Zcash Vulnerability Permitting Infinite ZEC Counterfeiting Fixed and Disclosed

A vulnerability that could have permitted an attacker to coin infinite Zcash (ZEC) has been patched and disclosed by the company behind the coin, a post on the official Zcash blog states on Feb. 5.

Ariel Gabizon, an engineer at the Zerocoin Electric Coin Company — the startup behind privacy-focused cryptocurrency Zcash — reportedly discovered the vulnerability the night before his talk at the Financial Cryptography 2018 conference in March 2018. Gabizon contacted Sean Bowe, a cryptographer at the Zcash Company, the same day.

A fix for the vulnerability was covertly included (to prevent exploitation) in the Sapling network upgrade adopted on Oct. 28, 2018. The bug was contained in the variant of zk-SNARKs — the kind of cryptography that grants anonymity to shielded Zcash transactions — and had been independently implemented by other projects.

Namely, Horizen (previously known as ZenCash) and Komodo blockchains both suffered from the same vulnerability. The Zcash team reportedly “disclosed the impact and fix path of this issue to Horizen’s” security team and Komodo’s developers via encrypted email in mid-November. The post declares:

“It appears that both Horizen and Komodo have taken appropriate actions per our recommendation.”

As Cointelegraph reported in March last year, American whistleblower Edward Snowden voiced concerns over Bitcoin’s long-term prospects citing its lack of privacy and defining Zcash as the most interesting altcoin on the market because of its anonymity features.

Also, in February 2018, an investment thesis by Grayscale Investments forecast that the value of Zcash could reach over $62,000 by 2025, assuming that the coin will represent 10 percent of all offshore wealth by that point.