Monero devs disclose a huge bug in the privacy algorithm code that allows onlookers to pinpoint real transactions among the fake ones so let’s read more in our latest Monero news today.
The Monero devs disclose a huge bug that could impact the privacy of the users’ transactions as one of them tweeted:
“If users spend funds immediately following the lock time in the first 2 blocks allowable by consensus rules (~20 minutes after receiving funds), then there is a good probability that the output can be identified as the true spend.”
A rather significant bug has been spotted in Monero's decoy selection algorithm that may impact your transaction's privacy. Please read this whole thread carefully. Thanks @justinberman95 for investigating this bug.
— Monero || #xmr (@monero) July 27, 2021
The bug investigated by software developer Justin Berman was discovered in Monero’s decoy algorithm section and results in “next to 0 change of selecting extremely recent outputs as decoys.” This means that if one user spends their XMR tokens 20 minutes after receiving them, it is probable that their transaction can be identified as the real one among the fake ones. Berman noted:
“Today, if a user spends an output right in the block that it unlocks, and the output was originally created in a block that has fewer than 100 outputs total in it, their real output would be clearly identifiable in the ring.”
He further explained that Monero’s yearly advantage is around 63 outputs per block and these outputs are spent right after when they unlock are identifiable in rings today. According to the developers, the bug is present in Monero’s official wallet software update but a fix would not require a hard fork as a full network upgrade on the blockchain they pointed out. Additionally, the bug poses no threat to users’ funds.
The developers explained that users that do not want to compromise their privacy should wait an hour before transacting the coins that they received recently:
“This does not reveal anything about addresses or transaction amounts. Funds are never at risk of being stolen. The Monero Research Lab and Monero developers take this matter very seriously. We will provide an update when wallet fixes are available.”
Last time we spoke about Monero we saw that The Taiwanese multinational hardware company Acer was the latest popular organization to fall victim to the popular ReVil ransomware attack and according to the reports, the perpetrators requested one of the biggest demands for $100 million in Monero-XMR.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]