Back to the list

Zcash Developers Claim To Fix ZEC Critical Vulnerability

The vulnerability that allowed an attacker to receive infinite Zcash coins (ZEC) was identified and fixed by the developers, the official Zcash blog reports. The error was discovered as early as March 2018, but the information has been kept in the secrecy until now.

It is noted that Ariel GABIZON, engineer of the Zerocoin Electric Coin Company, discovered a critical vulnerability. For further decisions, he contacted Sean BOWE, a Zcash cryptographer.

“The counterfeiting vulnerability was fixed by the Sapling network upgrade that activated on October 28th, 2018. The vulnerability was specific to counterfeiting and did not affect user privacy in any way. Prior to its remediation, an attacker could have created fake Zcash without being detected. The counterfeiting vulnerability has been fully remediated in Zcash and no action is required by Zcash users,"

— the developers write in the report, also stating that after an audit they found out that no one took advantage of this vulnerability up to the moment it was fixed.

According to the project team, the Horizen (ZenCash) and Komodo blockchains were exposed to a similar vulnerability. These projects took measures in accordance with the Zcash developers’ recommendations and also implemented the fixes.

Image courtesy of Crypto Hustle

Back to the list