Markets
Share this article

Bug Found in Decoy Algorithm for Privacy Coin Monero

"This does not reveal anything about addresses or transaction amounts ... This bug persists in the official wallet code today," Monero said.

By Sebastian Sinclair
Updated Sep 14, 2021, 1:31 p.m. Published Jul 27, 2021, 6:36 a.m.
jwp-player-placeholder

A "significant" bug, with the potential to expose users' transactions, has been spotted in monero, a cryptocurrency that's known for providing users privacy, according to a Twitter post on Tuesday.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

  • The bug was identified in Monero's decoy selection algorithm. It occurs when a user spends their funds received in a transaction before roughly 20 minutes has passed.
  • There is a "good probability" the output of the new transaction can be identified as the true transaction, according to the tweet.
  • XMR allows users to conceal their transactions by including worthless coins known as “mixins” along with the actual coins they spend in a given transaction.
  • "This does not reveal anything about addresses or transaction amounts ... This bug persists in the official wallet code today," Monero said.
  • Users may avoid the bug altogether by waiting one hour or more before spending their newly received monero until a fix is implemented in a future wallet software update.
  • A hard fork is not required to fix the bug, Monero said.
  • U.S. software developer Justin Berman first spotted the bug.

Read more: Monero-for-Bail Project Sees Increased Demand During Protests

PrivacyMoneroBugsXMR

More For You

Protocol Research: GoPlus Security

By CoinDesk Research
Nov 14, 2025
Commissioned byGoPlus
GP Basic Image

What to know:

  • As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
  • GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
  • Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report

More For You

Hut 8 stock surges 20% on Fluidstack AI data center deal

By James Van Straten, AI Boost|Edited by Stephen Alpher
51 minutes ago
Hut 8 (TradingView)

The bitcoin miner deepened its pivot into AI infrastructure with a $7 billion long term lease backed by Google.

What to know:

  • Hut 8 (HUT) signed a 15 year, $7 billion lease with Fluidstack for 245 MW of IT capacity at its River Bend campus, with three 5 year renewal options lifting potential contract value to about $17.7 billion.
  • Google is providing a financial backstop for the base lease term, while JPMorgan and Goldman Sachs are expected to lead up to 85% project level financing.
  • Hut 8 shares are up around 20% in pre-market trading.
Read full story