The developers of privacy-centric cryptocurrency, Monero have identified a “rather significant” bug in the algorithm that could allow for transaction destinations to be identified.
According to a Twitter thread by the developers:
“If users spend funds immediately following the lock time in the first 2 blocks allowable by consensus rules (~20 minutes after receiving funds), then there is a good probability that the output can be identified as the true spend. “
The developers also stated on Twitter that:
This does not reveal anything about addresses or transaction amounts. Funds are never at risk of being stolen. This bug persists in the official wallet code today.