ZEC Fall After Zcash Garden Vulnerability Revealed

The price of ZEC dropped on Thursday after more details were revealed about a critical hacking vulnerability in Zcash’s Orchard pool that allowed a bad actor to mine unlimited ZEC.

According to a post on X, Taylor Hornby, a security engineer at Shield Labs, discovered the bug on May 29 and disclosed it to the Zcash Open Development Lab (ZODL), which issued an emergency response to fix the vulnerability with a June 3 hard fork.

However, as of May 2022, there are new concerns about how well the vulnerability has been exploited. Leading Zcash Falling over 30% to $410 in the last 24 hours. Market capitalization fell by more than $3 billion.

However, BitMEX co-founder Arthur Hayes he said. On Friday, ZEC admitted that it was unlikely that it had been done illegally this way, although it “cannot be said to be impossible under formal secrecy”.

“Unfortunately, due to the exploitation of Orchard Pool, I had to dispose of our entire ZEC portfolio,” he said.

“The holy trinity is dead,” he added, referring to Zcash and the two other tokens he sold this week, Hyperliquid (HYPE) and Near Protocol (NEAR).

ZEC falls 30% in 24 hours after two months of strong gains. Source: Trading view

Cloud helps with bug discovery

Taylor used the cryptographic component under Zcash’s Orchard shield pool to help with the highly targeted evaluation of the Orchard circuit using Cloud Opus 4.8, which was released on May 28, a day before the discovery.

A critical bug allowed false inputs into elliptic curve multiplexing checks, meaning the math that supposedly authenticates transactions could be spoofed.

Taylor worked and tried exploitationGenerate Unlimited Fake ZEC.

“If the same device were to run on the Zcash mainnet, it would generate unlimited, undetectable fake ZEC in the mainnet Zcash Wallet,” the security researchers said. he said. on friday.

The main concern is that, due to Orchard’s privacy features, there is no cryptographic way to prove that anyone has used it before before being hacked.

However, Shield Labs is “not overly concerned” because the bug was subtle enough to elude expert review for years, and the discovery was made using deliberate, highly skilled advanced equipment and AI.

Related: Crypto mining losses drop by 90% to $68m in May: CertiK

The organization is working with. Cheap The developers said on the planned network update that anyone can verify the authenticity of the ZAC supply and ensure that there are no fake tokens in the garden pool.

It’s not the first fake vulnerability for Zcash.

Mert Mumtaz, co-founder and CEO of Solana tooling firm Helius he said. Almost all privacy protocols have a variation of this same vulnerability.

“This same FUD comes back every five months when new people learn how privacy pools work,” he said.

He explained that it is a theoretical risk from circuit errors that are difficult to use or detect in most zero-knowledge privacy protocols.

This is not the first time a similar vulnerability has been discovered in Zcash. In the year In 2018, a fake vulnerability in the cryptocurrency under zk-proofs was discovered by the electric coin company; He fixed it. 2019 without any losses.

Magazine: Big questions: Do we really only need 2-5 cryptocurrencies?