An implementation bug in Zerocoin helped hackers steal ZCoins worth $585,000

Share this…

A hacker exploited an implementation bug in the source code of the Zerocoin currency scheme to steal ZCoins worth $585,000.

“Zerocoin is a project to fix a major weakness in Bitcoin: the lack of privacy guarantees we take for granted in using credit cards and cash.” reads the description on the project. 

Zerocoin cryptocurrency protocol is designed to implement anonymity of transactions that take full advantage of “Zero-Knowledge proofs” to ensure the complete financial privacy of users.

According to an announcement published on the project website the bug was exploited by a hacker to create Zerocoin spend transactions without a corresponding mint.

“Yesterday, our team found a bug in our implementation of Zerocoin. A typographical error on a single additional character in code allowed an attacker to create Zerocoin spend transactions without a corresponding mint.” reads the announcement. “We have identified the error and are pushing the fix urgently within the next 24 hours. We urge all pools and exchanges to update once the release is out.” 

The implementation bug helped the hacker to steal 370,000 Zcoin, which correspond to $585,000 at the current price. The bug consists in an extra character left inside the source code of the currency that allowed the hacker to reuse his/her existing valid proofs to generate additional Zcoins spend transactions.

“We estimate the attacker has created about 370,000 Zcoins which has been almost completely sold except for about 20,000+ Zcoin and absorbed on the market with a profit of around 410 BTC,” continues the announcement.

The team said the bug was created due to one extra character left inside Zerocoin source code that allowed the unknown attacker to reuse his/her existing valid proofs to generate additional Zerocoin spend transactions.

Due to the bug, the attacker was able to spend multiple times the Zcoins used in a transaction.


Watch out, Zerocoin protocol doesn’t contain any weakness, the anonymity of currency has not been compromised, it is just an implementation bug algorithms in the currency scheme have no problems.

“We knew we were being attacked when we saw that the total mint transactions did not match up with the total spend transactions,” the team said. “If our total supply were not verifiable due to hidden amount transactions, we would not have been able to discover this bug.”

The experts at Zerocoin team believe the attacker spent a significant effort to hide their tracks by generating a large number of exchange accounts involve in several transactions over several weeks.

The development team has identified the implementation error and is pushing an update within the next 24 hours.