SoylentNews is people
SoylentNews
The Zcoin project announced yesterday that a typo in the Zerocoin source code allowed an attacker to steal 370,000 Zerocoin, which is about $592,000 at today's price. Zerocoin, also known as Zcoin or XZC, is a cryptocurrency protocol built on top of Bitcoin that implements Zero-Knowledge proofs to guarantee complete financial privacy and anonymity. Zerocoin is the precursor of Zcash and Monero, two similar cryptocurrencies that provide extra anonymity for their users, much more than the standard Bitcoin currency can provide.
According to the Zcoin team, one extra character left inside Zerocoin's source code caused a bug that an unknown attacker discovered and used to his advantage in the last few weeks. "The bug from the typo error allowed the attacker to reuse his existing valid proofs to generate additional Zerocoin spend transactions," the Zcoin team said yesterday. This allowed the crook to initiate one transaction but receive the money multiple times over.
According to the Zcoin team, the attacker (or attackers) was very sophisticated and took great care to hide his tracks. They say the attacker created numerous accounts at Zerocoin exchanges and spread transactions across several weeks so that traders wouldn't notice the uneven transactions volume. Nonetheless, as transactions piled up, the Zcoin team saw that the two sides of their blockchain weren't adding up.
The Zcoin team says they worked with various exchanges to attempt and identify the attacker but to no avail. Out of the 370,000 Zerocoin he stole, the attacker has already sold 350,000. The Zcoin team estimates the attacker made a net profit of 410 Bitcoin ($437,000).
Source:
(Score: 1) by tftp on Tuesday February 21 2017, @06:38AM
instead of locking your door or safe or whatever, you now have to have the technical knowledge to ensure your electronic system is secure enough to protect your virtual "money."
It's worse. When you have physical possession of cash you can build walls, doors, safes, alarms to protect your precious. However cryptocurrencies keep your money "in the cloud" - in the opinion of the majority of miners that this particular money belongs to you. The miners do not care one way or another, actually. If someone gives them a sufficiently good reason to believe that your coins are not your coins, they will happily sign this into the blockchain as the fact, and you cannot do a thing about it.
Even outside of the software bugs and exploits, your wallet can be invisibly stolen and spent before you realize it - just like your cash can be stolen from your pocket. But people don't walk around with all their money in the pocket. Is that so with cryptocoin wallets? How many wallets people are going to have? Technically, they can have as many as they want to. Practically - one, unless they are fanatics of bookkeeping. It's trivial to take a few bills with you; but you'd have to transfer some money into your "pocket" wallet before leaving home. What if you need just a bit more? Tough luck, just like with cash. You do not have access to your other money, and it would be too risky to have such access because if you are forced to transfer it at gunpoint, it's gone forever. Credit card stolen? One phone call and it's all reversed.
Banks offer products (c/c) that not only provide goods on credit, they also insure against the risk. Cryptocoins are a step back; they will force everyone to be their own bank and, essentially, carry their money on the belt, like they used to do centuries ago. This is one of several reasons why cryptocurrencies are not so popular - banks are providing useful service *and* interest. They count your money for you, they insure it for you, they give you payment instruments, they have convenient web sites where you can watch your income and expenses and pay bills for you. In most cases all this is free, and often you get paid for using bank accounts and credit cards. I, personally, do not use cash for several decades now.
(Score: 0) by Anonymous Coward on Tuesday February 21 2017, @03:28PM
"Cryptocurrencies" are the equivalent of box top stamps backed by CO2 biscuits.