When you create a Monero wallet, you get a primary public address — the alphanumeric string you share with others to receive XMR. This primary address works perfectly for basic transactions, but it has a privacy limitation: if you share the same address with multiple people, those people could potentially correlate your transactions by observing payments going to the same on-chain address. Subaddresses solve this problem elegantly, without requiring you to manage multiple wallets.
What Is a Monero Subaddress?
A subaddress is a secondary wallet address mathematically derived from your main wallet's keys. It is fully independent for receiving purposes — transactions sent to a subaddress arrive in the same wallet as your primary address, but they cannot be linked to each other or to the primary address by an outside observer on the blockchain.
The practical consequence: if you give your merchant a subaddress and your friend a different subaddress, neither party can see the other's transactions to you, and neither can determine your total wallet balance or trace your other financial activity. The blockchain records a valid transaction to an address — but the connection between that address and your identity or other addresses remains hidden.
Subaddresses are particularly useful for any scenario where you need to post a public receiving address — a donation address on a website, a merchant payment address, a payment address for a specific project. Without subaddresses, all donations would be publicly linkable to the same address, allowing anyone to see the total received and correlate the donors.
How Subaddresses Are Generated
Each Monero wallet has two key pairs: a private view key and private spend key (kept secret), and their corresponding public counterparts (encoded into the wallet address). Subaddresses are derived deterministically from these keys using a series of elliptic curve operations. Each subaddress is identified by two indices — the account index and the address index — allowing you to generate an effectively unlimited number of unique receiving addresses, all recoverable from the same seed phrase.
This deterministic derivation is what makes subaddresses convenient: you do not need to back up anything extra. Your 25-word seed phrase recovers all subaddresses along with your primary address and transaction history.
Subaddresses vs Integrated Addresses
Integrated addresses were an earlier Monero mechanism for merchant use. A Monero integrated address combines the primary wallet address with a payment ID in a single string, allowing merchants to distinguish which specific customer sent a payment. Integrated addresses were useful but had a limitation: because they use the same primary address as a base, observers could potentially link multiple integrated addresses from the same wallet.
Subaddresses replaced integrated addresses as the preferred approach. Since each subaddress is independently derived and appears unrelated to the primary address on-chain, subaddresses provide stronger unlinkability. The Monero ecosystem has broadly moved to subaddresses, and most wallets generate them by default for new receiving addresses.
The Janus Attack: A Known Limitation
Subaddresses provide strong unlinkability against passive observers, but there is a known theoretical attack called the Janus attack that can be executed by a malicious sender. In a Janus attack, a sender can craft a specially constructed transaction that allows them to link two subaddresses belonging to the same wallet — revealing that they are controlled by the same entity. This requires active involvement from the attacker (they must be the one sending the transaction) and cannot be performed by passive blockchain observers.
For most practical purposes — protecting your privacy from merchants, donors, and blockchain analysis — subaddresses provide excellent protection. Users who require the strongest possible isolation between separate financial activities (for example, keeping work income completely isolated from personal spending) should use entirely separate seed phrases for each context.
How to Use Subaddresses in XMRWallet
XMRWallet generates and displays subaddresses directly from your account overview. After logging in:
- From the Overview page, click View subaddresses. Your current list of subaddresses will appear.
- Click Generate new subaddress to create a new one for a specific counterparty or use case.
- From the Send page, you can also access your subaddress list to select the appropriate receiving address for incoming funds.
A critical warning: never enter your 25-word seed phrase on any third-party website claiming to generate subaddresses for you. Your seed phrase gives complete access to all your funds. Subaddress generation should only happen within your trusted wallet software. XMRWallet generates subaddresses entirely within your browser without transmitting your keys to any server.
As a practical habit: share a subaddress rather than your primary address for every transaction, especially with people or organizations you do not know well. It is a small step that meaningfully strengthens your financial privacy. Create your XMRWallet here to start using subaddresses.
Frequently Asked Questions
Do I need to back up my subaddresses separately?
No. Subaddresses are derived deterministically from your wallet's seed phrase. Your 25-word seed phrase recovers all your subaddresses automatically. The only thing you need to back up is your seed phrase — store it on paper in a secure physical location, not digitally.
How many subaddresses can I create?
Effectively unlimited. Monero subaddresses are indexed by account and address position, and the index space is large enough that you will never run out of unique addresses in practice. There is no fee to generate subaddresses — it is a local computation that requires no transaction on the blockchain.
