Market Report

Zcash reveals inflation bug could have created infinite ZEC tokens




Last modified


Zcash discloses inflation bug that could have created infinite tokens Crypto Heroes

An inflation bug could have allowed hackers to create infinite ZEC coins, according to information released by Zcash’s development team. Zcash revealed in a blog post that the bug was discovered 11 months ago and could have affected their ZEC coin and several other privacy coins.

Inflation bug was tackled eight months after discovery

Zcash explained that it took eight months to rectify the bug after it was discovered, with some coins still exposed to the bug.

In March 2018, a Zcash engineer realized a mistake in a cryptography paper describing certain zero-knowledge proofs. Zcash and a few other privacy coins use the zero-knowledge proof to enable most of their privacy features. The vulnerability could allow an attacker to mint an infinite amount of ZEC and the other affected coins without detection.

Zcash kept the discovery quiet. The technical team who worked on the issue used encrypted communication to ensure that outsiders do not find out about the vulnerability. Eight months after the bug was discovered, the technical team patched it during a planned network upgrade. Zcash stated that they are not certain if the bug was exploited, though they have not been able to identify any case related to the bug.

The other privacy coins affected were not informed about the bug. After fixing the vulnerability on its network, the Zcash team informed the security team at Komodo and Horizen, two largest coins affected by the bug aside Zcash, detailing instructions on how to fix the bug. Both of these projects have managed to fix it on their networks, but other smaller privacy-coins are still open to the attack, including Bitcoin Private. In December, a study conducted by CoinMetrics showed evidence of a covert pre-mine of Bitcoin Private, with Zcash blamed for the incident.

Zcash CEO, Bryce Wilcox, explained that they did not want to disclose the information to more parties until the majority of the exposed market cap had been protected. Zcash, in their disclosure, stated, “vulnerability is so subtle that it evaded years of analysis by expert cryptographers focused on zero-knowledge proving systems.”

More interesting news from the crypto world: