12 Oct 2023 | Updated 2023-22-17 [wallets] [pinned]

Rucknium urges Monero users of Exodus Desktop wallet to update for 'privacy fix'

Rucknium1 has posted a PGP signed privacy advisory2 in which he urges XMR users of the Exodus Desktop3 wallet to update to the latest version (23.10.10+) in order to avoid the privacy impact of unusual fees:

Prior to version 23.10.10, which was released on October 10, 2023, Exodus Desktop wallets produced unusual fees when creating Monero transactions. I suggest all Exodus Desktop users to update their software to version 23.10.10 or later before making their next Monero transaction [..] Transactions that use unusual fees distinguish themselves from the rest of transactions on the blockchain.

Rucknium discovered the issue after the release of desktop version 22.8.264 and reported it to Exodus on September 4, 2023 through HackerOne.

Note that the Exodus Mobile wallet is also affected, but a patched version is yet to be developed and released.

To learn more about how this issue can affect the privacy of Monero and help test other wallet implementations that produce nonstandard fees, consult Rucknium’s research files56.

To support Rucknium’s ongoing research work, you can donate7 XMR, WOW, BCH, or BTC.

This is an ongoing story and the report will be updated when new information is available.


Update 23/10/19: ‘Just a week after Exodus wallet privacy fix, the number of Monero transactions with the nonstandard fee has been cut in half’ (Rucknium)8.

Update 23/11/17: Rucknium reported that the newest version of the Exodus Mobile wallet ‘seems to be producing standard fees now’9.