Lacksfish, an engineer at BTC.com, has highlighted a privacy vulnerability in how Monero selects decoy transactions after October's hard fork. The issue stems from an unintended consequence of bulletp
Lacksfish, an engineer at BTC.com, has highlighted a privacy vulnerability in how Monero selects decoy transactions after October's hard fork. The issue stems from an unintended consequence of bulletproofs, compact cryptographic proofs introduced in this month's upgrade.
Bulletproofs reduced transaction sizes, which slashed fees and allowed miners to pack more transactions into each block. That efficiency created an unexpected problem: when the mempool clears between blocks, miners produce empty blocks containing only the coinbase transaction—the new cryptocurrency created with each block. The decoy selection algorithm chooses transactions from random blocks to mix with a user's actual transaction, but when it lands on an empty block, the coinbase transaction becomes the only available option.
This bias toward coinbase decoys weakens Monero's privacy. Coinbase transactions from mining pools leave clear traces on the blockchain. An observer running analysis can often identify which transaction is being spent. Lacksfish's GitHub issue showed the vulnerability in practice: analysis can reduce the number of candidates from ten down to three.
Monero developers merged a fix and released an updated CLI wallet. Other wallets including MyMonero and Cake Wallet have not yet incorporated the correction. The changes to the decoy algorithm had been in the codebase for months without broader community attention, suggesting developers didn't anticipate how empty blocks would interact with the selection process.
Research has documented these weaknesses. A paper titled "An Empirical Analysis of Traceability in the Monero Blockchain" identified ring signature problems, and Monero's team has acknowledged that decoy selection needs continued improvement. Some potential improvements mentioned in earlier drafts of the research had entered the codebase before publication.
Coinbase transactions rank among the least private on Monero's network because mining pools make public payouts. This public record means an analyst trying to trace coins can often ignore coinbase transactions—a tactic that in some cases reduced candidate transactions from ten to three.
The limited community discussion about this issue stands out. It appears to be a relatively avoidable privacy problem that entered the codebase with minimal input from the wider ecosystem. The disconnect between academic research and real-world network behavior may have kept developers from spotting it sooner.
Monero's market value exceeds one billion dollars. Exchanges and other major entities moving significant transaction volume need to implement the corrected decoy selection algorithm. Because decoy selection isn't consensus-critical, some large platforms may delay upgrading or skip it altogether. Greater community engagement could pressure these entities to prioritize the improvement.
Monero's developers have done solid work advancing privacy protections over recent years. But a gap persists between theoretical research and practical risk analysis on a network this valuable. The experimental character of the cryptocurrency space demands caution, but it also calls for more discussion about how protocol changes affect the privacy guarantees users depend on. Lacksfish brought this issue to light, pushing the community toward the conversation it should have had sooner.
