Categories: Ethereum

Infinite Token Printing Bug Fixed By Zcash Team … About 4 Months Ago

Click here to view original web page at

An official blog post written by Zcash marketing director Josh Swihart, director of product security Benjamin Winston, and engineer Sean Bowe details a counterfeiting vulnerability that would have allowed an attacker to create unlimited fake Zcash tokens without being detected. The vulnerability, however, was snuffed out in October 2018 during the company's network hard fork known as Sapling.

On March 1, 2018, Ariel Gabizon, a cryptographer for Zcash, found the bug in the zk-SNARK proofs' construction used in the original 2016 launch of Zcash. zk-SNARK is the cryptography used by the privacy-heavy coin to shield Zcash transactions that are encrypted on the blockchain while still allowing for verification under the network's consensus rules.

According to the blog post, if the vulnerability had been found by a malicious actor, the attacker could have created "counterfeit shielded value" in any system that was using zk-SNARK parameters. An attacker would have needed information found in Zcash's multi-party computation (MPC) protocol transcript, which was made available after the coin's launch. Zcash removed the transcript from public availability under the cover story that the transcript was missing due to "accidental deletion."

Ultimately, is was decided that the the vulnerability would be taken care of in the October 2018 Sapling network upgrade, which also saw shielded transactions become less computationally heavy, making the currency easier to use. In November 2018, Zcash contacted Horizen and Komodo, which were both using zk-SNARK parameters. While Zcash did not disclose the specifics related to the bug, it recommended the two companies upgrade their systems.

The problem and its solution were not reported by Zcash until yesterday, February 5, in order to "protect against it being exploited prior to its remediation, and to provide information and remediated code to other projects that were also vulnerable." Though the vulnerability had existed for years, Swihart, Winston, and Bowe believe that no counterfeiting occurred because discovering the bug required "a high level of technical and cryptographic sophistication that very few people possess."

While that might sound like Zcash just negged the crypto community by describing why it believes the zk-SNARK bug was never used, let alone found, Zcash's handling of the situation was viewed in a positive light by many. Most notably, NSA whistleblower Edward Snowden took to Twitter to praise the team for finding the bug before any money was lost.

In June 2018, Vitalik Buterin tweeted about a hypothetical instance in which a hack of the zk-SNARK scheme occurred and counterfeit coins were made. Specifically, Buterin wondered in his thread how that sort of catastrophe should be handled. Zcash was able to find the bug before any hack, but now we know how to handle this kind of situation: Just don't say anything until you're really sure you've fixed it.

Nicholas Ruggieri studied English with an emphasis in creative writing at the University of Nevada, Reno. When he’s not quoting Vines at anyone who’s willing to listen, you’ll find him listening to too many podcasts, reading too many books, and crocheting too many sweaters for his dogs, RT and Peterman.

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Zcash, Ariel Gabizon or other Ethereum cryptocurrencies and tokens news.


Illuminati, Mason, Anonymous I'll never tell. I can tell you this, global power is shifting and those who have the new intelligence are working to acquire this new force. You matter naught except to yourself, therefore prepare for the least expected and make your place in the new world order.

Disqus Comments Loading...
Published by
Tags: buterin currency eth ether vitalik

Recent Posts

  • Altcoins

Denarius – A true cryptocurrency in a sea of ICOs

In a sea of altcoins, Denarius is by far one of the more interesting, innovative blockchain projects released yet. With… Read More

10 mins ago
  • Bitcoin Business

Donald Trump’s bitcoin takedown signals global currency war

US President Donald Trump’s tweet attacking bitcoin ( BTC-USD ) highlights his increasing interest in controlling global currency markets —… Read More

6 hours ago
  • Bitcoin Business

Iran Legalizes Crypto-Mining As “Official Industry”

After weeks of uncertainty, the Iranian government’s Economic Commission has approved a mechanism of cryptocurrency mining in the country, according… Read More

6 hours ago
  • Bitcoin Business

Bullish For Bitcoin? Trump Turns Up Pressure on Federal Reserve to Cut Interest Rates

President Trump is continuing to pressure the Federal Reserve for dragging its feet on interest rate cuts. For some, such… Read More

6 hours ago
  • Bitcoin Business

Blockchain Center’s grand opening attracts local, international leaders

Pictured (l-r) are Eryka Gemma, Nick Spanos, Miami Mayor Francis Suarez, and Scott Spiegel. (Photo credit: World Red Eye) Blockchain… Read More

6 hours ago
  • Bitcoin Business

Bitcoin buyers beware

by Mike Connon As advisors, we typically advise families to take a patient, long-term approach to investing in the market,… Read More

6 hours ago

This website uses cookies. We use these cookies to collect data about your interaction with our website for the purpose of continuously improving your experience with our site. For more information we encourage you to read our privacy policy.

Read More