Software developer Justin Berman is investigating a privacy issue with the cryptocurrency Monero (XMR), exposing a bug.
The Monero development team confirms that the bug, which could compromise privacy by revealing the target destination of transferred funds, lies in the cryptocurrency’s “decoy selection algorithm.”
“A rather significant bug has been spotted in Monero’s decoy selection algorithm that may impact your transaction’s privacy.”
According to the development team, the destination of funds is identifiable if a user spends funds within approximately 20 minutes after receiving those funds.
“If users spend funds immediately following the lock time in the first 2 blocks allowable by consensus rules (~20 minutes after receiving funds), then there is a good probability that the output can be identified as the true spend.”
Despite the discovery, Monero says the bug does not compromise the safety of a user’s funds.
“This does not reveal anything about addresses or transaction amounts. Funds are never at risk of being stolen. This bug persists in the official wallet code today.”
The team plans to give an update as soon as it finds a solution.
“The Monero Research Lab and Monero developers take this matter very seriously. We will provide an update when wallet fixes are available.”
In the meantime, the team is advising users to wait at least an hour before spending any XMR that has just landed in a crypto wallet.
“Users can substantially mitigate the risk to their privacy by waiting 1 hour or longer before spending their newly-received Monero, until a fix can be added in a future wallet software update. A full network upgrade (hard fork) is not required to address this bug.”
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Featured Image: Shutterstock/Think_About_Life