A typo in the code of the official wallet Zerocoin allowed to steal cryptocurrency at $ 648 thousand

Zcash (ZXC) course for the last month while an unknown attacker or attacker cashed out

On February 16, 2017, the Zerocoin development team found a bug in the official implementation of Zerocoin. It turned out that the code contains a typo - the only extra character that was accidentally added when typing on the keyboard. Because of this typo, it was possible to conduct transactions without a corresponding waste of coins. That is, it was possible to transfer money without removing them from the wallet.

Unfortunately, the characters in the code have already been used by dishonest and conscientious characters, who took away $ 648 thousand equivalent from Zerocoin wallets in cryptocurrency.

The developers identified a specific place in the code with a typo, and released a patch within 24 hours, so that this will not happen again. At least, because of this particular error, it will no longer be possible to generate money.
')
Of course, no one was directly affected by the error. All coins remained in the purses of all users. However, due to unauthorized minting of coins, their market value has slightly decreased. But it is a natural and familiar process for everyone who lives in nation states that print the national currency uncontrollably. In a cryptosystem, this happens only as a result of a bug, and in nation-states this happens all the time as a normal phenomenon.

All mining pools and exchanges were immediately alerted to the need to upgrade the software.

The Zerocoin developers note that the attacker (or attackers) launched an attack of great complexity, which speaks of his (or their) high qualification. In particular, the attacker took several steps to disguise the attack - he (or she) created many accounts for the exchange and carefully distributed the coins to the accounts and displayed them for several weeks.

According to the developers, the hacker managed to create about 370,000 coins. Almost all of them were sold (cashed), with the exception of about 20,000 coins, which were sold on the market. If you count 350,000 cash-credited at the current rate, it will be about $ 648 thousand. But at the time of cashing, the rate was at times approximately 10-20% higher, so that an unscrupulous user with special luck managed to earn about $ 700 thousand.

The saddest thing is that in countries like the Russian Federation, the attacker does not even face punishment. There are several reasons. Firstly, ZCash cryptocurrency is not considered an official means of payment in the territory of the Russian Federation. That is, it is not money at all, but some "candy wrappers" that have virtual value. Secondly, in this case there is no injured party. It is not clear who should write a claim and claim damages. All users have their wallets intact, that is, no coins have been stolen. And finally: although a dishonest and immoral user is not threatened with any punishment, his personality is still unlikely to be established, because he (or she) competently used anonymization technologies on the Internet.

The developers emphasize that the identified bug did not affect the anonymity of the cryptocurrency and the stability of the system. Moreover, it was the criterion resistance of the system that helped to reveal the expenditure of extra coins. That is, this bug only confirms that Zerocoin is an exceptionally stable and durable system in which it is impossible to generate "extra" coins. An exception has occurred that confirms the rule.

Despite the seriousness of the bug, the developers decided not to blacklist the coins generated by the attacker. The fact is that most of them have already been cashed, that is, they have gone to the wallets of users who are completely unrelated to hacking. So you can not worry about the safety of funds.

Coin trading resumed soon after the mining pools and exchanges updated the software.

In general, nothing particularly significant happened. Cryptocurrencies are only being created, so software bugs at an early stage of their development are a normal thing. Hackers who find these bugs and get direct financial benefits from this, even bring benefits to the system, because they help to find errors in the programs. There are hundreds of cryptocurrencies on the market, there are a lot of software errors. Finding and fixing errors is a normal process. The only difference is that in this case, hackers get a little more money than the usual testers salary at the company.

The developers of Zerocoin apologized to all users of the system for having been silent about hacking for some time. This was necessary in order to warn the stock exchange in advance and conduct an investigation, as well as to gather facts that are 100% proof of hacking.