As per the official Zcash blog, the team had encountered a severe bug in the code in 2018 which could have allowed attackers to generate unlimited fake Zcash coins without being identified. The fatal bug has now been fixed, declares the post published on February 5th, 2019.
As soon as the company officials got to know about the error, instead of making it public, the team started working towards fixing it in the most discreet manner possible. One of the reasons was also to protect the token being exploited before the fix could be applied. Although the company came up with a successful rectification soon enough in their Sapling upgrade unveiled on October 28th of the same year, it is the first time that the team has disclosed this information to the general public.
The bug present in zk-SNARKS was first discovered by Ariel Gabizon, a Zcash company cryptographer, on March 1st last year. Zcash or ZEC, the digital currency that offers stronger privacy compared to other cryptocurrencies, is famous for not only shielding financial data of the users but also protecting their identity from outsiders.
Amongst the buzz, the team at Zcash firmly believes that the bug remained under wraps and no forging activities were carried out at all. That’s because identification of this fault was only possible for people highly superior in the field of cryptographic technology and looking at the present scenario, there are not many people of the sort out there.
The published blog post is co-written by Benjamin Winston, Josh Swihart, and Sean Bowe who hold the respective responsibilities as the product security director, marketing director and engineer at Zcash. Their combined explanation read,
“Before its remediation, an attacker could have created fake Zcash without being detected. The counterfeiting vulnerability has been fully remediated in Zcash, and Zcash users require no action.”
As zk-SNARKS are considered cutting-edge technology, there is also a section of people who slam the company for using much-advanced technology. The reason being it becomes extremely difficult to identify if the tokens are faked, thanks to the high-grade privacy features these tokens possess.
However, the way Zcash team had handled and fixed the issue before it caused casualties have garnered much applause from around the world, including Edward Snowden, the infamous American whistle-blower. He appreciated the team’s efforts through his tweet saying most other projects can identify such bugs only after people have suffered and lost their money.