Monero — An Authoritarian’s Nightmare
TL;DR. Ecology:6. Technology:7. Decentralization:6. Valuation:6. Rating:6/10
The Large and Small Mutiny
Monero has a long and interesting history, intertwined with other blockchains that are still operating to this very day. It all started with a bitcointalk.org thread by user DStrange on the 12th of March 2014. The post brought up a secretive cryptocurrency named Bytecoin, and BD Ratings has previously written extensively about that project. In short, the coin was based on the new, privacy focused CryptoNote technology. Using the memory-bound CryptoNight Proof-of-Work (PoW) consensus algorithm made the mining process CPU-friendly and thus ASIC (Application-Specific Integrated Circuits) resistant. Anyone interested in a more detailed write-up on Bytecoin's beginnings should read the mentioned articles, as well as the famous investigation by BCT user rethink-your-strategy.
As DStrange posted and interacted in his new BCT thread, around 82% of all Bytecoin had already been mined. That was what prompted other interested thread participants to question the legitimacy of Bytecoin and suggest cloning the code base in order to re-set the coin distribution in a new blockchain. With Bitcoin, anyone could more or less decide to mine early since the project was public from the very first block. With Bytecoin, the public could only take note once a large majority of all BCN had already been mined. User thankful_for_today started a new BCT thread that announced Bitmonero - a CryptoNote based copy of Bytecoin with a complete chain reset in order to achieve the sought after fair coin distribution. This occurred 9th of April 2014, less than a month after DStrange made the public aware of Bytecoin.
A Bitmonero genesis block got published on April 18th, 2014. Some tweaks had been made in the utilized Bytecoin code, resulting in a much lower supply than Bytecoin's ~185B coins. As the rushed launch proceeded, voices were raised over multiple issues with how it was done. The network launched without any GUI, meaning less tech-savvy miners were excluded. There was no vote on the name Bitmonero either which was not well received by some. And lastly, the reduced block time from two minutes to one minute was an initial subject of discussion as well, yet thankful_for_today ignored that and went ahead with the parameter change without fully elaborating on his choice.
After only operating for a couple of days, the Bitmonero blockchain came to a halt as a bug in the block generation code prohibited a specific block to get accepted by the network. The Bitmonero client was promptly patched and the transaction causing the problems could be confirmed. A small, growing community initiated the first Bitmonero OTC trades while setting its eyes on plans for open source pool software, a GUI wallet, a faucet and exchange listings. Hash rate slowly came trickling from Bytecoin miners.
On April 20th 2014, the Bitmonero fork HoneyPenny was announced by crypto_zoidberg. The project, later renamed Boolberry, made changes to the PoW mechanism as well as included a developer tax. Only 4 days later, a new thread showed up with a proposal to rename Bitmonero to simply Monero - Esperanto for the word money. As thankful_for_today barely interacted with the Bitmonero thread participants anymore, early supporters and contributors like smooth, tacotime and eizh converged on the new Monero thread instead. A while later, the break with thankful_for_today became apparent for everyone. The small mutiny was over with barely a fight.
As soon as consensus formed around the name Monero (XMR), an emission curve bug was found. The main implication of the bug was that XMR coins were minted at twice the planned pace, which in practice caused the emission curve to get more skewed than for example Bitcoin's. As the main rationale for 're-starting' a chain with essentially Bytecoin's code base was the large premine, this bug had the initial unfortunate effect of casting small doubts on the initial mining of Monero as well, even though total mintage at the time was minuscule compared to future supply. Developers started thinking about fair solutions to the unwanted emission curve change while yet another Monero thread was posted, in the proper place on BCT this time.
Diamonds - Non-fungible due to differences in size, color, cut and legality of labor input for extraction. Only with complete untraceability can Monero be fully fungible.
Only 2 days later on the 26th of April 2014, JointEffort Coin, later renamed FantomCoin, was announced as a CryptoNote coin with Bytecoin and Monero merge mining capabilities. The launch was supported by thankful_for_today, as well as multiple sock puppets that BD Ratings previously mapped in its Bytecoin research. It was now evident that there was a struggle going on for the vacuum created from Bytecoin's premine failure. Around this time, Monero total hashrate overtook that of its tainted mother chain. Monero was also listed on an exchange for the first time.
In June 2014, updates to the Monero client made deterministic wallets based on a mnemonic seed possible. That meant a user, when creating a new wallet, also got 24 words that could be used to fully restore it. In yet another update, the Monero team announced the first professional peer review of the whitepaper. Some new features on the Boolberry chain was integrated to Monero as well.
Attacks, Sockpuppets and Governance
The late summer saw spam attacks on Monero. On 4th of September 2014, a bug in the Monero code base was exploited by an attacker and caused the blockchain to unintentionally fork into two. Exchanges quickly halted XMR trading while Monero core developers started an investigation in what had happened. Blockchain security expert Peter Todd came out criticizing the CryptoNote code base for being messy. One interesting aspect of the exploit is that it was perceived by many to be advanced enough to come from the anonymous CryptoNote creators themselves, or at least from a team extremely well versed with the code base. There were no evidence of this however. The 0.8.8.3 emergency release countered the attack. On September 20th, BCT user BitcoinEXpress threatened to exploit a fatal bug in the Monero code base, which resulted in an immediate price crash. Panic spread among some Monero supporters while core developers demanded evidence of the threat actually being real. The attack never happened.
A couple of months later, a per-kb feature was implemented with the 0.8.8.5 release, making Monero transaction fees less static. In May 2015, fluffypony and the rest of the team started to formalize aspects of Monero governance. In July 2015, unknown miners obtained more than 50% of current hash rate, which caused alarm for some. Yet, 'unknown' did not equal a single miner or mining pool so no real threat was actually proven to be true. 2015 also saw progress with Kovri, a project aiming to sever the link of nodes broadcasting transactions and their IP addresses. Other than these developments, 2015 was a somewhat quiet year for Monero. No new release came out.
2015 was however, as indicated above, the year when Monero developers started to think hard about what type of governance - if any - they ought to apply to the project. The idea was that since it was common knowledge that the Monero blockchain had to hardfork in the future to achieve stronger fungibility (for example through RingCT implementation), the community might as well set up some structure. Main scenario was a hardfork every 6 months, either around 15th of March or 15th of September. Consensus among the developers landed on a balance between community consensus on the one hand, and core developers acting as "benevolent dictators for life" on the other. In other words, something in between "design by committee", and "design by Wikipedia", as the team put it in the year-in-review missive. A process for implementing new ideas or features was implemented, and included community discussions as well as core team meetings with a formalized internal voting system.
The Code Base gets Molded
On 1st of January 2016, version 0.9 (nicknamed Hydrogen Helix) was released. Major completed milestones were for example the move from an in-RAM database to a backend-agnostic blockchain database of the type that most full node operators have gotten used to today. Support was added for OpenAlias, a project aimed at decreasing the distance between complicated cryptocurrencies and new users by aliasing public addresses. A hard fork mechanism was implemented, and block time changed to 2 minutes -the setting the original CryptoNote developers had originally chosen. Lastly, two Monero Research Labs recommendations, MLR-0001 and MLR-0004 were implemented, strengthening defenses against untraceability degradation. In total, 922 commits worth of work by 9 contributors were implemented, resulting in probably the biggest release in Monero's history up until then.
Attacks on Monero continues, slowly leading to a more resilient code base.
Just two weeks after the major release, on January 15th 2016, Monero was attacked yet again. A specific check had been omitted that allowed for new-version blocks to be added to the network prior to the actual hard fork block height (which were to occur in March 2016). As the attacker intentionally published a new type of block (by tweaking client software) instead of waiting for the hardfork block height, the chain split in two: one where miners ran 0.9 and one where miners ran older software versions. A mandatory 0.9.1 release quickly got published, and seems to have included checkpoints.
As the planned March 2016 hardfork approached, vulnerabilities in 0.9.1 were discovered, which prompted the hasty release of 0.9.2 on March 17th. 5 days later, 0.9.3. was released to fix database corruption issues. Finally, the fourth bug fix release, 0.9.4, was released on April 2nd.
On September 19th 2016, the much anticipated 0.10.0 Wolfram Warptangent version of Monero was released. The major feature of the release was Ring Confidential Transactions (or RingCT), which not only hid the destination and origin of transactions but also the amount sent. Hardfork date was scheduled to January 2017 and would activate RingCT on mainnet. Such transactions would however not be enforced until another future upgrade. The release also included bug fixes, performance improvements and smarter packaging of the blockchain database.
In preparation for the RingCT hardfork, a 0.10.1 version was released on 13th of December 2016. Added features were paving way for GUI support, fully dynamic fees, as well as general RingCT performance improvements. The first beta of the Monero Core GUI was released soon thereafter, causing the threshold to join the network to shrink considerably. Since Monero was not simply a clone of Bitcoin, a GUI had to be built from scratch.
Further bug fixes and RingCT performance improvements was introduced in 0.10.2 on 23rd February, 2017. Preparing for a hardfork on April 15th, the Monero team released 0.10.3 less than a month prior to that event. The hardfork, including a modification of the dynamic block size limiter algorithm, became necessary after adoption of the optional RingCT feature had been higher than anticipated. Such transactions were large in size and therefore bloated blocks quicker.
In what has to be one of the most questionable timings in cryptocurrency history, Zcash and non-Zcash researchers released a Monero de-anonymization paper just hours before the planned April hardfork. This research seems to have built upon findings already known to and published by Monero core developers, who disagreed with the sensational spin put on the whole issue by cryptocurrency news outlets. An unofficial response to the published research can be found here.
Hyper-Inflation Threats and Better Anonymity
On May 17th 2017, a major CryptoNote bug was disclosed by Monero developers, affecting all coins built on that code base. It was discovered and patched in secret long before the disclosure in order to reduce the risk of having a bad actor exploiting it. The implications of the bug were every cryptocurrency project's worst nightmare - the possibility of undetected issuance of unlimited coins. Luckily, knowledge of the bug's nature made it possible to at least run retroactive checks on whether it had actually been exploited or not, and it hadn't. This event cast light on an issue that is especially relevant for privacy-focused cryptocurrencies; the way these blockchains are constructed makes it much harder to in a short period of time discover new, unplanned coin issuance. It has historically affected both Zcash and Monero.
Confederate General John B. Magruder, during the Siege of Yorktown, managed to successfully obfuscate the information on how large his force really was. By rotating and firing artillery pieces between different geographical locations, the enemy greatly overestimated Magruder's numbers.
On 7th of September 2017, the 0.11.0 release - nicknamed Helium Hydra - was released, paving the way for the planned hardfork on 15th of September. This hardfork made RingCT transactions mandatory, which practically enforced network anonymity for all participants. It also changed certain RingCT parameters (like minimum number of mixins/ring size) in an attempt to increase anonymity further, and added a Vulnerability Response Process with belonging bug bounties. 2017 ended with a clear goal in mind - the integration of Bulletproofs on Monero, with intended result of getting a much more efficient way to handle range proofs which at that time made up the bulk of a Monero transaction's size.
Bulletproofs and ASIC Threats
The stance of Monero core developers on ASIC resistance further formalized in early 2018. As the original CryptoNote developers early on understood that PoW networks could be vulnerable to centralization through the manufacture and use of ASIC's, they decided to code the memory bound CryptoNight algorithm to accompany the code base. By making the mining algorithm memory bound instead of just demanding SHA256 hashes, they inherently made it much harder (i.e. expensive) to create the application specific hardware, which practically resulted in a longer time frame where regular CPU and GPU mining could earn users coins. By continuing on this 'egalitarian' path of mining, Monero developers entrenched a type of decentralization (through a multitude of solo miners) where no single mining entity could too easily be ordered to stop or revert certain transactions. Furthermore, Monero developers also laid out a clear doctrine of emergency hardforks to curb any potential ASIC threat. This signaled to mining hardware manufacturers that their R&D might be better spent with focus on other cryptocurrencies in mind.
Another aspect of the Monero blockchain that in 2018 continued in its formalization was governance. It was argued that utter and complete decentralization was so far unfeasible, given factors such as Monero domains, management of the code base, stewarding donation funds, and having a coherent plan for the project going forward. With that said, the formalization also laid out general points on what power the Monero core developers ought not have. It was not diverting from how the project had been run earlier; the attempted balance between a committee of technical experts and a broader stakeholder community was still kept intact.
In March, follow-up research on Monero traceability was published. This research empirically detailed weaknesses mainly with how Monero mixin/decoy selection worked. In a response, Monero developers agreed with most findings. By including very old inputs as decoys, it became easier to guess which of the ring signature inputs were the real transaction (the newest one). Also, the inclusion of publicly de-anonymized outputs as decoys increased traceability probabilities as well. What Monero developers found puzzling however was the fact that the authors failed to report that most of found weaknesses had already been acknowledged, though maybe not yet accounted for in code.
In preparation for an April fork, Lithium Luna 0.12.0 was released to the public on March 24th, 2018. The version increases the minimum ring signature size from 5 to 7 (meaning 6 mixins/decoys) while also tweaking the PoW algorithm slightly to counter ASIC's. The PoW tweak can be considered the first fruit of the earlier mentioned Monero doctrine of ASIC resistance focus. Other welcomed additions were multisig support, initial support for Ledger Nano S and an initial Bulletproofs implementation on testnet. Bulletproofs did not only reduce general transaction size; by utilizing Non-Interactive Zero Knowledge Proofs, the scheme could also mitigate the need for a trusted setup akin to Zcash's Powers of Tao ceremony. The main trade-off for Monero in the case of Bulletproofs seems to have been a more time consuming verification of transactions. In any case, as the fork activated, Monero hashrate drastically decreased, indicating that the chain shook of a number of ASIC miners.
Monero anti-ASIC device. Miners, tread carefully.
After Lithium Luna, the Monero developers and community continued their focus on ASIC's and their implications on the integrity of Monero's CryptoNight consensus mechanism. Bulletproofs were also finally pushed towards mainnet with the Beryllium Bullet 0.13.0 release, published on October 11th, 2018. Due to this change, transaction size were estimated to decrease by 80%. The actual fork activated 7 days later, as planned. Additional improvements were a global increase of ringsize to 11, a second PoW algorithm update to counter ASIC's, as well as a number of bug fixes. 58 people contributed to the release.
2019 began with more concerns regarding mining pools and ASIC's. In a short period of time, the amount of 'unknown' (not known, public pools) hashrate on the network climbed considerably. More and more research pointed to ASIC's or so called FPGA's.
The Monero team also discussed the future implementation of optional pruning. Blockchain pruning is the mitigation of supposedly unnecessary data from local storage. The effect on Monero would be a blockchain size decrease from, in one given example, around 65GB of data to 25GB of data. Pruned nodes would still contribute to the total security and decentralization of the blockchain.
On the 25th of February 2019, Boron Butterfly 0.14.0 was released, preparing the network for an upgrade/hardfork on 9th of March. This major version included a third PoW change to CryptoNight-R, a new block weight algorithm to counter a 'big bang attack' vulnerability, more efficient RingCT signatures as well as bug fixes. Closely after the new software release, the Monero Vulnerability Response group received a disclosure of a wallet bug affecting mainly exchanges and other service providers. This vulnerability was quickly patched and are now included in the latest release. Finally, the FFS (Forum Funding System) got an upgrade and rebranded to Community Crowdfunding System (CCS).
At the time this article is published, Monero is just a day from hard forking. BD Ratings expects to see a sharp drop in total hashrate as ASIC's are temporarily bricked from the network.
The Monero network currently processes around 3000 transactions per day - a decline of around 70% from 2017 top levels. This is not indicative of Monero but a result of cold cryptocurrency markets in general. In any case, 3000 transactions per day is not that much considering the value of the project as a whole. Due to the untraceable nature of transactions, they are also larger and more expensive, which hinders total economic activity. It is possible to have second layer solutions on top of Monero, but they are so far no where in sight.
Stretching over 2000 pages, the Monero bitcointalk.org thread is a testimony to the level of awareness cryptocurrency enthusiasts share when it comes to the project. People even remotely interested in cryptocurrencies know about it, which is why it needs no marketing. Looking at the Monero subreddit, it is evidently very active, with a very high standard of what type of discussions are going on; there seems to be little of price discussion (relegated to other subreddits) and marketing in general, and more about future forks, client issues and ecosystem implications with regards to external events. Deeper research on the subject placed Monero at #4 most active cryptocurrency community. The relatively new tradition of having 'Skepticism Sundays' threads - places to discuss what is not great with Monero - is a welcome addition to the space.
As discussions on dishonesty usually falls under the Ecology section, BD Ratings wants to elaborate on a few things here. First off, Monero was born in the shadow of the probable 82% 'ninjamine' Bytecoin scam. The very logic of taking the CryptoNote codebase and restart with a new genesis block was to counter dishonesty and greed. A long red line of above-average ethical conduct has imprinted itself in the Monero ecosystem and there are few, if any, noteworthy examples of unsound developer behavior. For example, early on in the project's history, discussions were had about a small developer tax to fund core developers. No such schemes were ever implemented, and Monero developers in a vast majority of cases instead got funded by community members on a voluntary basis via the FFS. Additionally, the emission curve of Monero was early on modeled after Bitcoin, meaning early miners (and developers) did not see an abundance of supply hitting their addresses the first months following genesis block. This emission curve changed slightly due to a bug, suddenly causing XMR to be mined quicker than Bitcoin, but it still was not enough to alone concentrate XMR tokens in too few hands. Monero developers had a discussion how the issuance could be adjusted to the old, more conservative model, but as no consensus formed on the issue, they left it.
What are the chances that the Bitcoin ecosystem is to absorb economic activity from Monero after hypothetically implementing anonymity features? They are probably slim, as adding full fungibility for layer one Bitcoin transactions would demand large changes to the code base. Any large changes would likely cause a rift among the conservative Bitcoin stakeholders and consensus would be a very hard goal to achieve. No, BD Ratings is of the opinion that Monero will continue to be the leading initiative of privacy coins.
Reasons: Active community. Not a considerable number of on-chain transaction. Extremely good culture with regards to ethical development and conduct.
The number of active GitHub contributors is just one of many measurements on the technical capabilities of a cryptocurrency, but it is a start. It is evident that Monero has a large team, with as many as 40 active contributors interacting with the GitHub repositories. All GitHub contributors throughout the years number over 200. Worth mentioning is that these number ought to be in the lower end as some contributors are 'invisible' with regards to GitHub, and publish their contributions elsewhere. A longer list of Monero contributors can be found here. The number of commits seems stable enough as well.
Not only does Monero attract a large number of developers; already from its early years, focus has been on peer review by external academics. One version of the annotated CryptoNote whitepaper can be found here. The independent body of work by Monero Research Lab additionally strengthens the technical capabilities of the blockchain. Looking at Monero's history, it is evident that core developers accept logic and the scientific method in that they are quick to implement research recommendations, even when they come with a somewhat hostile delivery.
As the Monero codebase is around 5 years old at time of writing, it can be considered way above average battle tested. BD Ratings detailed multiple historical occurrences of attacks on the network - all of which has so far been thwarted. Further strengthening efforts have been made with smaller, voluntary bug bounties that have paid out regularly.
As the project was wrestled from thankful_for_today, the Monero developers inherited a never ending supply issuance. From a technical blockchain construction perspective, this may very well be necessary, especially for a blockchain that is currently nowhere near Bitcoin in its popularity and utilization. A constant block reward does come with the necessary planning for decades ahead, not just months or a few years.
The first technical issue BD Ratings has with Monero is the implications of its ASIC resistance doctrine. It should be underlined that from a decentralization point of view, the regularly scheduled hardforks including PoW changes is most probably a large net positive - something that is discussed later on in the article. From a technical standpoint however, each tweak of the PoW algorithm ought to come with a probability of unintended consequences. These tweaks are obviously conducted on a testnet first, but lacking enough economical incentives to seriously attack such a testnet, bugs might transfer over to mainnet and ultimately disrupt the network in a number of ways. The choice of how PoW should be tweaked might also become an issue of contention in the future, where a network split would be one worst case scenario.
Reasons: Active GitHub. Many active developers, among them academics. Peer review of certain code. Sound financial incentive plan for miners. Risk of unintended consequences with PoW changes.
The large number of code contributors effectively decentralizes Monero. It reduces the risk that a few good developers choosing to leave the project would result in a much weaker code base maintenance. Additionally, the fact that some of the core developers are anonymous counters legal attack surfaces as well where jurisdictions go after certain individuals.
Known mining pool hashrate distribution currently looks non-threatening. The worrying fact is however the 69% hashrate block that origins from unknown miners, which could consist of very few or many entities. This number can be confirmed through a second source.
If anyone doubted the initial effectiveness of the Monero ASIC resistance doctrine, that doubt should have eased as the first PoW tweak occurred in April 2018. As already mentioned earlier, total network hashrate quickly decreased by around 50%, which is both impressive and scary at the same time. The ASIC hash that disappeared was clearly powerful and possibly a threat to Monero's integrity. From a decentralization point of view, the formalization of these 'shake-offs' are increasing decentralization by protecting the chain against large ASIC manufacturing companies or their wealthy customers. But there are strong indications the strategy is not keeping up with reality, and that ASIC manufacturers recapture hashrate share quickly.
Well-known cryptocurrency researcher Emin Gun Sirer is of the opinion that ASIC resistance is undesirable, and he is not alone in viewing an ASIC resistance doctrine as a futile attempt. If said ASIC's have nowhere else to go than the chain they were built for, it can obviously make sense to accommodate them, but if they do, PoW changes can very well be the only option. BD Ratings is still of the opinion that far too little time has passed for the algo-change strategy to be deemed long term feasible. ASIC manufacturers might guess where the PoW tweaks are headed, they might try to bribe developers involved with PoW selection, or future PoW tweakers themselves might adjust the algorithm in a way that maximize own personal gain. The constant state of readiness the Monero core developers are in with regards to PoW changes is absolutely sub-optimal. It will be very interesting to see if the Autumn hardfork can apply a new PoW algorithm family to the network - RandomX being one example often mentioned.
Well-known cryptographer Greg Maxwell had, from a scaling point of view, early critique against Monero's ring signature scheme. His main point was that transactions utilizing ring signatures to mask the sender's identity had the obvious drawback of getting large in size, which is true. This was however long before Bulletproofs were implemented on Monero, and also long before blockchain pruning features were worked on. As with many concerns over blockchain scaling, innovativeness of smart developers have time and time again surprised us all with solutions. Obviously, BD Ratings is tracking the size of the Monero blockchain and how easy it is to run a full node (also non-pruned) in general. And so far, it should not concern us more than future possibilities of other aspects of centralization that are already more prevalent in the space.
On the issue of having just one implementation of Monero, BD Ratings does not come to the exact same conclusions as Monero developers. By having only one implementation, Monero favors blockchain security and reliability - both aspects that Peter Todd argued for as well when commenting on Ethereum's multi-implementation approach. It is certainly logical that multiple implementations increase the risk of unintentional consensus failures (forks). But from a decentralization point of view, having multiple, separate developer teams maintaining their own clients are favorable since it partly distributes the power that goes with socially delegated blockchain code base development and maintenance. In other words, the chosen setup makes Monero slightly more centralized to the benefit of blockchain stability and reliability.
Monero's continuous formalization of what can be considered 'weak governance' is in line with what BD Ratings deems a feasible model that strikes a balance between efficiency and decentralization. The Monero core developers have explicitly stated that they should not be seen as a central point of failure for the project, and that the community always ought to consider the possibility of 'taking' the project from them should they have gone rogue. In one recent post about governance, they clearly outline this option and likens it to an event from the project's inception, where thankful_for_today was ousted by the broader community.
In line with the weak governance model, developers have historically been self funded through FFS, which is an impressive feat in a sea of currencies with large pre-mines, mining taxes and top-down decisions of seignorage. By keeping funding separate from the inherent blockchain structure itself, Monero has managed to dispose of such points of possible future failures where entities systemically solidify control over funding channels.
Reasons: Large developer team with weak governance model. ASIC resistance doctrine. Project self funding through community efforts. Large, unknown hash.
Monero has no maximum supply like Bitcoin's 21 million. In practice however it makes no sense to focus on the 'infinite supply' property itself, but to instead look at the emission curve. Currently, almost 17 million XMR have been minted, and total new issuance is heading down towards very low numbers such as 1% of total supply, far below that of gold - by far the worlds most valuable decentralized value protocol. The continuous, disinflationary emission is not to be confused with a Keynesian setup, but should instead be seen as a pragmatic approach to uncertainties concerning a future fee market around empty block space. By having a continuous block reward, the mining subsidy is made permanent, ensuring some long term security for the blockchain at the expense of stakeholders storing value on the Monero value protocol. BD Ratings is very open to the possibility that this might be a better emission scheme than Bitcoin's, which is slightly more of a shot in the dark. No one can really predict all implications of a finite supply since there is no way to know how fast cryptocurrency adoption is coming.
With the above said, total Monero market cap at time of writing is around USD 854M. Accounting for supply issuance in the coming years, the total valuation is rounded up to around USD 1B, which puts Monero on approximately #13 on coinmarketcap.com. This is a slightly lower valuation than total Zcash valuation. Compared to Bitcoin, Monero marketcap amounts to around 1.5%, which still is a considerable value.
Unlike many, if not all, other major privacy coins, Monero transactions are mandatory private through the enforced RingCT scheme. This causes network participants to give up a small degree of freedom to the benefit of general privacy. The reason why this is accepted by the community is that public transactions with zero decoys decrease the untraceability also for transactions with decoys. So, by forcing all transactions to be private, Monero has, unlike most other coins, carved out a space for itself in the competition to become the go-to private value protocol.
There are not only positives with how Monero is attempting to create untraceable money. Should a bug cause someone to be able to issue new XMR from nowhere, the untraceability is obviously of great concern since it makes the whole affair much harder to deal with and then patch. These scenarios are referred to as infinite inflation bugs and would erode all value of the network should one be exploited undetected for too long. The risk is very real and intertwines with Technology factors as well as it would destroy all incentives for miners to continue looking for new blocks.
The self-funding of developer efforts instead of establishing some kind of developer tax through pre-mining or block taxes has the effect that the XMR token is not diluted in this way. Whether such schemes are always negative or not can be debated (they might not always be if they are limited in scope, and funds are put to good use through bug bounties, audits and developer recruitment), but all else being equal, they certainly captures value from other network participants at that given time.
Reasons: Not very low valuation compared to Bitcoin. Risk of infinite inflation bugs. No premines, block taxes or or seignorage. Competitive inflation.