Zerocoin, The Zcoin project announced yesterday that a typo mistake in Zerocoin source code allowed an attacker to steal 370,000 Zerocoin, and which is almost $592,000 at today’s’ market price.
Zerocoin Cryptocurrency is designed for anonymity to Zcoin transactions that implement a Zero-knowledge proof of guarantee and hence helps in providing financial privacy and anonymity.
Statement — “We estimate the attacker has created about 370,000 Zcoins which has been almost completely sold except for about 20,000+ Zcoin and absorbed on the market with a profit of around 410 BTC,” the Zcoin team said.
What is Typo mistake?
Typo is a mistake are made by accident while typing codes. These errors are very annoying to the editors because a mistake in code can let an attacker steal information.
As one of the examples of Typo mistake saved $1 billion of Bangladesh bank from getting stolen.
Zerocoin team said that the vulnerability was developed due to and extra character inside the source code which allowed an attacker to reuse his/her existing valid payment proof to generate more Zcoin. In short, the attacker gets the money invested one time and received Zcoin multiple times, it is like getting interest on the invested sum.
The team mentioned that the vulnerability wasn’t in cryptographic protocol and anonymity of Zcoin and hence no user’s has been compromised.
Statement –“We knew we were being attacked when we saw that the total mint transactions did not match up with the total spend transactions,” the team said. “If our total supply were not verifiable due to hidden amount transactions, we would not have been able to discover this bug.”
The bug appears to be discovered on February 16 and the Zerocoin team announced the theft of Zcoin on the same day, they also announced the fix on the same day for Zerocoin protocol.
According to the team, attacker group was using an advanced technique to hide tracks through making lots of accounts and carefully deposited, withdrawal all the sum over several weeks.
Most of the Zcoin were cashed by the attacker and out of 370,000 Zcoin the attacker has already sold 350,000.
The Zcoin team failed to identify the attacker by working with various exchange available in the market.
The team told that damage has already been absorbed by the market. Once they update their code pools and exchange will be resumed. So everyone is advised to update their pool as soon as the fix is done into the source code of Zerocoin protocol.
Get more stuff like this
in your inbox
Subscribe Us And Get Latest Tech News, Hacking News, Science News, And Latest Gadgets News Directly Delivered To Your Inbox
Thank You For Subscribing. Verification Email Has Been Send To You. Please Verify !
Something Went Wrong.