Software Developer Discovers Privacy Bug Affecting Monero’s Decoy Algorithm
Users' privacy are no longer guaranteed on privacy-focused cryptocurrency protocol Monero (XMR) due to the presence of a software bug in its decoy selection algorithm.
Users Who Spend Monero Faster At More Risk Of Exposure
According to a statement made by Monero (XMR), the bug was investigated by software developer Justin Berman. The bug, which reveals a real transaction from hundreds of decoys, only affects funds spent within two blocks, that is, roughly 20 minutes after they are received.
This means that users who spend their funds within that time limit are at risk of having the destination of the funds sent become discoverable.
However, Monero noted that the bug does not reveal the sender and receiver wallet addresses or transaction amounts. The decentralized privacy protocol also stated that user funds are not at risk of being stolen.
Monero enables users to hide their transactions by including worthless coins known as “mixins” along with the actual coins they spend in a given transaction.
In order to mitigate the risk of compromising users’ privacy, the team advised that users wait at least an hour or more before spending their newly-received XMR coins.
This should be done pending the time a fix is implemented in a future wallet software update.
“A full network upgrade (hard fork) is not required to address this bug. The Monero Research Lab and Monero developers take this matter very seriously. We will provide an update when wallet fixes are available.” the firm added.
Monero: A Dark Web Choice
Monero’s privacy and anonymous features have made it the first choice for individuals of the underworld. These bad actors use Monero because it exempts them from tracking tools and mechanisms, unlike other blockchain platforms which are transparent.
The coin was created in 2014 by a group of developers with the aim of concealing virtually all transaction details. The privacy token which operates on its own blockchain, hides the identity of the sender and receiver, alongside the transaction amount itself.
The largest fuel pipeline in the US, Colonial Pipeline, was rumored to have paid ransom in Monero to Russian group DarkSide after it was attacked.
Over the years, Monero has been highly used on dark web marketplaces. Earlier this year, German authorities seized DarkMarket, the largest illegal dark web market in the world. Upon investigations, they discovered Bitcoin and Monero, were the most used coins on the platform. The cryptocurrencies were used to buy drugs, stolen personal data, malware, and other illicit products according to Bloomberg.
Regulators have tried to put an end to Monero by cracking its privacy code. In September 2020, the US Internal Revenue Service offered a $625,000 bounty to anyone who can break Monero’s anonymity.
The agency called for submissions in the form of working prototypes of applicants with a working concept of cracking Monero. However, the bounty is yet to be redeemed.