Zcash Discloses Vulnerability That Could Have Allowed ‘Infinite Counterfeit’ Cryptocurrency
On March 1 of last year, Ariel Gabizon was tidying up a presentation he was preparing to deliver the following day at a financial cryptography conference on the Caribbean island of Curaçao when he spotted a seemingly small mathematical mistake that could, he realized, jeopardize billions of dollars in capital.
An engineer for the Zerocoin Electric Coin Company, a startup known for creating the privacy-oriented cryptocurrency Zcash, Gabizon had identified an error in a seminal cryptography paper that served as a foundation for a host of virtual coins, including Zcash’s. The flawed paper described the mathematical underpinnings of certain “zero knowledge” proofs, a cryptographic breakthrough that enables the privacy features of Zcash as well as those of other digital currency projects. Ultimately, an attacker could have exploited the vulnerability to mint an infinite amount of counterfeit Zcash—as well as any other cryptocurrency that relied on its cryptographic technology—and no one would have been the wiser.
Bryce “Zooko” Wilcox, CEO and cofounder of the Zcash company, told Fortuneon a call that his team patched the security hole in October, roughly eight months after its initial discovery. ..Read More..