Zcash Bug Causes Widespread User Information Leak


A bug on the Zcash network could lead to most users having their information leaked, claims Duke Leto, a community member who has occasionally contributed to the project, on a blog post on his own website.

The post summarizes the following:

“A bug has existed for all shielded addresses since the inception of Zcash and Zcash Protocol. It is present in all Zcash source code forks. It is possible to find the IP address of full nodes who own a shielded address (zaddr). That is, Alice giving Bob a zaddr to be paid, could actually allow Bob to discover Alice’s IP address. This is drastically against the design of Zcash Protocol.”



A fatal Zcash flaw

L1eto goes on, stating that anyone who has given out their zaddr on social media, in a bug report, to an exchange, or as a reply to a memo may very well be affected. However, if a user has never used a zaddr, they should be fine.

A list of assets that have been affected:

  • Zcash (ZEC)
  • Hush (HUSH)
  • Pirate (ARRR)
  • All Komodo (KMD) smart chains with zaddrs (enabled by default)
  • Horizen (ZEN)
  • Zero (ZER)
  • VoteCoin (VOT)
  • Snowgem (XSG)
  • BitcoinZ (BTCZ)
  • LitecoinZ (LTZ)
  • Zelcash (ZEL)
  • Ycash (YEC)
  • Arrow (ARW)
  • Verus (VRSC)
  • BitcoinPrivate (BTCP)
  • ZClassic (ZCL)
  • Anon (ANON)

Overall, those that have been affected can use this link to track the goings-on of the flaw.

All trading carries risk. Views expressed are those of the writers only. Past performance is no guarantee of future results. The opinions expressed in this Site do not constitute investment advice and independent financial advice should be sought where appropriate. This website is free for you to use but we may receive commission from the companies we feature on this site.
Max Moeller

Cryptocurrency and games writer. Looking to the future by studying how these two industries can blend. LinkedIn: https://www.linkedin.com/in/maxwell-moeller-912044b4/

HTML Snippets Powered By : XYZScripts.com