Zcash Fixes Critical Vulnerability: Threatening Security of Over 25,000 ZEC, Valued at Approximately $6.5 Million

Odaily News: Privacy coin Zcash recently disclosed and patched a critical security vulnerability that could have been exploited by malicious miners to transfer over 25,000 ZEC (approximately $6.5 million) from the deprecated Sprout privacy pool. Security researcher Alex "Scalar" Sol disclosed on March 23rd that the vulnerability stemmed from zcashd nodes skipping proof verification when processing transactions involving the Sprout pool. Officials stated that the vulnerability had persisted since July 2020 but was not actively exploited, and user funds remained safe throughout.

The development team has released version v6.12.0 to complete the fix, and major mining pools have completed the upgrade deployment within days. Additionally, the unaffected Zebra full node implementation possesses the capability to trigger a chain fork, providing an extra layer of protection in case the vulnerability was exploited. According to the disclosure, although the Sprout pool closed to new deposits in November 2020, it still held approximately 25,424 ZEC that had not been migrated. Even if the vulnerability had been exploited, Zcash's "turnstile" mechanism could have prevented inflationary issuance, ensuring the total supply would not be exceeded.

This vulnerability was discovered with the assistance of AI, and the researcher will receive a total bounty of 200 ZEC (approximately $51,000). It is worth noting that this is not Zcash's first encounter with a major vulnerability; as early as 2019, it fixed a severe flaw that could have led to unlimited issuance. (Decrypt)