An inflation bug could have allowed hackers to create infinite ZEC coins, according to information released by Zcash’s development team. Zcash revealed in a blog post that the bug was discovered 11 months ago and could have affected their ZEC coin and several other privacy coins.
Inflation bug was tackled eight months after discovery
Zcash explained that it took eight months to rectify the bug after it was discovered, with some coins still exposed to the bug.
In March 2018, a Zcash engineer realized a mistake in a cryptography paper describing certain zero-knowledge proofs. Zcash and a few other privacy coins use the zero-knowledge proof to enable most of their privacy features. The vulnerability could allow an attacker to mint an infinite amount of ZEC and the other affected coins without detection.
Zcash kept the discovery quiet. The technical team who worked on the issue used encrypted communication to ensure that outsiders do not find out about the vulnerability. Eight months after the bug was discovered, the technical team patched it during a planned network upgrade. Zcash stated that they are not certain if the bug was exploited, though they have not been able to identify any case related to the bug.
The other privacy coins affected were not informed about the bug. After fixing the vulnerability on its network, the Zcash team informed the security team at Komodo and Horizen, two largest coins affected by the bug aside Zcash, detailing instructions on how to fix the bug. Both of these projects have managed to fix it on their networks, but other smaller privacy-coins are still open to the attack, including Bitcoin Private. In December, a study conducted by CoinMetrics showed evidence of a covert pre-mine of Bitcoin Private, with Zcash blamed for the incident.
Zcash CEO, Bryce Wilcox, explained that they did not want to disclose the information to more parties until the majority of the exposed market cap had been protected. Zcash, in their disclosure, stated, “vulnerability is so subtle that it evaded years of analysis by expert cryptographers focused on zero-knowledge proving systems.”
More interesting news from the crypto world:
Report: Japan Promotes an International Network for Crypto Payments
Crypto Wallet Hacks on the Rise: Are your Coins Safe?
LedgerX Allows Retail Investors to Bet on BTC Reaching $100K by 2020
News7 days ago
A Leading Australian Supermarket Chain Begins Accepting BTC Payments
News6 days ago
Donald Trump Criticizes Facebook’s Libra Stablecoin and Other Crypto Coins in a Twitter Storm
News4 days ago
Bitpoint Exchange Finds $2.3 million Worth of Crypto Lost to a Hack
News3 days ago
Trump Has the Power to Ban Crypto, But it’s Very Unlikely That He Will