The developers of privacy-focused cryptocurrency Monero (XMR) have disclosed a “rather significant” bug that could impact user’s privacy transactions, according to a Twitter post on Tuesday.
US software developer Justin Berman identified the bug was in Monero’s decoy selection algorithm. It happens when a user spends their funds received in a transaction before roughly 20 minutes has passed. There is a good probability that the algorithm will identify the output as the true transaction.
“This does not reveal anything about addresses or transaction amounts. Funds are never at risk of being stolen. This bug persists in the official wallet code today,” Monero said.
Users can substantially mitigate the risk to their privacy by waiting 1 hour or longer before spending their newly Monero. It will fix it in a future wallet software update. An entire network upgrade (hard fork) is not required to address this bug.“Today if a user spends an output right in the block that it unlocks, and the output was originally created in a block that has fewer than 100 output total in it, their real output would be clearly identifiable in the ring,” U.S software developer Justin Berman said who first spotted the bug.
Also Read: Kaseya Denies Paying Ransom to Obtain The New Universal Decryptor
He further explained that Monero’s currently yearly average is around 63 outputs per block; therefore, “outputs that are spent immediately when they unlock are likely identifiable in rings today.”
“The Monero Research Lab and Monero developers take this matter very seriously. We will provide an update when wallet fixes are available,” the developers concluded.
