Bug Found in Decoy Algorithm for Privacy Coin Monero

A “significant” bug, with the potential to expose users’ true transactions, has been spotted in the privacy-centric cryptocurrency monero (XMR), according to a Twitter post on Tuesday.

• The bug, identified in Monero’s decoy selection algorithm, occurs when a user spends their funds received in a transaction before roughly 20 minutes has passed.

• There is a “good probability” the output of the new transaction can be identified as the true transaction, according to the tweet.

• XMR allows users to conceal their transactions by including worthless coins known as “mixins” along with the actual coins they spend in a given transaction.

• “This does not reveal anything about addresses or transaction amounts … This bug persists in the official wallet code today,” said Monero.

• Users may avoid the bug altogether by waiting one hour or more before spending their newly-received monero until a fix is implemented in a future wallet software update.

• A hard fork is not required to fix the bug, Monero said.

• U.S. Software developer Justin Berman first spotted the bug.

Related Stories

• ¿Qué es el hashrate y por qué importa?

• Bitcoin Privacy Wallet Wasabi Lays Out Roadmap for Version 2.0

• Gaze Into the Orb to Collect Your Worldcoin

• Why I’m Skeptical of FATF’s ‘Extreme Right Wing’ Watch