Connect with us

Altcoins

Zcash vulnerability could have resulted in the loss of millions of dollars

Priya NV

Published

on

Zcash vulnerability could have resulted in the loss of millions of dollars
Source: Unsplash

Zcash, a leading privacy cryptocurrency in the market, recently announced that they had found counterfeiting vulnerability in the “cryptography underlying some kinds of zero-knowledge proofs”. Interestingly, this vulnerability was detected by the Zcash company in March 2018, around eleven months back. This was later fixed in October 2018 during the Sapling Network upgrade.

The details of the vulnerability was not disclosed earlier because the Zcash company did not want the attackers to exploit it. Notably, in an attempt to prevent an attack from happening, three members from the Zcash community including Zooko Wilcox, the CEO of the Zcash Company, decided to delete the MCP protocol transcript, “which would allow an adversary to create false proofs” from all the platforms it would have been available to the community. It was deleted “under a coinciding operational security cover story.” Soon after this, the team decided to delete all the back-up there was of the transcript as well. The team further claimed that this transcript was hardly downloaded.

According to the official announcement, the vulnerability did not have any effect on users’ privacy and was limited only to counterfeiting. This means that an attacker could have only been able to create fake Zcash. The attacker also had an opportunity to pull this off successfully without being detected. More so, the team also revealed in the report that the counterfeit vulnerability was present in the Zcash code for several years, prior to its detection.

Despite its severity, the team claims that the vulnerability has not been previously exploited and also laid down reasons as to why it would have not been discovered by anyone in the space. The reasons laid down by the company as to why they are confident that the vulnerability was not discovered are:

  • Required high-level of technical and cryptographic sophistication to detect the vulnerability and according to them, only a very few people possess such high-level skills
  • It managed to go undetected for several years by auditors, cryptographers, scientists, and even engineering teams who launched new projects based on Zcash code
  • The team has not yet found any evidence pertaining to the exploitation of the vulnerability. They added that if it had occurred, it would have been detected by monitoring the total amount of Zcash held in sprout addresses
  • The company took “extraordinary” steps to minimize the possibility of an attack
  • Based on their study on the blockchain, an attack would have left a footprint and the team did not find any

However, the company did add that even though Zcash itself is in safe haven right now, there are projects that can be affected by this. This can be any project that is dependant on the “MPC ceremony used by the original sprout system that was distributed in the initial launch of Zcash.” Furthermore, the company also revealed that this was disclosed to third-party projects: Horizen [aka ZenCash] and Komodo.

The announcement read:



“We believe that the steps we have taken to mitigate the issue while working to ensure the safety of Zcash users has been successful. More information on the specific events that transpired from the initial discovery of the counterfeiting vulnerability through this disclosure will be covered in a future post.”

Peter Todd, an applied cryptography consultant said on Twitter:

“Reality is bleeding edge crypto is risky; second inflation bug they’ve had. (first being caught prior to release) BTC has categorically worse privacy than ZEC on L1, but the trade-off is a safer system re: total loss. Had this been exploited, it could have easily been a hundreds of millions of dollars loss.”

He further said:

“Zcash has gotta be the least honest competent team in crypto. Also, their story that the transcript was hardly downloaded shows how right my criticisms of the lack of auditing was: basically no one had actually checked that the ceremony was correct which they refuted multiple times. For instance the “deterministic” build broke ~1mth after.”





Subscribe to AMBCrypto’s Newsletter




Follow us on Telegram | Twitter | Facebook



Priya is a full-time member of the reporting team at AMBCrypto. She is a finance major with one year of writing experience. She has not held any value in Bitcoin or other currencies.

Altcoins

WAVES/BTC sees dramatic drop to reach 1 Satoshi on Binance exchange due to a massive sell order

Avatar

Published

on

WAVES/BTC hits a dramatic drop to reach 1 Satoshi on Binance exchange due to a massive sell order
Source: Pixabay

Waves, the 29th largest cryptocurrency, hit lows against BTC on April 17, and users speculated that this could have been due to a massive sell order.

Waves, at press time, was trading a $2.71 with a market cap of $270 million and had a trading volume of $15 million. However, on April 17, the price of Waves hit rock bottom due to a massive sell-off similar to one that Ethereum witnessed a few years back.

Source: TradingView

As seen in the above chart, the price of Waves against BTC hit exactly 0.0000001 BTC, which amounts to 1 Satoshi. The volume for the said candle is also massive, further confirming a sell order of massive amounts. The coin has since increased by approximately 3% against Bitcoin in under 24 hours.

Crypto enthusiasts on Twitter couldn’t hold back their opinions as one user, @BitBitCrypto tweeted



“- $WAVES did not trade at 1sat, it traded at 10sat
– It is still a great project and with a huge potential
– This sell order has nothing to do with WAVES (the project)
– This trade wasn’t done on Binance web cause you can’t place this low, it was API
– I didn’t buy it at 10 sat”

Another user @BITCVIX tweeted:

TradingView commented on this matter saying:

“Something strange is always happening in the #crypto market”





Subscribe to AMBCrypto’s Newsletter


Continue Reading

Trending