In this guide we explain the basics of Monero, multisignature transactions, and why Monero multisig is the future of darknet market payments. We also provide a walk-through of how XMR multisig addresses are created, how to fund them, and how to move the payment they contain. You’ll probably notice right off the bat that things are more complex than Bitcoin multisig transactions but with a little practice and dedication you’ll understand why they are superior for making payments for darknet market orders.
As of mid-2023, there is only one darknet market of decent size and repute that supports Monero multisignature payments, and that is Dark Matter. However, once the process has been somewhat simplified with more user-friendly interfaces, this type of payment will likely be the standard for darknet markets in years to come, so there’s no harm in acquainting yourself with how they work now.
Before Getting Started
Here are some of the things not covered in this article you should probably have some knowledge of before attempting to proceed with making a Monero multisignature payment, although they may not be absolutely crucial for your experience:
- How to run Linux and use a command-line interface (CLI), for best OpSec practices.
- How to create a darknet market account and obtain XMR to fund it.
- How to download and sync the Monero CLI wallet.
What is Monero?
If you are at all familiar with darknet markets and how they work, you likely know what Monero is by now, but in case you don’t or you need a reminder, here’s a quick summary:
Monero, also known as XMR, stands apart from many existing cryptocurrencies by prioritizing privacy and non-traceability. While popular cryptocurrencies like Bitcoin and Ethereum have transparent blockchains, where transactions and addresses can be seen by anyone, Monero takes a different approach.
The key feature of Monero lies in its privacy-enhancing technologies, aimed at ensuring the anonymity of its users. One of these technologies is called Ring Confidential Transactions (RingCT), which helps to obfuscate transaction amounts and make them indistinguishable from others. This adds a layer of privacy by hiding the exact transaction value and making it difficult to trace or link transactions to specific individuals.
Another important technology utilized by Monero is Ring Signatures. With Ring Signatures, a sender’s identity is concealed by mixing their transaction inputs with other potential senders. This process makes it challenging to determine the exact sender of a transaction, adding further layers of privacy and untraceability.
Monero’s commitment to privacy and anonymity has made it a popular choice for various use cases, including those in the darknet where individuals seek to preserve their anonymity and engage in transactions away from prying eyes. Additionally, Monero’s features and privacy focus make it applicable for a wide range of use cases beyond the darknet as they give it a level of fungibility that closely resembles physical cash.
What is a Monero Multisig Payment?
Monero multisignature (multisig) payment is a feature that adds an additional layer of security and control to Monero transactions. Multisig requires multiple parties to sign off on a transaction before it can be executed, which provides protection against theft by a darknet market vendor or even the market itself.
Multisig involves creating a wallet where multiple individuals hold independent sets of keys. To spend funds from a multisig wallet, a predetermined number of key holders (usually 2 out of 3 for darknet market purposes) must provide their signatures, ensuring consensus and enhancing security.
Although similar in concept, the setup of a Monero (XMR) multisig wallet varies quite significantly from the setup of a Bitcoin (BTC) multisig wallet. The private nature of Monero transactions introduces some complexity in the process of generating multisignature transactions and thus a need for communication between parties (while maintaining anonymity) is required. For example, multiple rounds of signature sharing are needed for this process, as is familiarity with command-line interfaces.
Key Components of Multisig Transactions
- Participants. Typically, a multisig wallet involves multiple individuals, each with their own unique set of keys. These participants are usually referred to as cosigners. In the case of a darknet market transaction, they will include the buyer, the vendor, and the market itself.
- Signatures. For a transaction to be considered valid, it must be signed by the required number of cosigners. This number is determined when creating the multisig wallet and is referred to as the M-of-N threshold, where M is the minimum number of signatures required out of N total participants.
- Creating a Multisig Wallet. To create a Monero multisig wallet, the participants collectively generate a set of public keys and distribute them among each other. These public keys are combined to form a master public key which represents the multisig wallet, and it is used to receive funds.
- Initiating a Multisig Transaction. When a multisig wallet receives funds, the balance is associated with the master public key rather than individual participant addresses. To initiate a transaction, the spending party generates a transaction with their signature and proposes it to the other cosigners who (ideally) review it to ensure it contains the appropriate amount and receiving address.
- Signing a Multisig Transaction. The required number of cosigners must then sign the transaction using their private keys. Once the minimum threshold is reached, the transaction becomes valid and when broadcasted to the Monero network executes the payment.
What are the Benefits of Using Monero Multisig Payments?
- Enhanced Privacy: Multisig transactions involve multiple parties providing their signatures to authorize a transaction. In the case of Monero Multisig payments, this adds an additional layer of privacy to the transaction process. By combining the inherent privacy features of Monero with Multisig, users can further obscure their identities and the details of their transactions, making it difficult to trace their activities.
- Increased Security: Multisig provides additional protection against unauthorized access to funds since attackers would need to gain control of multiple keys simultaneously.
- Shared Control: With multisig, multiple individuals or entities can jointly manage and control funds, which means that neither a vendor nor market can confiscate buyer funds without the permission of at least one other signing party.
- Escrow Services: Multisignature wallets can facilitate escrow services, where an impartial third party holds a key and participates in the transaction process, ensuring fairness and enforcing contract terms.
What are the Risks of Monero Multisig Transactions?
- Market Scam: Darknet markets could attempt an exit scam by orchestrating the disappearance of funds held in multisig escrow by proposing fraudulent transactions. In such cases, they could simply propose sending the funds to themselves, leaving buyers and vendors empty-handed.
- Coordinated Fraud: In some instances, darknet markets might collude with malicious vendors to defraud buyers in multisig transactions. By manipulating transaction details or providing counterfeit goods, vendors could deceive buyers and gain an unfair advantage.
- User error: A buyer, vendor and/or market could accidentally lose the key required to sign off on a multisignature transaction, thus rendering them unable to participate in the signing process. This means that the transaction would have to be processed by the other two parties for the funds to be moved from the multisig address.
How to Prepare a Monero Multisig Wallet
The first thing you’ll need when prepping for an XMR multisig payment is a fresh wallet for refunds, created using a Monero wallet client. If for some reason your order doesn’t go through, you will receive a refund from the multisig address to this address. You’ll want to create a new wallet for this purpose, and each time you want to place a new order using XMR multisig. There are three Monero wallet clients available that can be used for the purpose of creating an XMR multisig refund address:
We recommend using Feather as it is the most straight-forward and easy-to-use of the three options.
Because Dark Matter is currently the only darknet market of note that supports XMR multisig payments, we will be incorporating the use of an open-source utility they have developed called XMS Web, which is a web interface for multisig address generation, signing and broadcasting. It is likely that future iterations of multisig payments for other darknet markets will follow a similar set of steps, however, these instructions apply to Dark Matter multisig payments in particular.
Note: it is better to perform this process from a Linux machine for a couple of good reasons; the first being OpSec concerns and the second being the fact that XMS Web was initially configured and tested for Linux (which requires knowledge of its CLI). Also note that to have full control over the multisig construction process you will need to fully sync a Monero CLI wallet which can take several hours to complete.
Step 1: Set Up XMS Web for Monero Multisig
- Log into Dark Matter market and go to the following URL: http://darkmat3kdxestusl437urshpsravq7oqb7t3m36u2l62vnmmldzdmid.onion/academy/multisig/
- Download the ZIP file of the latest XMS release (version 0.2) and follow the instructions provided in the Multisig session of the Dark Matter Academy.
- Unzip the file in your terminal.
- Run the xmsweb.py script.
- Open http://127.0.0.1:7779 in your web browser.
Step 2: Configure Settings
- Open the Settings page.
- If you don’t have your own Monero node, choose one from the provided list of nodes, such as those available at https://monero.fail/.
- Enter the Daemon host and, if required, the Daemon login credentials.
- A proxy (sock5) is recommended when using a public Monero node, although connection speed may be slow.
- Save the settings and test the connection. Verify that the following success message is displayed:
Step 3: Generate the Wallet
- Click on “Generate wallet”.
- Be patient as the generation process may take some time, especially if using a public node via Tor (up to 5 minutes).
- Once the wallet is generated, click on its name to access its details, which should look something like this:
Step 4: Place an Order
- Copy the Round1 key from the wallet page.
- Visit the market where you want to order something with an XMR Multisig payment and find the product you wish to purchase.
- Become familiar with and agree to the market and/or vendor’s Terms and Conditions before deciding to place an order.
- Paste the copied Round1 key into the Multisig key input field.
- If ordering a physical product, encrypt your address with the vendor’s PGP key and paste it into the message box.
- Click “Order”.
- If the vendor has already added the multisig keys to their pool, you’ll immediately see three Round1 keys. Otherwise, you may need to wait for the vendor to do so. Eventually, a message with the three keys will appear. Select and copy it.
Step 5: Exchange Keys
- Return to your wallet page and paste the Round1 keys.
- Click “Submit” and wait until the Round2 key is displayed.
- Copy the Round2 key and paste it on the order page.
Step 6: Repeat the Key Exchange Process
- Continue exchanging keys with the vendor. Sometimes, waiting for the vendor’s response may be necessary and will require patience on your behalf.
- When the vendor sends their Round2 key, copy and paste it on the wallet page. Click “Submit” to obtain the Round3 key.
- Paste the Round3 key on the market’s order page and wait for the vendor to do the same.
Step 7: Finalize the Wallet
- When a deposit address is displayed, it indicates that the market has finalized the wallet and is ready to accept deposits.
- Finalize your wallet by clicking “How to finalize”.
- Copy the Round3 keys, paste them on the wallet page, and your wallet is ready to be finalized.
Step 8: Transfer Monero and Confirmations
- Double-check that the wallet address on your wallet page matches the deposit wallet address on the order page.
- Transfer Monero to the wallet and wait for the required number of confirmations (typically 10) for the transaction.
Step 9: Withdraw Funds
- If the order is refunded, the buyer should follow these steps. If the order is finalized, the vendor should do the same.
- After the transaction has two confirmations, it will be marked as “paid”, but the withdrawal from the multisig wallet requires 10 confirmations.
- Once 10 confirmations are received, an alert will indicate the completion.
- Go to the wallet page, click “Export info”, and copy the provided long text.
- Paste the text on the market’s order page and submit it.
- The market will generate the outcome transaction and sign it, requiring one more signature to submit the transaction.
Step 10: Verify and Submit Transaction
- Check the list of recipients’ addresses and amounts displayed to make sure the transaction is valid.
- Copy the large text and open the wallet page.
- Click “Verify TX” and paste the transaction (tx) body.
- Review the address and amount, and if it matches what you are expecting, click “Sign”.
- The transaction will be signed.
- Finally, click “Broadcast” to send the transaction to the blockchain.
- Soon, the XMR will appear in the wallet of the intended party, and your transaction will have been completed.
Note: it is highly recommended that you archive wallets that no longer hold any funds.
To sum it up, Monero multisignature payments utilize multiple participants (buyer, vendor, and market) and their respective keys to create a more secure and controlled environment for transactions. By requiring a consensus of signatures, the risk of unauthorized activity is reduced, making multisig an attractive feature for darknet market users seeking enhanced security and shared control of funds. For additional information on Monero multisignature transactions, please reference the following resources: