Zcash Bug Could Reveal Shielded Full Nodes’ IP Addresses

Published at: Sept. 29, 2019

A bug in all Zcash (ZEC) implementations and most of its forks could leak metadata containing the full nodes’ with shielded addresses (zaddr) IPs.

Komodo (KMD) developer Duke Leto disclosed the bug in a blog post published on his personal website. A Common Vulnerabilities and Exposures (CVE) code has already been assigned to track the issue on Sept. 27. Leto explained:

“A bug has existed for all shielded addresses since the inception of Zcash and Zcash Protocol. It is present in all Zcash source code forks. It is possible to find the IP address of full nodes who own a shielded address (zaddr). That is, Alice giving Bob a zaddr to be paid, could actually allow Bob to discover Alice’s IP address. This is drastically against the design of Zcash Protocol.”

Per the announcement, everyone who published their zaddr or provided it to a third party could be affected by the vulnerability. Leto claims that users should consider their “IP address and geo-location information associated with it as tied to [...] zaddr.”

Multiple cryptocurrencies affected

According to Leto, users who never used a zaddr, only used it over the Tor Onion Routing network or only to send funds, are not affected. Furthermore, Leto also claims that Zcash is not the only cryptocurrency affected and provides a non-exhaustive list.

The cryptocurrencies included in the list are Zcash, Hush, Pirate, Komodo smart chains with zaddr enabled by default, Safecoin, Horizen, Zero, VoteCoin, Snowgem, BitcoinZ, LitecoinZ, Zelcash, Ycash, Arrow, Verus, Bitcoin Private, ZClassic and Anon. Leto also points out that Komodo has already disabled the shielded addresses feature and transitioned it to the Pirate chain, which means that KMD no longer contains the bug.

As Cointelegraph recently reported, Electric Coin Company, which launched and supports the development of privacy-coin Zcash, recently published a paper describing a trustless cryptographic system called Halo.

Update: The original article incorrectly referred to Duke Leto as a Komodo core developer.

Tags

Altcoin

Cryptocurrencies

Privacy

Cybersecurity

Security

Anonymity

Zcash

Related Posts

Blockchain explores private stablecoin that could deliver instant, untraceable payments

A network that’s home to tools and applications championing anonymity has announced that it is exploring the development of oxUSD, a privacy preserving stablecoin. Oxen’s network is already used to power the anonymous messaging app Session — as well as Lokinet, a router that offers an alternative to Tor. However, the project’s team say their infrastructure is capable of handling so much more. They believe a private stablecoin would be a powerful complement to the products that are already on offer, delivering instant and untraceable digital payments. When it comes to the rationale behind launching such a digital asset, Oxen …

Technology / July 28, 2021

Coinbase CEO Brian Armstrong Says 20s Will See an Anoncoin Go Mainstream

Brian Armstrong, co-founder and CEO of United States-based cryptocurrency exchange Coinbase, said that he believes a “privacy coin” will go mainstream in the 20s. In a post published on Coinbase’s official blog on Jan. 3, Armstrong said that he believes in the 20s we will see the integration of privacy features into one of the major blockchains. He also foresees a cryptocurrency with such features to go mainstream in the following years: “Just like how the internet launched with HTTP, and only later introduced HTTPS as a default on many websites, I believe we’ll eventually see a “privacy coin” or …

Blockchain / Jan. 5, 2020

New Privacy Coin Says It Solves Problem With Monero and Zcash

A new coin is hoping to provide stiff competition to rivals such as Monero and Zcash by delivering “the first fully private hybrid chain with staking.” DAPS, which stands for Decentralized Anonymous Payment System, says it has developed ground-breaking technology that properly addresses the issues seen in other privacy coins, resulting in a truly trustless setup. A trustless setup occurs when a user can create a wallet or node without any exchange of information with another user or node. Some privacy coins require you to “trust” the setup information given to you — and trust that the giver of that …

Blockchain / March 11, 2020

The Future of Crypto: The Latest Cryptography Advances Set to Change Blockchain

Cryptocurrencies could not exist without cryptography. Advances in this field can have far-reaching impacts on blockchain technology and its potential. We will examine the opinions of industry experts on the latest cryptographic advances and their potential for cryptocurrencies. Zero knowledge proofs: more than just privacy Director of research at blockchain firm Blockstream and mathematician Andrew Poelstra told Cointelegraph that zero-knowledge proof (ZK-Proof) systems are “one of the most exciting areas of development” in the cryptography space. This kind of cryptography is known and appreciated for being the basis of privacy-preserving solutions. ZK-Proofs are the basis of the privacy-preserving technology included …

Blockchain / Feb. 20, 2020

Zcash Reward-Distribution Vote Questioned as Only a Small Sample Took Part

At the end of January, a poll apparently confirmed community support for a new mining reward-distribution structure for the Zcash (ZEC) network, whereby more will flow into the developer fund. Still, the decision proved to be rather controversial. Electric Coin Company, the firm behind Zcash, announced in a Jan. 2 blog post that a community poll on the Zcash Improvement Proposal 1014 — referred to as ZIP 1014 — showed a consensus for implementing a 20% fee on mining rewards. The results showed that 77 people, or 87.5% of all votes, were in favor of the implementation, while just 11 …

Altcoin / March 22, 2020