Zcash, a leading privacy cryptocurrency in the market, recently announced that they had found counterfeiting vulnerability in the “cryptography underlying some kinds of zero-knowledge proofs”. Interestingly, this vulnerability was detected by the Zcash company in March 2018, around eleven months back. This was later fixed in October 2018 during the Sapling Network upgrade.
The details of the vulnerability was not disclosed earlier because the Zcash company did not want the attackers to exploit it. Notably, in an attempt to prevent an attack from happening, three members from the Zcash community including Zooko Wilcox, the CEO of the Zcash Company, decided to delete the MCP protocol transcript, “which would allow an adversary to create false proofs” from all the platforms it would have been available to the community. It was deleted “under a coinciding operational security cover story.” Soon after this, the team decided to delete all the back-up there was of the transcript as well. The team further claimed that this transcript was hardly downloaded.
According to the official announcement, the vulnerability did not have any effect on users’ privacy and was limited only to counterfeiting. This means that an attacker could have only been able to create fake Zcash. The attacker also had an opportunity to pull this off successfully without being detected. More so, the team also revealed in the report that the counterfeit vulnerability was present in the Zcash code for several years, prior to its detection.
Despite its severity, the team claims that the vulnerability has not been previously exploited and also laid down reasons as to why it would have not been discovered by anyone in the space. The reasons laid down by the company as to why they are confident that the vulnerability was not discovered are:
- Required high-level of technical and cryptographic sophistication to detect the vulnerability and according to them, only a very few people possess such high-level skills
- It managed to go undetected for several years by auditors, cryptographers, scientists, and even engineering teams who launched new projects based on Zcash code
- The team has not yet found any evidence pertaining to the exploitation of the vulnerability. They added that if it had occurred, it would have been detected by monitoring the total amount of Zcash held in sprout addresses
- The company took “extraordinary” steps to minimize the possibility of an attack
- Based on their study on the blockchain, an attack would have left a footprint and the team did not find any
However, the company did add that even though Zcash itself is in safe haven right now, there are projects that can be affected by this. This can be any project that is dependant on the “MPC ceremony used by the original sprout system that was distributed in the initial launch of Zcash.” Furthermore, the company also revealed that this was disclosed to third-party projects: Horizen [aka ZenCash] and Komodo.
The announcement read:
“We believe that the steps we have taken to mitigate the issue while working to ensure the safety of Zcash users has been successful. More information on the specific events that transpired from the initial discovery of the counterfeiting vulnerability through this disclosure will be covered in a future post.”
Peter Todd, an applied cryptography consultant said on Twitter:
“Reality is bleeding edge crypto is risky; second inflation bug they’ve had. (first being caught prior to release) BTC has categorically worse privacy than ZEC on L1, but the trade-off is a safer system re: total loss. Had this been exploited, it could have easily been a hundreds of millions of dollars loss.”
He further said:
“Zcash has gotta be the least honest competent team in crypto. Also, their story that the transcript was hardly downloaded shows how right my criticisms of the lack of auditing was: basically no one had actually checked that the ceremony was correct which they refuted multiple times. For instance the “deterministic” build broke ~1mth after.”
Subscribe to AMBCrypto’s Newsletter
WAVES/BTC sees dramatic drop to reach 1 Satoshi on Binance exchange due to a massive sell order
Waves, the 29th largest cryptocurrency, hit lows against BTC on April 17, and users speculated that this could have been due to a massive sell order.
Waves, at press time, was trading a $2.71 with a market cap of $270 million and had a trading volume of $15 million. However, on April 17, the price of Waves hit rock bottom due to a massive sell-off similar to one that Ethereum witnessed a few years back.
As seen in the above chart, the price of Waves against BTC hit exactly 0.0000001 BTC, which amounts to 1 Satoshi. The volume for the said candle is also massive, further confirming a sell order of massive amounts. The coin has since increased by approximately 3% against Bitcoin in under 24 hours.
Crypto enthusiasts on Twitter couldn’t hold back their opinions as one user, @BitBitCrypto tweeted
“- $WAVES did not trade at 1sat, it traded at 10sat
– It is still a great project and with a huge potential
– This sell order has nothing to do with WAVES (the project)
– This trade wasn’t done on Binance web cause you can’t place this low, it was API
– I didn’t buy it at 10 sat”
Another user @BITCVIX tweeted:
1min WAVES/BTC flash crash on Binance (from 5200 sats to 1 sat) pic.twitter.com/C9WAGyjwp9
— BTCVIX (@BTCVIX) April 17, 2019
TradingView commented on this matter saying:
“Something strange is always happening in the #crypto market”
Subscribe to AMBCrypto’s Newsletter
XRP shorts overtake XRP longs as USD shorts increase 85 percent on April 17
Gemini’s Winklevoss twins and Charlie Shrem reach settlement in long-standing Bitcoin deal
Bitcoin [BTC] will take another 22 years to regain its all-time high, says research analyst
What is USDQ and Q DAO?
Binance coin [BNB] registers growth over 5% following Binance’s DEX launch hint; XRP too spikes by over 5%
Bitcoin SV [BSV]: John McAfee ‘sues Calvin Ayre in four different countries’; vows to bankrupt him
Cardano [ADA]: Proof of Stake [PoS] throws away expensive process & advances the network, says Charles Hoskinson
Cardano [ADA]: We will emerge from 2019 more decentralized than any other network, says Charles Hoskinson
Bitcoin [BTC]: Don’t buy into it if you are not ready to be rekt, warns Richard Heart
XRP takes another step into mainstream adoption as Skype hints a possible integration
Japanese ‘Amazon’ Rakuten opens registration for trading cryptocurrencies on Rakuten Wallet
Breaking: SBI Virtual Currencies delists Bitcoin Cash [BCH] in response to Binance’s Bitcoin SV delisting
Is John McAfee among crypto adherents who knows Satoshi’s true identity?
Bitcoin [BTC], Bitcoin Cash [BCH] accepted as payments by Corporate Traveller following tie-up with BitPay