Zcash cryptocurrency fixes infinite counterfeiting vulnerability

Zcash devs keep dangerous flaw secret for eight months while they prepare and ship a much-needed fix.
Written by Catalin Cimpanu, Contributor
Image: Zcash

In a highly secretive sequence of events, the developer team behind the privacy-focused Zcash cryptocurrency has fixed a severe vulnerability that would have allowed an attacker to generate new Zcash funds from scratch without any upper limit.

The vulnerability was deemed so dangerous that only four people knew about it before a patch was released at the end of October 2018.

Also: Online security 101: Tips for protecting your privacy

The four are Ariel Gabizon, a cryptographer working for the Zcash Company and the one who discovered the bug; Sean Bowe, a fellow Zcash cryptographer who confirmed Gabizon's finding; and Zooko and Nathan Wilcox, the CEO and CTO, respectively, of the Zcash Company, both of who coordinated the fix.

The paranoia and secrecy behind the patch stems from the fact that the Zcash cryptocurrency and its highly advanced and privacy-focused protocol is also used by JPMorgan Chase, one of the largest banks in the world.

But the fear to lose commercial partners wasn't the only thing that made the four Zcash developers keep their silence. The flaw, itself, had dangerous consequences, as it could be abused to flood the Zcash ecosystem with new funds that could have diluted and potentially destroyed it forever.

Must read

In their desire to prevent any attackers from exploiting the flaw, even if details about it ever leaked, the four Zcash devs went as far as to delete a "large MPC protocol transcript" --a file that could have been used by attackers to fine-tune their exploit code.

When asked why the file had disappeared from their servers, the Zcash leadership claimed it "was missing due to accidental deletion" (they later reconstructed the file from DVDs collected from the participants of the original Zcash launch ceremony).

Bug patched last October

The issue, which Gabizon initially discovered on March 1, last year, while attending the Financial Cryptography 2018 conference, was eventually fixed in late October when the Zcash team released the "Sapling" edition of the Zcash protocol, which replaced the vulnerable code with stronger mathematical algorithms.

But the Zcash team didn't disclose details about the vulnerability right away. Instead, they notified other cryptocurrencies and blockchain projects that used their older, vulnerable code, such as Horizen and Komodo, both of which rolled out their own patches soon after.

The Zcash team disclosed details about the vulnerability only today, almost three months after the patch's release.

Bug would have been hard to stop. Was never exploited.

The Zcash devs say that despite all the secrecy, they didn't fear someone else discovering the same issue, although they did follow proper procedure and took all the necessary precautions nevertheless.

"Discovery of the vulnerability would have required a high level of technical and cryptographic sophistication that very few people possess," the Zcash team said today. "The vulnerability had existed for years but was undiscovered by numerous expert cryptographers, scientists, third-party auditors, and third-party engineering teams who initiated new projects based upon the Zcash code."

Zcash devs also said they didn't find any evidence that anybody found or exploited this flaw without their knowledge. They said  that exploiting this vulnerability would have left "a specific kind of footprint" on the Zcash blockchain that they could have easily detected if it ever happened.

Any project that depends on the original Sprout protocol that was distributed in the initial launch of Zcash is now to be considered insecure.

According to CoinMarketCap, Zcash is the 21st ranked cryptocurrency in the world, based on market cap.

How to spot a fake ICO (in pictures)

Related stories:

Editorial standards