- CoinStic
- Posts
- Zcash Patches Exploit, Says Attacker ‘Could Have Created Fake Zcash Without Being Detected’
Zcash Patches Exploit, Says Attacker ‘Could Have Created Fake Zcash Without Being Detected’
Zcash released a report on Tuesday that reveals a mathematical mistake in the privacy coin’s code. The error, which was discovered by cryptographic engineer Ariel Gabizon, revealed a security vulnerability that could have exposed the privacy coin to hackers.
According to the Zcash report,
“Eleven months ago we discovered a counterfeiting vulnerability in the cryptography underlying some kinds of zero-knowledge proofs.”
“The counterfeiting vulnerability was fixed by the Sapling network upgrade that activated on October 28th, 2018. The vulnerability was specific to counterfeiting and did not affect user privacy in any way. Prior to its remediation, an attacker could have created fake Zcash without being detected. The counterfeiting vulnerability has been fully remediated in Zcash and no action is required by Zcash users.”
Zcash CEO Zooko Wilcox says he doesn’t believe there was any exploitation of the vulnerability.
Wilcox also told Fortune he doesn’t think people know cryptography well enough to have taken advantage of the error; however, the Zcash team says it can’t be completely sure that the error has not been exploited.
According to the Zcash report,
“It was not reported publicly at the time in order to protect against it being exploited prior to its remediation, and to provide information and remediated code to other projects that were also vulnerable. We employed stringent operational security measures to keep its existence a secret, even from our own engineers.”
“We believe that no one else was aware of the vulnerability and that no counterfeiting occurred in Zcash.”
According to the developers, no further action needs to be taken by Zcash users.
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
The post Zcash Patches Exploit, Says Attacker ‘Could Have Created Fake Zcash Without Being Detected’ appeared first on The Daily Hodl.