A “significant” bug, with the potential to expose users’ transactions, has been spotted in monero (XMR), a cryptocurrency that’s known for providing users privacy, according to a Twitter post on Tuesday.
- The bug was identified in Monero's decoy selection algorithm. It occurs when a user spends their funds received in a transaction before roughly 20 minutes has passed.
- There is a "good probability" the output of the new transaction can be identified as the true transaction, according to the tweet.
- XMR allows users to conceal their transactions by including worthless coins known as “mixins” along with the actual coins they spend in a given transaction.
- "This does not reveal anything about addresses or transaction amounts ... This bug persists in the official wallet code today," Monero said.
- Users may avoid the bug altogether by waiting one hour or more before spending their newly received monero until a fix is implemented in a future wallet software update.
- A hard fork is not required to fix the bug, Monero said.
- U.S. software developer Justin Berman first spotted the bug.