Zcash Team Reveals It Fixed a Catastrophic Coin Counterfeiting Bug

The company behind the privacy-minded cryptocurrency zcash has revealed that it fixed a catastrophic code bug last year that could have been used to print infinite coins.

According to a report published Tuesday, zcash cryptographer Ariel Gabizon discovered a "Subtle" bug a little less than a year ago in zk-SNARKS, the bleeding-edge cryptography the cryptocurrency uses to shield balances and user identities, which are implemented so that outsiders can't see financial information users want kept to themselves.

Once the zcash team found out about the bug, they kept it quiet and pulled together a fix, which they then added to zcash's large Sapling upgrade, which was executed October last year.

If exploited, an attacker would have been able to print an infinite amount of zcash tokens.

"Prior to its remediation, an attacker could have created fake Zcash without being detected. The counterfeiting vulnerability has been fully remediated in Zcash and no action is required by Zcash users."

Because zk-SNARKs are so bleeding-edge, some have criticized zcash for using the technology so early on.

Still, the team added that they don't think zcash was at risk of the counterfeiting bug for a number of reasons, including "Discovery of the vulnerability would have required a high level of technical and cryptographic sophistication that very few people possess."

Some have applauded the team's handling of the bug - including famed NSA whistleblower Edward Snowden.

"A lot of people wonder why I like #Zcash despite the Founder's Reward. Here's a reason: that tax funds a quality team that catches and kills serious bugs in-house, before they get exploited," he tweeted.

"Some other projects learn about bugs like this only AFTER people have lost money."