Zcash Bug Could Have Let Attackers Print Cryptocurrency Out of Thin Air

Zcash (ZEC) activated an emergency hard fork on Wednesday to address a critical bug in its Orchard shielded transaction pool. The vulnerability stemmed from a soundness issue in the zero-knowledge proof circuit that validates private transactions. In theory, it could have permitted the creation of additional ZEC inside the pool, opening the door to undetected inflation or invalid state transitions accepted by the network. On Wednesday, the Zcash Foundation said there is “no evidence of unauthorized value creation.” Because of the privacy design, however, confirming the absence of any hidden inflation remains difficult for outside observers. Independent researcher Taylor Hornby identified the problem on May 29th during a protocol audit conducted for Shielded Labs, according to CoinDesk. Developers moved quickly via private coordination with miners and exchanges, and an emergency soft fork implemented in Zebra 4.5.3 temporarily disabled all actions on the affected shielded pool, known as Orchard. A hard fork then activated on Wednesday at block height 3,364,600, re-enabling shielded transactions with the fix in place.

This marks the second time Zcash has faced a bug with the potential to create new units of its currency in a difficult-to-verify manner, as an earlier flaw from 2018 theoretically allowed unlimited counterfeiting. The Zcash team kept knowledge tightly restricted and slipped a fix into an upgrade, as covered by Fortune around the time the bug was disclosed.