Developers of privacy-oriented cryptocurrency Monero (XMR) have identified a bug that could potentially impact users’ transaction privacy.
On Monday, the official Monero Twitter account warned users of a “rather significant bug” that has been spotted in Monero’s decoy selection algorithm, a system designed to hide real output transactions among 10 decoys in a ring.
First identified by software developer Justin Berman, the bug causes a sufficient probability that users’ output transactions can be identified as the true spend among decoys if users spend funds immediately following lock time in the first two blocks, or 20 minutes after receiving funds.
The developers emphasized that the bug does not pose a risk to any information about addresses or transaction amount but rather only allows to trace the occurrence of an XMR transaction. “Funds are never at risk of being stolen. This bug persists in the official wallet code today,” Monero developers noted.
According to an XMR contributor on Reddit, the newly discovered bug impacts transactions that are from the past. To mitigate the potential privacy risks, Monero developers recommended waiting one hour or longer before spending newly received XMR until the community rolls out a fix in a future wallet software update to mitigate the potential privacy risks. A full network upgrade, or a hard fork, is not required to address this issue, the developers noted.
Launched in 2014, XMR is a major privacy-focused cryptocurrency designed to support secure, private and untraceable transactions, using a special type of cryptography to ensure that all its transactions remain 100% untrackable and unlinkable. Monero is the 29th largest cryptocurrency by market capitalization and is the biggest privacy-centric digital currency by value. At the time of writing, XMR is trading at $222, down 3.8% over the past 24 hours, according to data from CoinGecko.
As previously reported by Cointelegraph, multiple global financial regulators have attempted to crack Monero’s privacy. Last year, the United States Internal Revenue Service offered a bounty of up to $625,000 to anyone who can trace Monero transactions.