Despite being considered by many to be the most privacy-focused cryptocurrency, Monero has revealed the discovery of a bug in its wallet code that may jeopardize users’ privacy.
The bug means that XMR recipients could have the transaction amount of their received XMR displayed to the public when they spend the asset within the first 20 minutes after receiving the funds. The transaction value could be recorded as the “true spend,” and accessible to others.
The bug was first spotted by a software developer known as Justin Berman, who took to his Twitter account to notify other Monero enthusiasts about the unfortunate development. Berman also filed the complaint on Monero’s issue section of GitHub.
A rather significant bug has been spotted in Monero’s decoy selection algorithm that may impact your transaction’s privacy. Please read this whole thread carefully. Thanks @justinberman95 for investigating this bug.
— Monero || #xmr (@monero) July 27, 2021
Notably, this issue mostly occurs when users spend received XMR following the lock time in the first 2 blocks allowable by the project’s consensus rules.
Monero Addresses Users’ Fears
Although the issue could prompt many Monero enthusiasts to believe that the project is losing its privacy prowess, Monero has assured its users that the bug does not reveal any other details aside from the transaction amount of spent funds received within 20 minutes.
“This does not reveal anything about addresses or transaction amounts. Funds are never at risk of being stolen,” the update noted.
While the Monero Research Lab, in collaboration with its developers, is working to provide a permanent fix for the bug, users are advised to wait a minimum of one hour before spending received XMR coins. A fix is expected for a subsequent wallet update.
Monero has long been considered the most popular privacy-focused coin by the crypto community as well as traditional financial experts. With the bug found in the wallet code, developers will be hoping to engineer a fix before it escalates.
The team could speed up the release of a possible fix by using part of its General Fund, which recently received a generous $500,000 donation of XMR tokens.
Affiliate: Get a Ledger Nano X for $119 So That Hackers Won't Steal Your Crypto!