Bug Found in Decoy Algorithm for Privacy Coin Monero
A “significant” bug, with the potential to expose users’ true transactions, has been spotted in the privacy-centric cryptocurrency monero (XMR), according to a Twitter post on Tuesday.
The bug, identified in Monero’s decoy selection algorithm, occurs when a user spends their funds received in a transaction before roughly 20 minutes has passed.
There is a “good probability” the output of the new transaction can be identified as the true transaction, according to the tweet.
XMR allows users to conceal their transactions by including worthless coins known as “mixins” along with the actual coins they spend in a given transaction.
“This does not reveal anything about addresses or transaction amounts … This bug persists in the official wallet code today,” said Monero.
Users may avoid the bug altogether by waiting one hour or more before spending their newly-received monero until a fix is implemented in a future wallet software update.
A hard fork is not required to fix the bug, Monero said.
U.S. Software developer Justin Berman first spotted the bug.