Monero: Downgrading The Leading Privacy Coin (Cryptocurrency:XMR-USD)

A few months ago I published a comprehensive report on Monero (XMR-USD). If you read the whole thing and retained most of it, you’d have a good understanding of Monero on a deeper-than-surface level. This report is an update because my perspective on Monero has begun to change over the last month.

I downgrade to a Hold, although the caveat is that XMR is still a highly speculative buy due to a rather asymmetric risk-reward profile, but only for a small portion of a digital asset portfolio. The main issue I have come to realize about Monero is that it is still a base layer chain and will likely continue to be a base layer chain. Everything scales by adding more layers, but Monero has no ability to do so due to technical reasons. Another issue I have come to realize is that Monero’s decentralization through ASIC resistance is not as important as I had thought and matters even less considering some of the developments in Bitcoin (BTC-USD) mining. The rest of this report expands on these two issues.

No Scripts, Means No L2 Scaling, Means No Adoption

Bitcoin and Ethereum (ETH-USD) are both capable of scaling in layers because certain logic can be coded into the blockchain by users. For example, Ethereum is scaling through rollups. A rollup derives security from the base layer because a smart contract on the base layer (generally called the “bridge contract”) is programmed such that transactions which occurred on the rollup can be forcibly made to occur on the base layer via the smart contract. Some examples of Ethereum rollups are Optimism (OP-USD), Arbitrum (ARB-USD), and ZKSync.

Bitcoin is scaling through state channels. The biggest one is the Lightning Network. State channels also require programmable spending conditions (called “scripts”) on the base layer. In the case of the Lightning payment channels, this spending condition is a 2-of-2 multi-signature to settle the funds within the channel. A more complex script called a hash-time locked contract (HTLC) is used to route payments through different Lightning channels. Routing is critical to the Lightning Network, and completely impossible without scripts.

Monero has no scripts. It simply uses advanced cryptography to obfuscate the sender, receiver, and amount transacted. There are multi-signature wallets for XMR, but these are a wallet-level feature, which is different from how Bitcoin or Ethereum implements multi-signatures. Without scripts, Monero cannot use its base layer to enforce the security of higher layers.

Here’s a way to understand the nuance of what is going on. When a Lightning transaction or an Arbitrum transaction runs into a dispute on Bitcoin or Ethereum respectively, the base layer holds all the logic necessary to resolve the dispute. In the case of Lightning, signed Bitcoin base layer transactions are exchanged between channel users but kept from being broadcasted to the blockchain. At any time, the latest signed transaction can be broadcasted, and at that point, the logic encoded into the Bitcoin base layer can be used to enforce the transaction’s validity. Thus, the base layer can resolve the dispute. In the same way, if an Arbitrum transaction was disputed, the procedure for resolving an optimistic rollup would be to run the transactions on the Ethereum base layer to see what the result would be. In that case, Ethereum’s base layer can resolve the dispute. The ability for the base layer to resolve the dispute is required for high layer scaling. Monero has no programmability at the base layer, so it cannot support higher layer scaling.

This is a big problem because everything uses layers to scale. Blockchains that have tried to scale everything on the base layer have gone nowhere. For example, Bitcoin Cash (BCH-USD) and Bitcoin SV (BSV-USD) were hard forked from Bitcoin with the intention of increasing the block size so that more transactions can be packed into the base layer. Their total market caps are now a tiny fraction of Bitcoin’s. Meanwhile, the two biggest chains, Bitcoin and Ethereum, have both adopted a scaling in layers approach. The market is very clearly telling us what it thinks works.

Without the ability to scale in layers, Monero will never be able to service a truly large number of people, so it will be technologically incapable of reaching mass adoption. This puts a hard cap on the utility and value of XMR.

Why ASIC Resistance Doesn’t Mean Greater Potential for Decentralization Than Bitcoin

In the last report on Monero, I wrote the following paragraph:

Monero is better than Bitcoin insofar as being a blockchain that promotes decentralization. Monero uses the ASIC-resistant RandomX mining algorithm. ASIC means “application-specific integrated circuit.” While ASICs can be specifically optimized for Bitcoin mining, they cannot be optimized for Monero mining. The result is that Bitcoin miners will require capital-intensive investment into ASICs to remain competitive while anyone with a normal personal computer can be competitive as a Monero miner (one could still get more computers to be more competitive in Monero mining, but the point of ASIC-resistance is that it would be hard to specifically optimize computers with the intent to use it for mining XMR). This increases Monero’s potential for greater decentralization because barriers to entry and profitability are lower. In contrast, a large percentage of Bitcoin’s hash rate belongs to several large-scale mining rigs filled with ASICs.

My position on this has changed. While I still believe ASIC resistance is a compelling force of decentralization, I have recently come to see that Bitcoin’s ASIC dominance also offers another level of decentralization which is equally, if not more, compelling. And if this is the case, then one of the big strengths which set Monero apart from Bitcoin isn’t really all that meaningful.

First, we must clarify some of the incentives that come from ASIC acceptance and ASIC resistance. Monero is famously ASIC resistant, and it stays this way through regular hard forks which slightly alters the proof-of-work and renders existing ASICs useless. The goal is to ensure that “normal” computers can stay competitive for mining.

Bitcoin is ASIC-friendly because it never, ever changes. The same proof-of-work has existed throughout Bitcoin’s existence. ASICs designed in 2015 are still usable today, and any decrease in their competitiveness is due to the newer ASICs being more advanced, not due to the network’s rules changing. This creates a very curious incentive for Bitcoin miners that we are only recently beginning to observe en masse. Because Bitcoin can be trusted to never change, ASICs can be acquired and expected to have lasting value. Thus, the only remaining variable for miner profitability will be the cost of electricity.

As such, Bitcoin miners will go seek out the cheapest sources of power available. They will even explore new sources of power that others have yet to consider. Mining gives such explorations an immediate source of revenue (note: not profit, but revenue) and a proof of concept. This is part of the reason why Bitcoin will be increasingly regarded as an ESG-friendly industry and asset, which will be a big pivot from the dominant narrative a few years ago. See this report, starting on page 35.

My focus is that because miners can trust that their ASICs will not be rendered useless, the only thing left for them to do is to seek out cheap power. And these spots can literally be located anywhere on Earth. This is a very compelling force for decentralization. Whereas my previous concern was that Bitcoin’s hash rate is concentrated in a few ASIC mining rigs, I now see an overwhelmingly decentralizing force in the form of miners seeking out the cheaper power in their selfish and rational mission to maximize profits.

Given the economics of Bitcoin mining, I even expect that large-scale mining rigs will eventually fade away in relevance as they lose their edge to smaller miners which are more mobile and able to capitalize on cheaper and cheaper sources of power. The theoretical long-term destination of this would be a steady state of perfect decentralization. No one would even know where most miners are because miners are so spread out geographically and so hyper-optimized to their own niche cheap power source.

This realization completely negates the need for ASIC resistance. In fact, ASIC resistance almost guarantees that this kind of “perfect decentralization” will never happen. ASIC resistance trades a long-run, roundabout journey to decentralization (led by economic incentives) for a series of short-term fixes to miner centralization. In the long run, I expect ASIC resistant networks to be confined to an ingroup that knows about it and appreciates it enough to use it. Only by allowing specialization (i.e., ASIC) can economic incentives play out over a long enough time frame to achieve better decentralization through a roundabout procedure.

If Monero’s ASIC resistance isn’t a great thing for decentralization when we objectively consider the alternative presented by Bitcoin in its totality, then why should we still favor XMR over BTC as decentralized money?

Reconciling Monero’s Benefits Over Bitcoin

The remaining pieces of XMR strengths might include:

1. Fungibility of XMR thanks to its inherent privacy.
2. Tail Emissions which is an acceptable solution to a possible security time bomb.
3. Privacy by default.

Fungibility becomes less and less of a problem after higher layer scaling enters the picture. While some BTC on the base layer might be considered tainted because of association with illicit activities, these same coins can be put into a Lightning channel and used to send transactions via the Lightning Network. No one would even know that they were ultimately receiving coins from a tainted source, since Lightning uses an onion routing mechanism. And if the end receiver settled to the base layer, their new coins wouldn’t be tainted since it won’t be linkable to the tainted ones. Also, the concept of tainting is a social construct that probably will fade over time as Bitcoin adoption grows. In the near term, tainted coins pose a problem if and only if you are only trying to transact on the base layer. In the long term, it probably won’t be an issue at all. Thus, fungibility isn’t a big deal: it is a “nice to have” not a “need to have” at the base layer.

The bigger concern may be Bitcoin’s block rewards halving until it eventually hits zero. This would force miners to rely on fees alone. Most miner revenue today comes from block rewards (which are certain) and not fees (fees are uncertain), so it’s not clear what will happen to network uptime and security when the block reward disappears completely. Monero solves this with a tail emission: a block reward of 0.6 XMR per block that will never decrease.

We can expect that many solutions will be proposed for Bitcoin long before the problem gets serious. Think of it this way: while XMR’s block reward solution can be considered adequately resolved with certainty, BTC’s solution is uncertain but likely to manifest in the future when a solution is truly needed. The only way to find out is to just wait.

Monero’s privacy by default is probably its biggest strength. Bitcoin transactions at the base layer are not private. Privacy is obviously very valuable and privacy at the base layer is wonderful because it means all incidences of transactions are protected. If the base layer doesn’t have privacy, then users would need to rely on higher layers for privacy.

However, there are tradeoffs for this privacy. Privacy is achieved via complex cryptography which occurs with each transaction, and this makes a transaction take up more size than a (far simpler) transaction on Bitcoin. This increases the base layer’s size at a much faster rate. That can cause decentralization issues because running a full node (a node that stores the entire blockchain to verify transactions) becomes harder for more people.

So Should You Get XMR as an Investment?

The answer is probably no. First, XMR is hard to buy because many crypto exchanges do not offer it. Using decentralized exchanges like atomic swap protocols is technically complex and subjects you to some wide bid-ask spreads. You usually need BTC or ETH to do such a swap, and you would need XMR to seriously outperform these assets before you can even make back what you would pay on the bid-ask spreads.

Some decentralized exchanges like dYdX offer XMR perpetual futures which can give traders exposure to XMR at much better terms via derivatives. If you consider that route, then your allocation depends on your bullishness on XMR.

I now consider XMR primarily a “narrative call.” Most digital assets function off narratives or fads. When DeFi became the hottest narrative, there were governance tokens of big, decentralized exchanges like Uniswap (UNI-USD) and Curve (CRV-USD) which really took off. These tokens didn’t accrue any of the cash flows, but by association alone their prices exploded. Similar things happen all the time in crypto.

With XMR, the narrative call is undoubtedly privacy. Interestingly, privacy hasn’t really been a big narrative in crypto. There could be some events in the future which trigger a collective shift to consider privacy, and this would be very beneficial to XMR. In fact, XMR would probably be one of the biggest benefactors because it is the leading privacy coin and its only well-known advantage is its privacy (most don’t really know the details of tail emissions or ASIC resistance).

For this alone, a highly speculative and small allocation to XMR may be appropriate in a digital asset portfolio. It is probably about the same or better than keeping a small allocation of your equity portfolio in GameStop (GME) and AMC Entertainment Holdings (AMC) in case those meme stocks take off again.

In the previous report I wrote the following:

I think there is a margin of safety which comes from an uninformed and presently uninterested public. This is based on Monero’s very real merits and its relatively small size compared to Bitcoin, and on how undercovered and even “miscovered” (coverage tends to be focused on illicit use cases and little else) XMR is. Thus, I rate XMR a speculative buy – a good chance of going nowhere but a visible path to outsized profits. XMR appears a great “deep value” play in digital assets today.

I no longer take the “deep value” and the “margin of safety” position. XMR can’t be considered deep value unless it can measure up to Bitcoin and Ethereum in scaling via layers. Without programmable scripts, it cannot scale via layers or reach mass adoption, and there isn’t really a margin of safety because it is more likely the case that the market simply recognizes the nuance behind the need to scale.

This, along with the realization that ASIC resistance isn’t really a huge decentralization benefit over Bitcoin’s ASIC-friendly model, has prompted a downgrade to “Hold.”