Zcash released a report on Tuesday that reveals a mathematical mistake in the privacy coin’s code. The error, which was discovered by cryptographic engineer Ariel Gabizon, revealed a security vulnerability that could have exposed the privacy coin to hackers.
According to the Zcash report,
“Eleven months ago we discovered a counterfeiting vulnerability in the cryptography underlying some kinds of zero-knowledge proofs.”
“The counterfeiting vulnerability was fixed by the Sapling network upgrade that activated on October 28th, 2018. The vulnerability was specific to counterfeiting and did not affect user privacy in any way. Prior to its remediation, an attacker could have created fake Zcash without being detected. The counterfeiting vulnerability has been fully remediated in Zcash and no action is required by Zcash users.”
Zcash CEO Zooko Wilcox says he doesn’t believe there was any exploitation of the vulnerability.
Wilcox also told Fortune he doesn’t think people know cryptography well enough to have taken advantage of the error; however, the Zcash team says it can’t be completely sure that the error has not been exploited.
According to the Zcash report,
“It was not reported publicly at the time in order to protect against it being exploited prior to its remediation, and to provide information and remediated code to other projects that were also vulnerable. We employed stringent operational security measures to keep its existence a secret, even from our own engineers.”
“We believe that no one else was aware of the vulnerability and that no counterfeiting occurred in Zcash.”
According to the developers, no further action needs to be taken by Zcash users.
[the_ad id="42537"] [the_ad id="42536"]