Connect with us


Zcash vulnerability could have resulted in the loss of millions of dollars

Priya NV



Zcash vulnerability could have resulted in the loss of millions of dollars
Source: Unsplash

Zcash, a leading privacy cryptocurrency in the market, recently announced that they had found counterfeiting vulnerability in the “cryptography underlying some kinds of zero-knowledge proofs”. Interestingly, this vulnerability was detected by the Zcash company in March 2018, around eleven months back. This was later fixed in October 2018 during the Sapling Network upgrade.

The details of the vulnerability was not disclosed earlier because the Zcash company did not want the attackers to exploit it. Notably, in an attempt to prevent an attack from happening, three members from the Zcash community including Zooko Wilcox, the CEO of the Zcash Company, decided to delete the MCP protocol transcript, “which would allow an adversary to create false proofs” from all the platforms it would have been available to the community. It was deleted “under a coinciding operational security cover story.” Soon after this, the team decided to delete all the back-up there was of the transcript as well. The team further claimed that this transcript was hardly downloaded.

According to the official announcement, the vulnerability did not have any effect on users’ privacy and was limited only to counterfeiting. This means that an attacker could have only been able to create fake Zcash. The attacker also had an opportunity to pull this off successfully without being detected. More so, the team also revealed in the report that the counterfeit vulnerability was present in the Zcash code for several years, prior to its detection.

Despite its severity, the team claims that the vulnerability has not been previously exploited and also laid down reasons as to why it would have not been discovered by anyone in the space. The reasons laid down by the company as to why they are confident that the vulnerability was not discovered are:

  • Required high-level of technical and cryptographic sophistication to detect the vulnerability and according to them, only a very few people possess such high-level skills
  • It managed to go undetected for several years by auditors, cryptographers, scientists, and even engineering teams who launched new projects based on Zcash code
  • The team has not yet found any evidence pertaining to the exploitation of the vulnerability. They added that if it had occurred, it would have been detected by monitoring the total amount of Zcash held in sprout addresses
  • The company took “extraordinary” steps to minimize the possibility of an attack
  • Based on their study on the blockchain, an attack would have left a footprint and the team did not find any

However, the company did add that even though Zcash itself is in safe haven right now, there are projects that can be affected by this. This can be any project that is dependant on the “MPC ceremony used by the original sprout system that was distributed in the initial launch of Zcash.” Furthermore, the company also revealed that this was disclosed to third-party projects: Horizen [aka ZenCash] and Komodo.

The announcement read:

“We believe that the steps we have taken to mitigate the issue while working to ensure the safety of Zcash users has been successful. More information on the specific events that transpired from the initial discovery of the counterfeiting vulnerability through this disclosure will be covered in a future post.”

Peter Todd, an applied cryptography consultant said on Twitter:

“Reality is bleeding edge crypto is risky; second inflation bug they’ve had. (first being caught prior to release) BTC has categorically worse privacy than ZEC on L1, but the trade-off is a safer system re: total loss. Had this been exploited, it could have easily been a hundreds of millions of dollars loss.”

He further said:

“Zcash has gotta be the least honest competent team in crypto. Also, their story that the transcript was hardly downloaded shows how right my criticisms of the lack of auditing was: basically no one had actually checked that the ceremony was correct which they refuted multiple times. For instance the “deterministic” build broke ~1mth after.”

Subscribe to AMBCrypto’s Newsletter

Follow us on Telegram | Twitter | Facebook

Priya is a full-time member of the reporting team at AMBCrypto. She is a finance major with one year of writing experience. She has not held any value in Bitcoin or other currencies.


Ampleforth could help create next-gen synthetic commodities for portfolio diversification, claims Blockfyre report




Ampleforth could help create next gen synthetic commodities for diversification of portfolios claims new Blockfyre report
Source: Unsplash

Ampleforth was the first token to successfully complete an IEO on Bitfinex. This IEO caught the attention of a lot of users in the cryptospace, as the $5 million hard cap was sold out within the first 11 seconds. A new report by Blockfyre details how Ampleforth could pave the way for a new asset class for portfolio diversification in the future.

The report also highlighted a feature of Ampleforth that allows a flexible supply that adjusts to the market demand, while price simultaneously finds equilibrium. The token also aims to tackle the strong correlation that most cryptocurrencies share with Bitcoin.

Synthetic Commodity

Ampleforth project has the ability to create synthetic commodities that are disconnected when it comes to price fluctuations due to correlations, which is a common problem faced by both cryptocurrencies and traditional asset classes. Although Bitcoin was created to tackle problems that fiat currency inherently has, it still has some correlation issues.

In a world where traditional assets are widely affected by macroeconomic and global political scenarios, Ampleforth aims to create a new asset class, Synthetic Commodity, to tackle this problem.

The report stated,

“BTC as a synthetic commodity doesn’t show correlation to traditional markets such as stock stocks and bonds. Thus it reflects a potential good investment for portfolio diversification, in order to tackle macro-economic recession”

Although BTC is an uncorrelated asset, other cryptocurrencies are widely correlated to it. Ampleforth’s protocol introduces synthetic assets that “will always find a price-supply equilibrium by adjusting the price due to demand.” The report added,

“It needs to be emphasized, that these price-supply information will always be distributed amongst all token holders, so the supply of all token holders will decrease / increase. As a result, the overall cut of the total supply for each person will always remains the same.”

The report further said that if successful, Ampleforth will directly compete with Bitcoin’s $145 billion market cap and also against traditional asset market-based in fiat.

Subscribe to AMBCrypto’s Newsletter

Continue Reading