Security & Fraud

Zcash Bug Could Have Been Used To Create Infinite Tokens

Zcash Bug

The team behind Zcash, a cryptocurrency that touts enhanced privacy for its users, revealed that it fixed a bug that could have been used to counterfeit unlimited coins, according to reports.

A zcash cryptographer named Ariel Gabizon said he found the bug in zk-SNARKS, the cryptography the team uses to hide balances and identities.

When the team discovered the bug, they quietly worked on a fix and added it to an upgrade last October. The news about the bug had not been previously revealed.

In a blog post, the company laid out the whole debacle.

“The counterfeiting vulnerability was fixed by the Sapling network upgrade that activated on October 28th, 2018. The vulnerability was specific to counterfeiting and did not affect user privacy in any way. Prior to its remediation, an attacker could have created fake Zcash without being detected. The counterfeiting vulnerability has been fully remediated in Zcash and no action is required by Zcash users,” the company said.

The company said it found out about the bug a little less than a year ago.

“The counterfeiting vulnerability was discovered by a cryptographer employed by the Zerocoin Electric Coin Company (aka The Zcash Company) on March 1st, 2018. It was not reported publicly at the time in order to protect against it being exploited prior to its remediation, and to provide information and remediated code to other projects that were also vulnerable. We employed stringent operational security measures to keep its existence a secret, even from our own engineers.”

Zcash said no one was aware of the vulnerability and that it was positive that no counterfeiting happened because “discovery of the vulnerability would have required a high level of technical and cryptographic sophistication that very few people possess,” and “the vulnerability had existed for years but was undiscovered by numerous expert cryptographers, scientists, third-party auditors, and third-party engineering teams who initiated new projects based upon the Zcash code.”



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.