Zerocoin exploit found, Zcoin attacked, other privacy coins at risk

The Zcoin team discovered a vulnerability in the cryptography of the Zerocoin protocol that allows an attacker to forge zero-knowledge proofs and create coins out of thin air.

Coins using the protocol such as PIVX and Veil are vulnerable to attack until Zerocoin is disabled.

During the investigation, the team was able to uncover that the vulnerability was not the result of a coding error but was actually a cryptographic flaw in one of the zero-knowledge proofs that had existed since the inception of the Zerocoin protocol.

Zerocoin works by allowing people to burn their coins and then redeem them later for new coins with no previous transaction history by producing a zero-knowledge proof that proves that they burnt the coins without showing which coins they burnt.

To prevent people from reusing the same zero-knowledge proof to redeem new coins, each Zerocoin mint when spent will yield a unique serial number.

Coins which have something called the "Masternode sporks" feature can turn off Zerocoin immediately, protecting themselves from attack.

Projects without the feature would need to hard fork to disable Zerocoin.

"Declaring Zerocoin is dead is premature. There are probably ways to fix it and we are already floating some ideas with other teams. The only reason why we won't dedicate resources to it is because we are transitioning out already anyway in line with our long term road map."

The company has spent most of 2018 working on replacing Zerocoin with Sigma, which is a precursor to their next generation privacy protocol named Lelantus that will expand its functionalities and privacy features during the minting and spending process.

For now, the team has contacted other projects using Zerocoin to give those projects time to secure themselves against the exploit.