Monero has recently came under fire after a serious bug has been discovered by ‘justinberman95’.
On a twitter thread, the creators of Monero have published that the bug is a decoy selection algorithm that may impact Monero transaction’s privacy. If users send funds right away after receiving them, than that output can be identified. This bug apparently affects all of Monero wallets.
The Monero dev team is advising all users that until a fix will be implemented in a new update, to all users to wait at least an hour before re sending their funds.
HugBunter has published a simple Q/A addressing some of the questions users have:
Q: Am I affected? Unless you have a habit of spending immediately after your balance unlocks, no. Q: What can I do to make sure I am not affected by the bug? The bug only affects transactions that are created within 20 minutes (on average) after your balance unlocks. Wait at least 20 minutes before spending, preferably more. Q: How many transaction are affected in total? Less than 1%. Q: Does this bug reveal transaction amounts, my address or who I'm sending money to? No. It can only reveal which output was likely spent in a transaction. This information is useless without knowledge of who owned that output. Q: Are all Monero wallets affected? Yes. The bug exists in the core Monero wallet implementation, all Monero wallets use this. Q: Do I need to update my wallet as soon as a new update is released? Yes, even if your spending patterns are not affected by the bug. The fix for this issue will create a transaction uniformity defect, increasing the probability to correctly guess if a transaction was constructed using the old or new client. By updating your wallet you make sure that your transactions are constructed like most others. Q: When will a fix for this issue be released? As soon as possible.