---|---|
| Kraken | Medium + KYC risk |
deposits and witdrawals limited, delisted in EU, UK, JP, AUS, UAE, CA |
| withdrawals permanently closed |
| Custodial CEX | Fractional reserve risk | XMR status - USE IF ANONYMITY IS NOT A CONCERN |
|---|---|---|
| n/a | n/a | n/a |
USE NON-CUSTODIAL CEX AKA “INSTANT SWAP EXCHANGES” WITH CAUTION
Centralized instant swap exchanges come with their own set of problems.
Despite them ideally being just one step between a trade from one self-custodial wallet to another they still function as a third party that can hold or freeze transactions temporarily or permanently.
To combat KYC and confiscation/theft of funds risk it is recommended to use them only for smaller amounts. Taking risks into account they can be used to route around CEX/CRYPTOBANKS.
Be aware that instant swap exchanges often come with higher fees, shotgun KYC or are selective scams like “Changelly”.
Most of them depend on external liquidity (or are fronts for CEX), which means they will halt or freeze trades just as often as CEX (main culprits are ChangeNow and FixedFloat).
In times of bigger market movements many of those sites will abandon trades that are not favorable to them.
You can use an aggregator like Trocador.app (
.onion / .i2p) that has a security bond for transactions of up to $1000 and gives you a clear indication about competitive pricing and KYC risk. Another aggregator is CypherGoat ( .onion / .i2p)
Other reputable resources to evaluate exchange risk are
- kycnot.me ( .onion /
- orangefren.com ( .onion / .i2p)
| Non-custodial CEX | Instant exchange risk | status - AVOID |
|---|---|---|
| Changelly |
Extremely high + Scam alert |
confirmed selective scam |
| Moleswap |
Extremely high |
confirmed scam, relatively unknown |
| SwapPix |
Extremely high + KYC risk + Scam alert |
confirmed selective KYC scam, relatively unknown |
| Swapuz |
Extremely high + KYC risk + Scam alert |
confirmed selective KYC scam |
| Alfacash | Extremely high |
potential scam, proof of reserves, own liquidity pool |
| BitSwitsch | Extremely high + KYC risk |
relatively unknown |
| CCE Cash | Extremely high + KYC risk |
relatively unknown |
| ChainSwap | Extremely high + KYC risk |
relatively unknown |
| Changee | Extremely high + KYC risk |
relatively unknown |
| ChangeHero | Extremely high + KYC risk |
relatively unknown |
| ChangeNow | Extremely high + KYC risk |
confirmed selective KYC scam, liquidity problems with long holds on funds |
| ChipEX | Extremely high + KYC risk |
relatively unknown |
| CoinCraddle | Extremely high + KYC risk |
relatively unknown |
| CoinSpace | Extremely high |
one way (buy XMR only) |
| CoinSwap.click | Extremely high + KYC risk |
MITM attack risk via clearnet (Cloudflare), relatively unknown |
| CrowSwap | Extremely high |
potential scam, relatively unknown, proof of reserves, own liquidity pool |
| Exchang.io | Extremely high + KYC risk |
relatively unknown |
| ExWell | Extremely high + KYC risk |
relatively unknown |
| FairTrade ( .onion) |
Extremely high |
Tor only, relatively unknown |
| FixedFloat | Extremely high + KYC risk |
liquidity problems (has been halting Monero operations for months, before) |
| GoExme | Extremely high + KYC risk |
relatively unknown |
| Hellex | Extremely high + KYC risk |
relatively unknown |
| Nanswap | Extremely high + KYC risk |
relatively unknown |
| Ninja.Exchange | Extremely high |
relatively unknown |
| OctoSwap | Extremely high + KYC risk |
relatively unknown |
| Pegasusswap | Extremely high + KYC risk |
relatively unknown |
| Quickex | Extremely high + KYC risk |
relatively unknown |
| SecureShift | Extremely high + KYC risk |
relatively unknown |
| ShapeBTC | Extremely high + KYC risk |
relatively unknown |
| Silent.Exchange | Extremely high + KYC risk |
relatively unknown |
| Soldinchange | Extremely high + KYC risk |
relatively unknown |
| Swaponix | Extremely high + KYC risk |
relatively unknown |
| SwapSwop | Extremely high + KYC risk |
relatively unknown |
| Swapter | Extremely high + KYC risk |
potential scam, liquidity problems |
| VigorSwap ( .onion) |
Extremely high |
relatively unknown |
| XGram | Extremely high + KYC risk |
relatively unknown |
| Zeroslip | Extremely high |
potential scam, relatively unknown |
| .onion) |
(winded down 07/2025) |
potential scam, inconsistencies |
| (exit scammed 05/2025) |
| Non-custodial CEX | Instant exchange risk | status - USE WITH EXTREME CAUTION |
|---|---|---|
| AtomicMonero | High |
unresolved incident, “trusted” atomic swaps |
| Exolix | High + KYC risk |
|
| Godex | High + KYC risk |
liquidity problems |
| Houdini Swap | High + KYC risk |
|
| Letsexchange | High |
liquidity problems, blocks Tor |
| NonKYC | High |
proof of reserves, own liquidity pool |
| SimpleSwap | High + KYC risk |
|
| StealthEX | High + KYC risk |
|
| XChange.me ( .onion) |
High |
MITM attack risk via clearnet (Cloudflare) |
| (delisted 07/2025) |
||
| (winded down 10/2024) |
||
| (winded down 04/2022) |
| Non-custodial CEX | Instant exchange risk | status - USE WITH CAUTION |
|---|---|---|
| BitcoinVN | Medium | no known incidents, own liquidity pool |
| Wizardswap ( .onion) |
Medium | no known incidents, proof of reserves, own liquidity pool |
| .onion) |
tainted BTC, ETH, no known incidents, proof of reserves, own liquidity pool |
|
| .onion) |
||
Satoshi taught us not to entrust our money with third parties.
Not your key, not your coins
Crypto is all about control over your own money. If you don’t self-custody, it means you entrust your stack, in some cases your life savings, with a third party that may or may not have ulterior motives, may or may not be a scam or may or may not be controlled or extorted by a rogue government.
The process of learning to become self-sovereign might include some pain. But as crypto history shows us, keeping “your” coins in the hands of a custodian is a 100% guarantee to set yourself and the community up for failure.
What exchanges to use then?
There are plenty of better (more secure, private, trustless) however still more inconvenient solutions that are preferable over using KYC/CEX. Those often come at a higher price as security and privacy have a price, but not necessarily at a lower speed. Indeed starting from zero, signing-up for a cumbersome and intimidating KYC process will often take days or weeks sometimes placing holds on funds while a DEX like Haveno will give you access to coins in under an hour and coming at the benefit of not giving up your right to privacy.
| Exchanges | Trust level | Exchange method | Remarks |
|---|---|---|---|
| BasicSwapDEX | High | Desktop Atomic swaps | open source,  trustless |
| Bisq v1 | High | Desktop P2P DEX ( Tor only) |
open source, TailsOS support, escrow + security deposit, arbitration |
| Eigenwallet fka UnstoppableSwap ( .onion) |
High | Desktop Atomic swaps | open source, trustless |
| RetoSwap (based on Haveno) | High | Desktop P2P DEX ( Tor only) |
open source, TailsOS support, escrow + security deposit, arbitration |
| Robosats ( .onion) |
Medium | Web P2P market | open source, “Lightning network” based market place |
| Paxful | Medium | Web P2P market | centralized server |
| AxeSwap | Experimental | Atomic swaps | open source, orderbook trading |
| DawnSwap (based on Haveno) | Low (*relatively new) | Desktop P2P DEX ( Tor only) |
open source, TailsOS support, escrow + security deposit, arbitration |
| SeraiDEX (alpha) | n/a | AMM (automatic market makers) | open source, liquidity providers exposed to potential hacks |
| .onion / .i2p) |
, closed down |
||
| .onion / .i2p) |
, closed down |
||
| trustless |
Not trusted - AVOID until further notice
| Exchanges | Trust level | Exchange method | Remarks |
|---|---|---|---|
| Bitania ( .onion) |
Low | Web P2P market | relatively unknown, centralized server , untrusted operator |
| Bitpapa | Low | Web P2P market | relatively unknown, centralized server , untrusted operator |
| Bitrica ( .onion) |
Low | Web P2P market | relatively unknown, centralized server , untrusted operator |
| OpenMonero ( .onion / .i2p) |
Low | Mobile, Web P2P market | open source, relatively unknown, centralized server , untrusted operator, hacked and deposits stolen |
| XMRGlobal ( .onion) |
Low | Web P2P market | relatively unknown, centralized server , untrusted operator |
Alternative ways of acquiring Monero
It may sound strange to list alternative methods of acquiring Monero in a post about exchanges.
However it can not be repeated enough that Monero as electronic cash is not dependent on any exchanges.
You can acquire it by various different means e.g. by mining or by offering services or products like with every other currency.
The Monero community actively encourages the use as currency in every day transactions to make a circular economy happen for everybody.
| Software / Service | Trust level | Method | Remarks |
|---|---|---|---|
| Gupax | High | Mining (“buy” via electricity) | trustless, P2Ppool support |
| Gupaxx | High | Mining (“buy” via electricity) | trustless, P2Ppool support |
| XMRrig | High | Mining (“buy” via electricity) | trustless |
| Monero GUI | High | Mining (“buy” via electricity) | trustless, P2Ppool support, significantly less efficient than the other options |
| xmrbazaar | High | Earning (“buy” via products and services) | uses escrow to avoid scams |
What can you do?
If you are into cryptocurrencies for more than just some side gamble you really want to learn how to use the right tools to manage your money in a self-sovereign and self-custodial way.
The more people learn about the risks involved and how to mitigate them the better for you and the health of the whole ecosystem.
Self-sovereignty starts with the wallet you use.
*Be aware that different risks apply to the security of your operating system.
To learn more about operational security the OPSEC Bible (Tor) is a great place to start for beginners and security professionals alike.
Do not store significant amounts on desktop, mobile or web wallets! Always use an air-gapped storage method for significant amounts.
| Wallet | Trust level | Type | Remarks |
|---|---|---|---|
| AnonNero | High | Mobile, Hardware | open source, air-gapped |
| CakeWallet / Monero.com | High | Mobile, Desktop | .onion support, open source, Ledger support |
| Featherwallet ( .onion / .i2p) |
High | Desktop | .onion support, open source, TailsOS support, Trezor, Ledger support |
| KeepKey | High | Hardware | open source |
| MMGen Wallet ( .onion / .i2p) |
High | Desktop | open source |
| Monero CLI | High | Server, Desktop | .onion / .i2p support, open source, Trezor, Ledger support |
| Monero GUI | High | Desktop | .onion / .i2p support, open source, Trezor, Ledger support |
| Monerujo | High | Mobile | .onion support, open source, Ledger support |
| Monfluo fka MySu | High | Mobile | .onion / .i2p support, open source |
| Passport Prime | High | Hardware | open source |
| StackWallet / Stack Duo | High | Mobile, Desktop | .onion support, open source |
| Trezor | High | Hardware | open source |
| XMRSigner | High | Hardware | open source, air-gapped |
| Coin Wallet ( .onion) |
Medium | Mobile, Desktop, Web | .onion support, open source |
| Edge | Medium | Mobile | open source, privacy risk / exposure of viewkeys (use with your own LWS instance instead), no seed generation (trusted self-custody) |
| Ledger | Medium | Hardware | not open source, “Ledger Recovery” has potential access to your seeds (except abanoned Nano S) |
| MyMonero | Medium | Mobile, Desktop, Web | open source, privacy risk / exposure of viewkeys (use with your own LWS instance instead) |
| Unstoppable Wallet | Medium | Mobile | open source, privacy risk due to built in trackers |
| XMRWallet.com ( .onion) |
Medium | Mobile, Web | open source, privacy risk / exposure of viewkeys (use with your own LWS instance instead), be ware the affinity scams, no updates > 1 year |
| Cupcake (beta) | Experimental | Mobile | open source, air-gapped |
| Cuprate (beta) | Experimental | Server, Desktop | open source, Rust Monero implementation |
Not trusted - AVOID until further notice
| Wallet | Trust level | Type | Remarks |
|---|---|---|---|
| FreeWallet |
Extremely low + Scam alert |
Mobile | known scam |
| EliteWallet | Extremely Low | Mobile | inconsistencies / potential scam, no updates > 1 year |
| AtomicWallet | Low | Mobile, Desktop, Web | not open source, > $100M funds got lost in hack |
| Coinomi | Low | Mobile, Desktop, Web | not open source |
| Guarda | Low | Mobile, Desktop, Web | not open source |
| not open source, Trezor, Ledger support |
|||
| not open source, Trezor, Ledger support |