What is a Monero stealth address?

A stealth address is a one-time address generated for every Monero transaction. The sender creates a unique destination using the recipient's public keys and a random number. This means every payment goes to a different address on the blockchain, making it impossible to link multiple payments to the same recipient.

How do stealth addresses protect privacy?

Without stealth addresses, anyone could look up your public address on the blockchain and see all incoming payments. With stealth addresses, each payment creates a new one-time address that only the recipient can identify as theirs using their private view key. To an outside observer, every transaction output looks random and unlinked.

What is the difference between a stealth address and a subaddress?

A stealth address is generated automatically by the sender for each transaction — it's a protocol-level privacy feature. A subaddress is generated by the recipient to give out different addresses to different senders. Both improve privacy but at different layers: stealth addresses protect on-chain, subaddresses protect before the transaction.

Can someone trace a Monero stealth address back to the recipient?

No, not without the recipient's private view key. The stealth address is derived using Diffie-Hellman key exchange, and only the recipient can compute the shared secret needed to identify the output as theirs. Chain analysis cannot link stealth addresses to public addresses without the view key.

How does Monero's stealth address compare to Bitcoin?

Bitcoin has no built-in stealth address mechanism. If you reuse a Bitcoin address, all payments to it are publicly linked. Users must manually generate new addresses for each transaction. Monero automates this at the protocol level — stealth addresses are mandatory for every transaction, with no user effort required.

Monero Stealth Addresses Explained (2026)

How one-time addresses protect the receiver in every Monero transaction. The second layer of XMR's privacy stack.

TL;DR

Every Monero transaction creates a unique, one-time "stealth address" for the recipient. Even if you give the same Monero address to 100 people, each payment lands at a different address on the blockchain. Nobody can link those payments together or trace them back to you. This is automatic and mandatory — no user action required.

The Problem Stealth Addresses Solve

Analogy: Imagine posting your home address online and asking people to send you letters. Anyone watching your mailbox can count how many letters you receive, who sent them, and when. Now imagine if every letter was delivered to a different, randomly generated P.O. box that only you have the key to. That's what stealth addresses do.

In Bitcoin, if you post your address on a website, anyone can look it up on the blockchain and see every transaction ever sent to it — amounts, dates, and the sending addresses. This is a massive privacy leak.

Monero solves this at the protocol level. Your public Monero address is never written to the blockchain. Instead, every sender generates a one-time stealth address derived from your public keys. Only you can detect which outputs belong to you.

How Stealth Addresses Work

Sender hasYour public address

→

GeneratesRandom number (r)

→

ComputesOne-time address

→

Blockchain seesUnique stealth address

The Cryptographic Process

You share your public address — This contains two public keys: the public view key (A) and the public spend key (B).
Sender generates a random number — A random scalar r (the transaction private key).
Diffie-Hellman key exchange — The sender computes a shared secret using your public view key and their random number: shared_secret = r * A
Derive one-time address — The stealth address is computed: P = H(r*A) * G + B where H is a hash function and G is the generator point.
Include the transaction public key — The sender puts R = r * G in the transaction. This lets you (and only you) reconstruct the shared secret.

P = H(r · A) · G + B

Where: P = stealth address, r = random scalar, A = recipient's public view key, G = generator point, B = recipient's public spend key, H = hash function

Why Only You Can Find Your Payments

To check if a transaction output belongs to you, your wallet uses your private view key (a) to compute the same shared secret:

shared_secret = a · R

Since a * R = a * (r * G) = r * (a * G) = r * A, this matches what the sender computed. Your wallet then checks if the stealth address matches: P' = H(a*R) * G + B. If it matches, the output is yours. If not, it belongs to someone else.

Key insight: Without a (your private view key), nobody can compute this. They'd need to brute-force elliptic curve discrete logarithm, which is computationally infeasible.

Monero's Key Structure

Private Spend Key

The master secret. Derived from your seed phrase. Required to authorize spending. Never shared.

Private View Key

Derived from spend key. Scans blockchain for your payments. Can be shared for audit/monitoring without spending risk.

Public Keys (A, B)

Derived from private keys. Encoded in your Monero address. Used by senders to create stealth addresses. Safe to share publicly.

Stealth Addresses vs Subaddresses

Both improve privacy, but at different layers:

Feature	Stealth Address	Subaddress
Created by	Sender (automatic)	Recipient (manual)
When	Every transaction	Before sharing address
Purpose	Hide recipient on-chain	Isolate senders pre-chain
User action	None (protocol-level)	Generate new subaddress per contact
Blockchain visible?	Only the one-time address	No (subaddress never on-chain)

Best practice: Use a new subaddress for each person/service you give your address to. Stealth addresses handle the rest automatically.

Stealth Addresses in Monero's Privacy Stack

Stealth addresses are one of four privacy technologies working together in every Monero transaction:

Ring Signatures (CLSAG) — Hide the sender among 16 decoys
Stealth Addresses — Hide the receiver with one-time addresses (this page)
RingCT — Hide the amount using Pedersen commitments
Dandelion++ — Hide the IP address of the broadcaster

Together, these four layers make every Monero transaction opaque: unknown sender, unknown receiver, unknown amount, unknown origin.

How Monero Works — All 4 layers explained →

What Changes with FCMP++?

The upcoming FCMP++ upgrade replaces ring signatures with full-chain membership proofs. Stealth addresses remain unchanged. They're orthogonal to the ring signature system — FCMP++ changes how sender privacy works, not receiver privacy.

Stealth addresses are a permanent part of the Monero protocol. They've been there since day one (inherited from CryptoNote in 2014) and will remain through all future upgrades.

Comparison with Other Cryptocurrencies

Coin	Stealth Addresses	Receiver Privacy
Monero	Mandatory, every TX	Strong
Bitcoin	None built-in	None (unless manual)
Zcash (shielded)	In shielded pool	Only if both parties use shielded
Ethereum	None (EIP-5564 proposed)	None
Dash	None	None

Ethereum has EIP-5564 (proposed stealth address standard) but it's optional, complex, and barely used. Bitcoin has BIP-352 ("Silent Payments") in development. Monero has had mandatory stealth addresses since 2014.

      For P2P traders: Stealth addresses mean you can safely post your Monero address on a public profile (XMRBazaar, forum, website) without anyone being able to see how many payments you've received or trace your trading volume. Your address is just a public key — the blockchain reveals nothing about it.
    