Monero View Key vs Spend Key Explained
Monero View Key vs Spend Key Explained
If you have ever tried to send your accountant proof of a Monero deposit without handing over your savings, you have already met the problem these two keys solve. Unlike Bitcoin, where one private key controls everything from balances to spending, Monero deliberately splits authority between a view key and a spend key. The split is what lets a privacy coin remain auditable on demand, support donation pages with public balances, and power lightweight mobile wallets that never touch your funds. Yet most newcomers conflate the two, paste them into the wrong field, or assume sharing one leaks both. In 2026, with FCMP++ on the testnet roadmap and exchanges like MoneroSwapper handling thousands of no-KYC swaps a day, understanding the key separation is no longer an academic exercise. It is the difference between a clean audit trail and a drained wallet. This guide walks through exactly what each key does, what it cannot do, and how Monero's cryptographic primitives turn the pair into something Bitcoin's single-key model cannot replicate.
Why Monero Uses Two Private Keys Instead of One
Monero's account model descends from CryptoNote, the 2013 protocol that introduced ring signatures and one-time stealth addresses to cryptocurrency. To make those primitives work, the wallet needs to do two very different jobs: scan the entire blockchain to recognise outputs addressed to it, and authorise spending of those outputs. CryptoNote's authors realised that the scanning role and the spending role can be split between two independent scalar values, each derived from a 32-byte seed but cryptographically unrelated in their public effects.
The result is a wallet identity composed of four numbers — a private spend key, a private view key, and their two public counterparts — concatenated and base58-encoded into the familiar 95-character Monero address. The split has three concrete benefits:
- Selective transparency: you can hand the view key to a tax authority, exchange compliance team, or charity auditor so they can verify incoming funds, without giving them any ability to move coins.
- Lightweight clients: mobile wallets and watch-only desktop nodes only need the view key to display a balance, so cold storage of the spend key on an air-gapped machine is practical for daily use.
- Defence in depth: a compromised view key leaks transaction history but not funds; recovery from a stolen device becomes a privacy incident rather than a financial loss.
None of this is possible in Bitcoin's UTXO model without trusted third parties or zero-knowledge add-ons. Monero bakes it into the protocol itself, which is why every Monero wallet — from the official CLI to MoneroSwapper's hosted swap engine — surfaces the two keys as first-class objects you can export, import, and audit independently.
The Private View Key, In Depth
The private view key is a 32-byte scalar, displayed as 64 hexadecimal characters in tools like the monero-wallet-cli or Feather Wallet. Its sole cryptographic job is to compute the shared secret between the sender and receiver of every transaction the wallet might own. When someone sends you XMR, the sender generates a one-time stealth address using your public spend key, your public view key, and a fresh random transaction key. The resulting output looks like noise to every observer on the network — except to you, because your private view key lets you reconstruct the same shared secret and recognise the output as yours.
What the View Key Can Do
With nothing more than your public address and your private view key, software can scan the chain and decrypt three pieces of information per output: the recipient's stealth address (proving the output belongs to you), the amount (decrypted from the RingCT commitment), and the payment ID if one was attached. That is enough to build a complete incoming transaction history. Businesses use this to monitor sales, donation pages publish their view key so anyone can verify totals in real time, and tax software uses it to generate cost-basis reports without ever requesting spending authority.
What the View Key Cannot Do
The view key cannot sign a transaction. It cannot generate a key image, which means it cannot prove an output has been spent. In a view-only wallet, outgoing transactions are invisible until the user imports a signed key-image file from the offline spending wallet, at which point the balance reconciles. This is the cleanest demonstration of the key separation in action — the view key sees money come in, but loses sight of it the moment it leaves, unless the spend side cooperates by sharing key images.
Common View Key Mistakes
The most frequent error is pasting the view key into a "restore wallet" field that expects a Mnemonic seed. The wallet will accept it, derive an entirely different spend key from the wrong entropy, and present a clean but useless wallet that never sees the user's funds. A second pitfall is publishing the view key on a public page without realising it permanently links every past and future incoming transaction to a real-world identity. View keys do not rotate; once leaked, they leak forever. Treat them like a read-only API token to a bank statement: useful for auditors, ruinous for stalkers.
The Private Spend Key, In Depth
The private spend key is the other 32-byte scalar, and it is the one that actually controls coins. From this single number a wallet derives the key image for every output it owns, signs every CLSAG ring signature, and produces the Bulletproofs+ range proofs that demonstrate amounts are non-negative without revealing them. Lose the spend key, lose the money. There is no recovery, no support desk, no chain rollback.
How the Spend Key Generates Key Images
For each output a wallet receives, Monero computes a key image — a deterministic hash that depends on both the output's one-time public key and the wallet's private spend key. Because the key image is unique per output but unforgeable without the spend key, it serves as Monero's double-spend prevention mechanism. When a transaction is broadcast, validators check that none of its key images have appeared on chain before. The clever part is that the same key image cannot be linked back to the wallet that produced it, because the ring signature hides the true signer among a set of decoys.
The Spend Key and the Mnemonic Seed
Most users never see the raw 64-hex spend key. Instead, they see a 25-word Mnemonic seed (or a 16-word Polyseed in newer wallets) that encodes the spend key plus a checksum and birthday. The view key is then deterministically derived from the spend key by hashing it with Keccak-256 and reducing modulo the Ed25519 group order. That derivation is why backing up the spend key (or its seed) is sufficient to restore the entire wallet — the view key falls out for free.
Why You Never Share the Spend Key
Sharing the spend key is functionally identical to sending someone your entire balance and your entire transaction history at once. Phishing sites that ask for a "wallet verification key" or a "full restore key" are almost always after the spend key or the seed. No legitimate exchange, swap service, or audit firm will ever need it. MoneroSwapper, for example, generates a fresh integrated address per swap and never touches the customer's spend key; the customer signs and broadcasts the deposit transaction themselves from their own wallet.
View Key vs Spend Key: Side-by-Side Comparison
The table below distils the practical differences. Use it as a checklist before you paste either value into any field, screen, or QR scanner.
| Capability | Private View Key | Private Spend Key |
|---|---|---|
| See incoming transactions | Yes | Yes (via derived view key) |
| See outgoing transactions | Only with imported key images | Yes |
| Decrypt amounts | Yes | Yes |
| Sign and broadcast transactions | No | Yes |
| Generate key images | No | Yes |
| Derive the other key | No | Yes (view key is derived from spend) |
| Safe to share with auditor | Yes | Never |
| Risk if leaked | Privacy loss, no fund loss | Total loss of funds |
| Stored in mnemonic seed | Derived, not stored | Yes |
| Rotatable | No | No (must move funds to new wallet) |
Note the asymmetry on the "Derive the other key" row. The spend key can produce the view key, but not vice versa. That one-way relationship is what makes the view key safe to publish in contexts where the spend key would be catastrophic.
How to Create a View-Only Wallet, Step by Step
The most common reason to think about these keys is to build a watch-only wallet — for example, on a phone that monitors a cold-storage balance held on an air-gapped laptop. Here is the workflow using the official monero-wallet-cli, although Feather Wallet, Cake Wallet, and MyMonero all offer GUI equivalents.
- On the offline machine, open your full wallet and run
viewkeyat the prompt. Copy the 64-hex string. Runaddressand copy the 95-character primary address. Do not export the spend key, the seed, or anything else. - Transfer the two strings to the online device by QR code or air-gapped USB. Never type the spend key or seed on the online machine.
- On the online machine, run
monero-wallet-cli --generate-from-view-key <name>. When prompted, paste the address and the private view key. Set a strong wallet password. - Let the wallet sync from the chain height your funds were first received. You will see incoming transactions appear with correct amounts. Outgoing transactions will show as "(unknown sent)" until you import key images.
- To reconcile outgoing balances, periodically run
export_key_imageson the offline wallet andimport_key_imageson the online one. This shares no spending power — only the fact that certain outputs have already been spent.
The view key answers the question "what came in?" The spend key answers the question "what can leave?" If a service ever asks you to answer the second question, walk away — no honest workflow requires it.
Real-World Scenarios for Each Key
Concrete examples make the difference stick. Consider a small open-source project that accepts XMR donations. The maintainers publish their primary address and their private view key on the project's transparency page. Anyone can run a local view-only wallet, sync the chain, and independently verify how much the project has received this quarter. The maintainers retain exclusive control of the spend key on a hardware device, so no donor — and no future maintainer who leaves the project — can ever drain the fund. This is the classic donation-transparency pattern, and it is exactly what the Monero Community Crowdfunding System has used for years.
A different scenario: a freelance journalist living in a jurisdiction with strict capital-controls reporting wants to demonstrate to her tax advisor that her annual XMR income falls below a reporting threshold. She generates a view-only wallet on the advisor's audit laptop using her address and view key, lets it sync to the current block, and exports a CSV of decrypted incoming amounts. The advisor sees totals; she retains spending authority. If the relationship ends, she rotates funds to a fresh wallet — but only because she wants a clean separation, not because the advisor could ever have moved coins.
A third example involves recovery. Suppose a user's daily-driver phone is stolen, and the phone held a view-only wallet derived from a hardware-secured spend key. The thief gains the user's complete incoming transaction history — a real privacy loss, especially if the user receives recurring payments from identifiable counterparties — but cannot touch a single piconero. The user revokes nothing on chain (Monero has no revocation) and instead moves funds to a fresh address derived from a new seed. The old view key remains valid forever for whatever transactions it already saw, but the new wallet is invisible to it.
Across all three scenarios, the same property holds: the view key answers historical and present questions about money received; the spend key alone answers the question of where money can go next. MoneroSwapper's swap flow leans on the same property — customers receive XMR at addresses they control end-to-end, and at no point does the platform request a key that would let it spend on the customer's behalf.
FAQ
Can someone steal my Monero if they only have my view key?
No. The view key grants visibility into incoming transactions and amounts, but it does not allow signing, key-image generation, or any action that moves funds. A leaked view key is a privacy problem — every past and future deposit becomes visible to whoever has it — but the funds themselves remain controlled exclusively by the spend key.
Why can my view-only wallet not see outgoing transactions?
Because outgoing transactions are detected by matching key images, and key images can only be generated from the private spend key. The view-only wallet sees an output exist, but it cannot tell whether that output has since been spent. Importing a signed key-image file from the spending wallet bridges the gap and reconciles the balance.
Is the view key derived from the spend key, or are they independent?
In standard Monero wallets, the view key is deterministically derived from the spend key by hashing it with Keccak-256 and reducing the result modulo the Ed25519 group order. This is why the 25-word mnemonic seed only encodes the spend key — the view key falls out automatically. Some advanced setups use independent view keys, but every consumer wallet uses the derived form.
Should I back up both keys separately?
Backing up the seed (or the raw spend key) is sufficient, because the view key can always be regenerated from it. However, many users keep a separate copy of the view key in an auditor-accessible location precisely because doing so does not weaken their security posture. Treat the seed like cash and the view key like a read-only bank statement.
Can I rotate my view key if it leaks?
Not on its own. The view key is mathematically tied to the address, so rotating it requires generating a new wallet (new seed, new spend key, new address) and moving funds across. Plan for view-key leaks as permanent privacy events for that wallet's lifetime, and budget for a migration if exposure becomes intolerable.
Do hardware wallets like Ledger or Trezor handle the spend key differently?
Yes. On a Ledger or Trezor running the Monero app, the spend key never leaves the secure element. The host computer holds the view key (so it can scan the chain) and sends unsigned transactions to the device, which signs them internally. This is the cleanest physical embodiment of the key separation: the view key lives where convenience lives, and the spend key lives where security lives.
Conclusion
The view key and the spend key are not two halves of the same secret — they are two different secrets with two different jobs, and the protocol gains its most useful properties from refusing to merge them. Once the separation clicks, view-only wallets, audit workflows, donation transparency, and hardware-wallet architectures all stop feeling like clever hacks and start feeling like the obvious consequence of a thoughtful design. If you are setting up a new wallet today, write down the seed offline, derive a view key for any device that does not need to spend, and never paste either value into a field you cannot identify with certainty. When you are ready to acquire XMR for that wallet, MoneroSwapper offers no-KYC swaps from major assets straight to an address you control, with no request for any key at any point in the flow — which, after reading this guide, is exactly the behaviour you should expect from any service worth using.
🌍 Read in