Zcash Vulnerability Permitting Infinite ZEC Counterfeiting Fixed and Disclosed

Published at: Feb. 5, 2019

A vulnerability that could have permitted an attacker to coin infinite Zcash (ZEC) has been patched and disclosed by the company behind the coin, a post on the official Zcash blog states on Feb. 5.

Ariel Gabizon, an engineer at the Zerocoin Electric Coin Company — the startup behind privacy-focused cryptocurrency Zcash — reportedly discovered the vulnerability the night before his talk at the Financial Cryptography 2018 conference in March 2018. Gabizon contacted Sean Bowe, a cryptographer at the Zcash Company, the same day.

A fix for the vulnerability was covertly included (to prevent exploitation) in the Sapling network upgrade adopted on Oct. 28, 2018. The bug was contained in the variant of zk-SNARKs — the kind of cryptography that grants anonymity to shielded Zcash transactions — and had been independently implemented by other projects.

Namely, Horizen (previously known as ZenCash) and Komodo blockchains both suffered from the same vulnerability. The Zcash team reportedly “disclosed the impact and fix path of this issue to Horizen’s” security team and Komodo’s developers via encrypted email in mid-November. The post declares:

“It appears that both Horizen and Komodo have taken appropriate actions per our recommendation.”

As Cointelegraph reported in March last year, American whistleblower Edward Snowden voiced concerns over Bitcoin’s long-term prospects citing its lack of privacy and defining Zcash as the most interesting altcoin on the market because of its anonymity features.

Also, in February 2018, an investment thesis by Grayscale Investments forecast that the value of Zcash could reach over $62,000 by 2025, assuming that the coin will represent 10 percent of all offshore wealth by that point.

Tags
Related Posts
New Privacy Coin Says It Solves Problem With Monero and Zcash
A new coin is hoping to provide stiff competition to rivals such as Monero and Zcash by delivering “the first fully private hybrid chain with staking.” DAPS, which stands for Decentralized Anonymous Payment System, says it has developed ground-breaking technology that properly addresses the issues seen in other privacy coins, resulting in a truly trustless setup. A trustless setup occurs when a user can create a wallet or node without any exchange of information with another user or node. Some privacy coins require you to “trust” the setup information given to you — and trust that the giver of that …
Blockchain / March 11, 2020
The remaining steps to mainstream institutional investment
It has been said that you only get one chance to make a first impression. Perhaps the best example of this old adage is the cryptocurrency space. From exit scams and money laundering, to unaudited code and high carbon footprints, the crypto landscape has spent the better part of the past decade scrubbing itself of its infamous past. For many, the sanitizing of the decentralized ecosystem was inevitable — simply a matter of when, not if. This mindset hindered the sense of urgency that should have been on display and may have ultimately contributed to the skepticism exhibited by mainstream …
Adoption / May 29, 2021
Wallet Creator Offers $250K to Anyone Who Can Crack the ‘Hack-Proof’
Offline cold storage cryptocurrency wallet service provider GK8 is offering a bug bounty of up to $250,000 to the first person who can hack its product. GK8 — which presents its solution as a “hack-proof digital vault” that needs no direct or indirect connection to the internet — will place 14 Bitcoin (BTC) (over $125,000 at press time) in its wallet. Anyone who succeeds in breaking into the wallet will pocket its proceeds, plus an additional $125,000 prize. The bounty program will run from Feb. 3 (9:00 a.m EST) through February 4, 2020 (9:00 AM EST). Mitigating state-sponsored attacks and …
Blockchain / Jan. 28, 2020
What Are Zk-SNARKs and How Do They Affect Digital Privacy?
At a time when technology can be used as both a mechanism for privacy intrusions and a tool for protecting privacy, the prescient sentiment of cypherpunks in the 1990s of cryptography as the last defense against a digital surveillance dystopia rings truer than ever. And one of the most potent instruments for defending digital privacy has recently gained significant momentum thanks to the advent of cryptocurrencies. An iteration of zero-knowledge proofs, trustless zero-knowledge proof systems that are also referred to as zk-SNARKs are a powerful cryptographic primitive that can sever any tractable piece of data between two parties over a …
Blockchain / March 5, 2020
Main hacker in Transit Swap exploit agrees to return remaining funds
On Monday, decentralized finance (DeFi) protocol Transit Swap announced that it had reached an agreement with its biggest hacker for the return of funds. Approximately one week prior, a hacker exploited an internal bug on a swap contract within the protocol and caused other individuals to imitate the security breach, leading to a loss of over $23 million in user funds. However, the main hacker has since returned approximately 70% of exploited funds thanks to the help of security companies such as Peckshield, SlowMist, Bitrace, and TokenPocket. They quickly tracked down the hacker by identifying their IP address, email address, …
Blockchain / Oct. 10, 2022