Monero developers have spotted a significant bug in the token’s decoy selection algorithm that could break a transaction’s privacy. The team behind privacy coin shared the alarming finding in a tweetstorm on Tuesday.
First reported by developer Justin Berman, the privacy breaching glitch currently persists in Monero’s official wallet code. Berman came across the issue when he found that if a user spends XMR tokens within 20 minutes of receiving them, the transaction destination will likely be identified.
Monero’s community is understandably concerned about the network’s security and the possibility of a privacy breach. However, the company has assured its users that it is taking the issue very seriously. It has also highlighted that the bug doesn’t specify addresses and transaction amounts, and funds transferred on its platform are never at the risk of being stolen.
For the time being, Monero’s developers are working on a software update to patch the issue. They have also ruled out a full-fledged network upgrade, or hard fork at this point.
To mitigate any potential risk to privacy, owners of XMR tokens have been advised to wait for an hour or even longer before they spend their newly received funds.
Created in 2014, Monero is a privacy-focused currency, which allows people to store and send digital assets anonymously. It is notorious for its presence on the dark web since it makes any illicit transfers completely untraceable. Last year, the Inland Revenue Service announced a $625,000 bounty for anyone who breaks the network’s anonymity. So far, that bounty hasn’t been claimed.