Roughly half of newly minted XMR holders still paste an exchange deposit address into the receive-field of a swap — and instantly annul the privacy they paid the spread for. The fix is a one-time wallet pick, and there are six options worth considering in 2026: Monero GUI, Feather, Cake, Stack, Monerujo on Android, and a hardware-wallet pairing (Ledger Nano X / S Plus, or Trezor Safe 5 / Model T) signing for one of the desktop wallets. Everything else is either custodial, abandoned, or actively suspect. This guide picks the right one for your setup and explains the FCMP++ readiness check you need before the upgrade.
If you landed here from the BTC to XMR walkthrough, this is the wallet-side companion piece — the destination field on every Monero swap.
What to look for in a Monero wallet
Not every wallet that says “supports XMR” actually preserves the privacy properties Monero is built for. The shortlist below comes from a small set of non-negotiable criteria.
Non-custodial. Your seed is yours. If a service holds the keys, it can freeze your balance and link your deposits to a known identity — same problem as an exchange, with extra steps.
Open-source. Every wallet recommended here publishes its full source. That doesn’t make it safe by itself, but it makes audits possible and supply-chain attacks harder to hide.
View-key model. Monero gives wallets a view key to scan the chain for incoming outputs. A safely designed wallet either scans locally or, if it uses a remote node, never shares the view key beyond what’s necessary. Web wallets typically share more than they should.
Local block scanning, or remote-node-over-Tor. A wallet that pings a single hosted server with your view key and your IP is leaking metadata even if your transactions are unlinkable on-chain. Either scan locally, or route remote-node traffic through Tor or i2p.
FCMP++ readiness. Monero’s biggest 2026 upgrade replaces ring signatures with full-chain membership proofs. Every wallet on this list is on the upgrade path; the question is whether your installed version is current when the fork activates.
A subaddress is free. Use a fresh one for every incoming swap — that’s the single highest-leverage Monero habit.
Desktop — Monero GUI and Feather
If you’re serious about XMR, your primary wallet should live on a desktop. Mobile is convenient; desktop is auditable.
Monero GUI
The official reference wallet, shipped by the Monero project itself. Runs a full node by default — around 200 GB of disk and a few hours of initial sync — and gives you the strongest possible isolation: no remote-node operator sees your queries, because there isn’t one. You can also point it at a remote node if you want a quicker setup; in that case route the connection through Tor.
Best for: long-term holders, anyone running a node anyway, and the desktop side of a hardware-wallet setup.
Caveats: heavier than alternatives. If you have a small SSD or you’re on a laptop you carry around, the full-node mode is overkill.
Feather Wallet
The lightweight desktop alternative. Feather connects to a curated set of remote nodes over Tor by default, scans the chain client-side, and stays Monero-only — which is exactly the right scope. Built by Monero contributors, audited multiple times, and the de-facto choice for desktop users who don’t want to run a full node.
Best for: privacy-first desktop users who want quick setup, anyone who values a smaller attack surface, and as the desktop driver for a Ledger or Trezor.
Caveats: still depends on remote nodes for blockchain data. The Tor routing closes the obvious metadata leak, but a local node is strictly better if you can afford the disk.
Mobile — Cake Wallet, Stack Wallet, Monerujo
Mobile wallets exist for one job: receiving and spending in situations where pulling out a laptop isn’t realistic. Treat them as the hot-wallet portion of your XMR balance, not the vault.
Cake Wallet
Mobile-first (iOS and Android, plus a desktop build), open-source, non-custodial, and multi-coin. Connects to Cake-operated remote nodes by default and supports custom node connections if you’d rather route to your own. Subaddress generation is one tap, which matters a lot for swap recipients.
Best for: receiving swap payouts on the go, sending small XMR amounts, anyone who needs a phone wallet without going custodial.
Caveats: multi-coin support means a wider attack surface than a Monero-only wallet, and the default node is operated by the wallet team — fine for most threat models, worth changing for serious ones.
Stack Wallet
Cross-platform multi-coin wallet (desktop and mobile), open-source, with a Tor toggle for node connections. Good UI, active development, and works well for users who want a single wallet across multiple chains.
Best for: users who hold XMR alongside BTC and a few other coins and want one app to manage all of them.
Caveats: same multi-coin trade-off as Cake — the wider the supported chain list, the more code surface. If XMR is most of what you hold, a Monero-only wallet is the better call.
Monerujo
Android-only, Monero-only, open-source. Long-running, well-maintained, with first-class hardware-wallet support (it pairs with a Ledger directly from the phone) and the ability to connect to any node you choose.
Best for: Android users who want a phone-side equivalent of Feather — narrow scope, mature codebase, hardware-wallet friendly.
Caveats: Android-only, no iOS build. If you’re on iPhone, Cake is the choice.
Hardware — Ledger and Trezor
A hardware wallet stores your private keys in a chip that never exposes them to your computer. To use it with Monero, you pair it with a desktop wallet (Monero GUI or Feather are the two clean options) that handles block scanning while the device handles signing.
Ledger Nano S Plus and Nano X
Both pair with Monero GUI, CLI, Cake, Feather, and Monerujo. Setup is straightforward: install the Monero app via Ledger Live, then connect it in your desktop wallet of choice. The Nano X adds Bluetooth and a larger battery; the S Plus is cheaper and USB-only. Either is fine — pick on price and form factor, not on Monero compatibility.
Trezor Safe 5, Safe 3, and Model T
The Trezor Safe 5 is the current flagship, the Safe 3 is the cheaper alternative, and the Model T is the older but still-supported model. All three pair with Monero GUI, CLI, and Feather. Open-source firmware, which Ledger’s isn’t — the trade-off you’re making is a more transparent stack at slightly higher cost.
FCMP++ firmware check
Before you sign a Monero transaction after the FCMP++ fork activates, check three things: your hardware-wallet firmware is on the FCMP++-compatible release, your companion desktop wallet is on a matching version, and the transaction you’re about to confirm is using the new format. Wallet vendors will prompt you to update — don’t dismiss those prompts. Signing a post-fork transaction on stale firmware is the failure mode to avoid.
Sending swapped XMR to an exchange deposit address recreates the link you paid the spread to break. Receive into a wallet you control, on a fresh subaddress, every time.
Web and light wallets — handle with care
MyMonero and similar web-hosted light wallets are convenient — open a browser, paste a seed, see your balance. The price is that you hand a third party your view key. They can see every incoming output and link it to your IP. That’s not catastrophic if you’re using a wallet for tiny balances and short-lived spending, but it’s not where your post-swap XMR should land.
If you want light-wallet convenience with stronger privacy, Feather is the answer: it gives you the same scan-the-chain-from-your-laptop feel without uploading your view key to a server you don’t control.
The exchange-wallet trap
The single most common privacy mistake with Monero swaps is sending the output straight to a centralized-exchange deposit address. Kraken, Binance, KuCoin, Coinbase — every one of them keeps an internal ledger of which user deposited what and when. The moment your swapped XMR lands on an exchange address, the chain of identification you broke by swapping into Monero is rebuilt by the exchange’s internal records.
If you eventually want to convert XMR back to fiat or to another asset, you can deposit later from your own wallet — but treat that as a separate decision, not as the destination for the swap itself. The private swap flow on SwapZilla is designed around this assumption: the destination is your wallet, not a custodian’s.
Subaddress hygiene and the FCMP++ transition
Two habits do most of the privacy work in 2026.
Fresh subaddress per incoming payment. Every wallet on this list generates subaddresses on demand. Use a new one for each swap, each invoice, each donation. On the Monero chain, two subaddresses owned by the same wallet look completely unrelated — but if you reuse the same address across receipts, you give chain-analysis tools a free grouping signal even though the sender side stays private.
Stay on a current build through the fork. FCMP++ changes the transaction format. Wallets that ship the upgrade in time keep working seamlessly; abandoned wallets stop being able to send post-fork transactions. Stick to the actively maintained options — every wallet recommended above qualifies — and apply updates when prompted.
The Monero-anonymity surface is broader than this guide can cover; the Monero privacy posture in 2026 walkthrough goes deeper into the threat model.
Migrating XMR off a hot wallet onto cold storage
Once your XMR balance is large enough that losing it would hurt, move it. The path is straightforward.
First, set up the hardware wallet (Ledger or Trezor) following the official instructions and pair it with your chosen desktop wallet (Monero GUI or Feather). Second, generate a fresh receive subaddress on the hardware-backed wallet. Third, send a tiny test transaction from your hot wallet to that subaddress — wait for confirmations and verify the balance shows up. Only after that test succeeds, move the bulk of your funds in a second transaction.
Keep the seed for the hardware wallet on paper, in two physically separate locations, and never type it into anything that touches the internet. Test recovery once on a clean device before you trust the setup with real balances.
What to avoid
A few patterns that keep coming up and destroy the privacy gains of swapping into XMR.
- Reusing the same subaddress across many swaps. Cheap to fix, expensive to ignore.
- Sending the output to a CEX. Re-links the funds to your verified identity. Receive to your own wallet first, always.
- Importing a seed into a web wallet you don’t control. Your view key is now on someone else’s server.
- Ignoring firmware update prompts on a hardware wallet. During the FCMP++ window, this is how transactions silently fail.
- Storing the seed on a phone screenshot or in a password manager that syncs to the cloud. Defeats the purpose of a hardware wallet.
Quick comparison
| Wallet | Platform | Open-source | Default routing | Multi-coin | Hardware-wallet support |
|---|---|---|---|---|---|
| Monero GUI | Desktop | Yes | Local node or Tor remote | No (XMR-only) | Ledger, Trezor |
| Feather | Desktop | Yes | Tor remote | No (XMR-only) | Ledger, Trezor |
| Cake | iOS, Android, Desktop | Yes | Cake remote node | Yes | Ledger |
| Stack | Desktop, Mobile | Yes | Tor toggle | Yes | Limited |
| Monerujo | Android | Yes | Configurable | No (XMR-only) | Ledger |
Pick on platform first, then on scope: Monero-only beats multi-coin if XMR is most of what you hold. Once you’ve picked, the rest is habit — fresh subaddresses, current firmware, and a destination that isn’t an exchange.