Bug Found in Decoy Algorithm for Privacy Coin Monero
"This does not reveal anything about addresses or transaction amounts ... This bug persists in the official wallet code today," Monero said.
Updated Sep 14, 2021 at 1:31 p.m. UTC
A "significant" bug, with the potential to expose users' transactions, has been spotted in monero, a cryptocurrency that's known for providing users privacy, according to a Twitter post on Tuesday.
- The bug was identified in Monero's decoy selection algorithm. It occurs when a user spends their funds received in a transaction before roughly 20 minutes has passed.
- There is a "good probability" the output of the new transaction can be identified as the true transaction, according to the tweet.
- XMR allows users to conceal their transactions by including worthless coins known as “mixins” along with the actual coins they spend in a given transaction.
- "This does not reveal anything about addresses or transaction amounts ... This bug persists in the official wallet code today," Monero said.
- Users may avoid the bug altogether by waiting one hour or more before spending their newly received monero until a fix is implemented in a future wallet software update.
- A hard fork is not required to fix the bug, Monero said.
- U.S. software developer Justin Berman first spotted the bug.