SoylentNews is people
SoylentNews
The Zcoin project announced yesterday that a typo in the Zerocoin source code allowed an attacker to steal 370,000 Zerocoin, which is about $592,000 at today's price. Zerocoin, also known as Zcoin or XZC, is a cryptocurrency protocol built on top of Bitcoin that implements Zero-Knowledge proofs to guarantee complete financial privacy and anonymity. Zerocoin is the precursor of Zcash and Monero, two similar cryptocurrencies that provide extra anonymity for their users, much more than the standard Bitcoin currency can provide.
According to the Zcoin team, one extra character left inside Zerocoin's source code caused a bug that an unknown attacker discovered and used to his advantage in the last few weeks. "The bug from the typo error allowed the attacker to reuse his existing valid proofs to generate additional Zerocoin spend transactions," the Zcoin team said yesterday. This allowed the crook to initiate one transaction but receive the money multiple times over.
According to the Zcoin team, the attacker (or attackers) was very sophisticated and took great care to hide his tracks. They say the attacker created numerous accounts at Zerocoin exchanges and spread transactions across several weeks so that traders wouldn't notice the uneven transactions volume. Nonetheless, as transactions piled up, the Zcoin team saw that the two sides of their blockchain weren't adding up.
The Zcoin team says they worked with various exchanges to attempt and identify the attacker but to no avail. Out of the 370,000 Zerocoin he stole, the attacker has already sold 350,000. The Zcoin team estimates the attacker made a net profit of 410 Bitcoin ($437,000).
Source:
(Score: 3, Insightful) by Anonymous Coward on Monday February 20 2017, @08:25PM
Boils down to: do you want to be free or safe?
(Score: 5, Insightful) by AthanasiusKircher on Monday February 20 2017, @10:30PM
Boils down to: do you want to be free or safe?
Anonymity doesn't necessarily equal freedom. In fact, they are often present in completely opposite circumstances -- i.e., societies where anonymity is necessary are generally less free ones. People who want to use Bitcoin or whatever anonymously for illicit purchases are doing so not because they are more "free" but because they are LESS so, and that lack of freedom to do as they wish forces them into hiding. In a more free world overall, one doesn't always need to compromise safety for freedom.
And, in fact, one might even reverse the claims of "free" vs. "safe" depending on your perspective. To a person dealing in illicit items, it is in fact "safer" to be anonymous. And for someone who wants to carry on business without worrying too much about the reputation of the seller or whether they might run away with their money and never return, a shopper actually has "more freedom" to choose without those worries if transactions to specific sellers can be tracked. I mean, think of all the millions of sellers you can instantly buy from across the United States on eBay or Amazon or whatever -- the freedom of choice in purchasing frequently comes from TRACKING the transactions and thus reputation of people selling you stuff. If you didn't have that tracking information, you'd likely have very little freedom of choice in purchases, instead restricted to a few sellers you knew personally or whatever, and complete anonymity would make it difficult to verify if you were even dealing with the same person again.
"Freedom" and "safety" are relative to your goals.
That said, I take your point -- tracking of monetary transactions also has plenty of downsides, including potential government interference and tracking, etc. I just think no one should be surprised when something designed to be anonymous is exploited by BAD anonymous people.