Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Security researcher Alex Sol, known by the alias Scalar, identified a critical vulnerability in Zcash nodes that allowed malicious miners to extract over 25,000 ZEC, valued at $6.5 million, from the outdated Sprout pool.
The vulnerability affected versions of the outdated Sprout pool released since July 2020. Although it was closed to new deposits in November 2020, it continued to hold approximately 25,424 ZEC that users had not migrated to updated versions of the shielded pools. Fortunately, the attackers did not manage to exploit the flaw, and user funds remained secure.
The Zcash development team (ZODL) stated that had an attack occurred, a mechanism known as the “turnstile” would have prevented an increase in token issuance. This mechanism verifies that each coin leaving the Sprout pool indeed entered it. Therefore, attackers would not have been able to create new tokens beyond the total supply of tokens in circulation (around 16.63 million ZEC). Thus, the threat was limited to the potential loss of user funds, but not to the inflation of the protocol itself, reassured the project team.
Related Posts
Zcash developers, in collaboration with the Zcash Open Development Lab (ZODL), released a patch in version 6.12.0. Major mining pools updated their systems—Luxor deployed the fix on March 25, while F2Pool, ViaBTC, and AntPool managed to do so by March 26.
For discovering the vulnerability, Alex Sol will receive a reward of 200 ZEC (over $51,000), as promised by the project team. Each organization—Shielded Labs, ZODL, Zcash Foundation, and Bootstrap—plans to contribute 50 ZEC.
Over the past day, the cryptocurrency ZEC has decreased by 2.2%, reaching $245. The market capitalization of the crypto asset stands at $4.08 billion, while the daily trading volume has risen by 17.6%, totaling $535.1 million. Currently, ZEC ranks 22nd in market capitalization among cryptocurrencies and is trading 95% below its all-time high of $5,941, achieved nine years ago on October 29, 2016.
In March, Zcash developers raised $25 million to create a new private cryptocurrency wallet called Zodl. Investors included venture firms Coinbase Ventures and a16z Crypto.
