The developer team behind the privacy-focused cryptocurrency Zcash has fixed a severe vulnerability in a highly secretive sequence of events that would allow an attacker to generate new Zcash funds from scratch without any upper limit. The vulnerability was considered so dangerous that only four people knew about it before the release of a patch in late October 2018.
The four are Ariel Gabizon, a cryptographer working for the Zcash Company and the one who discovered the bug; Sean Bowe, a fellow cryptographer from Zcash, who confirmed the finding of Gabizon; and Zooko and Nathan Wilcox, the CEO and CTO of the Zcash Company, both coordinating the solution. The paranoia and secrecy behind the patch stem from the fact that JPMorgan Chase, one of the largest banks in the world, is also using the Zcash cryptocurrency and its highly advanced and privacy-oriented protocol.
But the fear of losing trading partners wasn’t the only thing that silenced the four Zcash developers. The flaw itself had dangerous consequences, as it could be abused by flooding the Zcash ecosystem with new funds that could have diluted and potentially destroyed it forever. In order to prevent attackers from exploiting the flaw, the four Zcash devs went so far as to delete a “large MPC protocol transcript”-a file that attackers could have used to fine-tune their exploit code.
When asked why the file had disappeared from their servers, the Zcash leadership claimed that it “was missing due to accidental deletion” (they later reconstructed the file from DVDs collected from the original Zcash launch ceremony participants). The problem, which Gabizon first discovered at the Financial Cryptography 2018 conference on March 1, last year, was eventually resolved at the end of October when the Zcash team released the Zcash protocol “Sapling” edition, which replaced the vulnerable code with stronger mathematical algorithms.
But the Zcash team didn’t immediately reveal details of the vulnerability. Instead, they notified other cryptocurrencies and blockchain projects using their older, vulnerable code, such as Horizen and Komodo, which soon launched their own patches. Only today, almost three months after the release of the patch, the Zcash team revealed details about the vulnerability.
The Zcash devs say they didn’t fear anyone else discovering the same problem despite all the secrecy, even though they followed the proper procedure and nevertheless took all the necessary precautions. “Discovery of the vulnerability would have required a high level of technical and cryptographic sophistication that very few people possess,” said the Zcash team today.
“The vulnerability had existed for years but was undiscovered by numerous expert cryptographers, scientists, third-party auditors, and third-party engineering teams who initiated new projects based upon the Zcash code.” Zcash devs also said they could not find any evidence that anyone found or exploited this fault without their knowledge.
They said exploiting this vulnerability would have left the Zcash blockchain “a specific kind of footprint” they could easily detect if it ever happened. Any project that relies on the original Sprout protocol distributed during Zcash’s initial launch is now considered unsafe. Zcash is the world’s 21st-ranked cryptocurrency, based on market cap, according to CoinMarketCap.
