Bug Found in Decoy Algorithm for Privacy Coin Monero

Bug Found in Decoy Algorithm for Privacy Coin Monero

A “significant” bug, with the potential to expose users’ transaction details, has been spotted in the privacy-centric cryptocurrency monero (XMR), according to a Twitter post on Tuesday.

  • The bug, identified in Monero's decoy selection algorithm, occurs when a user spends their funds received in a transaction before roughly 20 minutes has passed.
  • There is a "good probability" the output of the new transaction can be identified as the true transaction, according to the tweet.
  • XMR allows users to conceal their transactions by including worthless coins known as “mixins” along with the actual coins they spend in a given transaction.
  • "This does not reveal anything about addresses or transaction amounts ... This bug persists in the official wallet code today," said Monero.
  • Users may avoid the bug altogether by waiting one hour or more before spending their newly-received monero until a fix is implemented in a future wallet software update.
  • A hard fork is not required to fix the bug, Monero said.
  • U.S. Software developer Justin Berman first spotted the bug.
  • Source