Download our App  (X)
download android app

Zcash cryptocurrency developers detail vulnerability that could have allowed crypto-counterfeiting

[Published: 2019-02-06T01:19:52Z] [Author: Duncan Riley] [Powered by:]

The developers behind the privacy-focused Zcash cryptocurrency have disclosed a now-fixed flaw that could have allowed hackers to create an infinite number of counterfeit tokens.

Detailed by developers Josh Swihart, Benjamin Winston and Sean Bowe in a blog post today, the flaw could have brought down what is currently the world’s 21st most popular cryptocurrency, one that was previously higher-ranked. That could have resulted in a massive cryptocurrency crisis.

Zcash was founded in 2016 with a privacy focus often popular with those operating on the dark side. For example, it’s the cryptocurrency of choice of the notorious hacking group Shadow Brokers, to name but one Zcash fan. The dark web aside, Zcash is also used by legitimate companies, JPMorgan Chase the most prominent.

The serious vulnerability was discovered in last March by Ariel Gabizon, an engineer at the Zerocoin Electric Coin Co., the firm behind Zcash. From there the vulnerability was limited to four people in the know until it was fixed in October last year.

“The counterfeiting vulnerability was fixed by the Sapling network upgrade that activated on Oct. 28, 2018,” the blog post said. “The vulnerability was specific to counterfeiting and did not affect user privacy in any way. Prior to its remediation, an attacker could have created fake Zcash without being detected. The counterfeiting vulnerability has been fully remediated in Zcash and no action is required by Zcash users.”

Despite the fact that the flaw not only existed to begin with and its fix was covered up until now, Zcash is not without fans — National Security Agency leaker Edward Snowden among them.

“A lot of people wond ...