Zcash Patches Infinite Counterfeit Vulnerability
February 11, 2019 10:10 am
The Caribbean island of Curcao held a cryptography conference last year on March 1 in which Ariel Gabizon gave a presentation on a Zcash’s code vulnerability. This small error has the potential to put billions of dollars under risk.
One of Zerocoin Electric Coin Company’s engineer is credited to create Zcash, a privacy-focused cryptocurrency. Gabizon is credited with discovering an error in the cryptography paper which is acclaimed to lay the foundation of virtual coins. The paper talks about “zero-knowledge” proofs which enable the privacy features offered by the Zcash platform, including other cryptocurrencies.
The vulnerability could be exploited by a hacker to generate an unlimited amount of counterfeit Zcash. This flaw made other cryptocurrencies that ran on a similar platform to Zcash vulnerable as well.
Bryce “Zooko” Wilcox, CEO, co-founder, Zcash talked to Fortune magazine, talking about how the team was successful in patching the security risk back in October, eight months after the flaw was originally discovered. He spoke in defense of the sluggish fix saying that not many people were well-versed with cryptocurrencies to render it dangerous. He further commented that the Zcash team did not find any suspicious transaction activity which might point to malicious intent.
The team appears highly confident that the vulnerability wasn’t exploited. While Zcash and other cryptocurrencies were able to patch the bug, not all projects were able to patch this exploit.
When Zcash initially discovered this problem, they were split between two options. Either disclose the bug immediately, which would have caused a lot of panic among investors. The second option was to work on fixing the big and introduce it in the planned network upgrade. The team took the latter approach.
Maurizio Binello, team member, Horizen, said
“We’d like to thank the Zcash team for disclosing their technical concerns and for the coordination work. We see this an important sign of maturity for the whole industry.”