In a blog post released on February 5th, 2019, Zcash announced that they’d discovered a counterfeiting vulnerability in their cryptography 11 months prior. The post was only released after they were positive they’d fixed the issue and protected the funds of all Zcash users. The privacy coin has seen controversy in the past due to its use of a founder’s reward and the perceived centralization that results from that, but this piece of news will likely help that perception significantly.
In fact, the vulnerability was patched in the Sapling patch that was implemented on October 28th, 2018. The reason why the announcement was delayed was because Horizen (also known as ZenCash) and Komodo blockchain both suffered from the same issue and needed to be fixed first. Any announcement before then could have endangered the cryptography of those protocols as well.
A Counterfeiting Issue
The issue was a counterfeiting one, not a privacy one. Essentially, attackers were able to create unlimited Zcash without any worry of detection. Zcash employs some of the most sophisticated cryptography in the industry, and this vulnerability can be seen as a side effect of pushing these boundaries.
On March 1st, 2018, Ariel Gabizon, an engineer at the Zerocoin Electric Coin Company, detected the issue and alerted Sean Bowe (one of the writers of the blog post). Everything was covertly remediated, to avoid any worry of someone taking advantage of this vulnerability. Even many of the engineers were not privy to the problem until after the fact, as this was the best way to maintain operational security.
As of today, the Zcash Company has no reason to believe that this vulnerability had been exploited prior to attack. This is due to the fact the vulnerability had existed for years, but remained undiscovered by third-party auditors, cryptographers, and scientists. The high level of knowledge around cryptography required to understand it also makes the pool of people who could have taken advantage minimal. Finally, there was no footprint or evidence of an increased number of Zcash in circulation.
The bugs were contained in the zk-SNARKs which grant shielded transactions in the Zcash protocol. Since Horizen and Komodo blockchain had similar structures, it was necessary for Zcash to provide them with some of the remediated code in order to protect themselves as well. They were contacted by way of encrypted email in mid-November and are now considered secure as well.
Snowden and Public Perception
In an accompanying piece of news, this sort of covert patching and adept handling of the issue has caused Edward Snowden (US government secrets leaker) to reiterate his support of Zcash’s founder’s reward. This is considered to be one of the more controversial elements of the privacy coin, but he sees it as perfectly justified when you see how well this vulnerability was handled. In a way, you are paying for quality.
Snowden pointed out that many companies only learn about vulnerabilities after they are exploited, and this “tax” is able to fund and incentivized a stronger, more vigilant team. There are multiple views on this and the “centralized” nature of a founder’s reward, but that’s a talk for another time.
So to conclude, there was a gaping hole in the security of a protocol, but it is likely none was counterfeited. Additionally, the operational security of the patch was maintained until other projects could be remediated, which looks great on Zcash. The privacy coin is said to cover many of the issues presented by Bitcoin, and is expected that many looking to store wealth offshore in the coming decade will be buying Zcash.