Bug Found in Decoy Algorithm for Privacy Coin Monero

viktor-forgacs-follow-me-611319-unsplash-e1537374907510
27 July 2021

A “significant” bug, with the potential to expose users’ transactions, has been spotted in monero (XMR), a cryptocurrency that’s known for providing users privacy, according to a Twitter post on Tuesday.

  • The bug was identified in Monero's decoy selection algorithm. It occurs when a user spends their funds received in a transaction before roughly 20 minutes has passed.
  • There is a "good probability" the output of the new transaction can be identified as the true transaction, according to the tweet.
  • XMR allows users to conceal their transactions by including worthless coins known as “mixins” along with the actual coins they spend in a given transaction.
  • "This does not reveal anything about addresses or transaction amounts ... This bug persists in the official wallet code today," Monero said.
  • Users may avoid the bug altogether by waiting one hour or more before spending their newly received monero until a fix is implemented in a future wallet software update.
  • A hard fork is not required to fix the bug, Monero said.
  • U.S. software developer Justin Berman first spotted the bug.
Disclosure
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Read more

Bugs Monero Privacy XMR