Cryptocurrency
DeFi
Exchanges
Stablecoins
NFTs
Wallets
Bitcoin
Ethereum
Tokens
ICOs
IEOs
Technology
Crypto
Banking
Supply Chain
Security
Healthcare
Mining
AI
Advertising
Gaming
Retail
Education
Analytics
Hosting
Business
Partnerships
Investments
Adoption
Acquisitions
Conferences
IPOs
Legal
Lawsuits
Patents
Politics
Fraud
Research
Guides
Opinion
Cryptocurrency
Technology
Business
Legal
Politics
Fraud
Research
Guides
Opinion
The Chain Bulletin logo

Zcash Revealed a Counterfeiting Vulnerability Was Fixed Last Year

  • According to a blog post, the vulnerability was discovered by Ariel Gabizon, an engineer at the Zerocoin Electric Coin Company.
  • The bug would have allowed attackers to coin infinite amount of Zcash tokens (ZEC) if left alone, and did not affect user privacy in any way.
by Krasimir Buchvarov February 9, 2019, 2:33 PM
Zcash Revealed a Counterfeiting Vulnerability Was Fixed Last Year

A post on the official Zcash blog revealed that the company has fixed a catastrophic code bug late last year, that could have permitted attackers to print infinite coins.

According to the post the vulnerability was discovered by Ariel Gabizon, an engineer at the Zerocoin Electric Coin Company. The bug was found the night before his talk at the Financial Cryptography conference in March 2018, and was reported to a cryptographer at the Zcash Company on the same day.

The bug would have allowed attackers to coin infinite amount of Zcash tokens (ZEC) if left alone, and did not affect user privacy in any way. The post revealed that a fix for the vulnerability was implemented on Oct. 28 last year, with the large Sapling network upgrade. The “subtle” bug was contained in zk-SNARKS, a novelty cryptography used by the cryptocurrency to shield Zcash transactions, which has been independently implemented by other projects.

After an analysis of the market, the Zcash company found that they could reach two-thirds of the affected capital with only two disclosures. The companies in question, Horizen (previously known as ZenCash) and Komodo, recieved a PGP encrypted email containing the impact of the bug and its fixpath on Nov. 13 last year.

The team does not believe any counterfeiting occurred on Zcash for several reasons, including that “discovery of the vulnerability would have required a high level of technical and cryptographic sophistication that very few people possess,”. The company has found no evidence of counterfeiting after monitoring the total amount of Zcash held in Sprout addresses.

Discussion
Related Coverage
Curve Exploited for $41M Due to Vyper Vulnerability
  • Versions 0.2.15, 0.2.16, and 0.3.0 of Vyper have malfunctioning reentrancy locks, which left smart contracts compiled with them vulnerable to reentrancy attacks.
  • An estimated 460 contracts were compiled using these versions of Vyper which resulted in millions being lost to attacks, with Curve Finance reportedly losing $41 million.
July 31, 2023, 8:06 AM
hack

Shutterstock

Paxos in “Constructive Discussions” With SEC Over BUSD
  • Stablecoin issuer Paxos has engaged the SEC in “constructive discussions” over its allegation that BUSD is a security, ready to defend its position in litigation.
  • The company also revealed it will be ending its relationship with Binance, but noted that the decision was separate from the NYDFS and SEC investigations.
Paxos Disagrees With SEC That BUSD is a Security
  • Paxos confirmed it had received a Wells Notice from the U.S. SEC on 3 February, that claimed BUSD was an unregistered security.
  • The company said it “categorically disagrees” with the SEC’s claim, and that it was prepared to “vigorously litigate if necessary”.