The thing is the exchange would know you came in with x coin at address x, and left with y coin with y address.
If you went to another exchange then changed it again after... maybe more anonymous. But mining direct into a wallet I think would beat it even on being anonymous.
But beyond that it's untraceable once you're on the Monero blockchain. In other words, in the following example it is pretty much untraceable when using Tor:
1. Create a Monero account with
https://mymonero.com2. Go to
https://shapeshift.io and tell it you want to convert from BTC to XMR (to your MyMonero address) for your amount plus a little extra. To give you an example, ShapeShift tells me 1 BTC = 481.9701 XMR right now.
3. Go to
https://xmr.to and use their rate to convert your XMR (less, say, 0.03 XMR for a 3kb mining fee) to the BTC equivalent and pay your destination BTC address. Using my example, the 481.9401 XMR is worth 0.959060799 BTC (so slippage is just over 4%)
4. Pay the XMR address and payment ID provided by xmr.to using a relatively high mix-in value on MyMonero
It doesn't matter whether MyMonero is subpoenaed and has to submit your viewkey, or ShapeShift is hacked, or anything like that. The connection from MyMonero to xmr.to cannot be traced or reversed. For added goodness you could send the coins to yourself on MyMonero, or to multiple MyMonero accounts, all providing an additional break in the chain. To understand why this works it is good to familiarise yourself with the way Monero works, perhaps starting with the LetsTalkBitcoin podcast on the subject:
https://letstalkbitcoin.com/blog/post/ltb-e202-understanding-moneroMining is quite out of reach to most, and it actually doesn't help that much - you still need to use your coinbase UTXOs to make a payment, and that's the part that's at-risk.
Nobody claimed Monero was "100% anon", from a cryptographic perspective. In other news, your Bitcoin private keys can be brute-forced and aren't "100% safe". Also, 2048-bit AES encryption isn't "100% uncrackable". All three of these examples deal with
cryptographically negligible scenarios, which is what andytoshi refers to in that StackExchange post when he says that Monero's anonymity is "weaker than total anonymity". The step from Monero's cryptographically untraceable (ie. for incoming transactions there are many possible senders whose involvement is equiprobable) and unlinkable (ie. for any two outgoing transactions it is impossible to prove they were sent to the same person) transactions to "total anonymity" is VERY slight, and thus the amount of "weakness" is important
only from the perspective of cryptographic absolutes, and only under certain models as well (the random oracle model, in particular). The cryptographic negligibility is only for incoming transactions, and requires ownership of a substantial number of blockchain TXOs to even begin to hope to correctly choose the correct input signer from a group.
andytoshi and gmaxwell's AOS paper has, to some degree, been superseded by the observations made in a recent Monero Research Lab paper,
"MRL-0004: Improving Obfuscation in the CryptoNote Protocol".
