Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Monday February 20 2017, @07:55PM   Printer-friendly
from the Zerocoin-day-vulnerability dept.

The Zcoin project announced yesterday that a typo in the Zerocoin source code allowed an attacker to steal 370,000 Zerocoin, which is about $592,000 at today's price. Zerocoin, also known as Zcoin or XZC, is a cryptocurrency protocol built on top of Bitcoin that implements Zero-Knowledge proofs to guarantee complete financial privacy and anonymity. Zerocoin is the precursor of Zcash and Monero, two similar cryptocurrencies that provide extra anonymity for their users, much more than the standard Bitcoin currency can provide.

According to the Zcoin team, one extra character left inside Zerocoin's source code caused a bug that an unknown attacker discovered and used to his advantage in the last few weeks. "The bug from the typo error allowed the attacker to reuse his existing valid proofs to generate additional Zerocoin spend transactions," the Zcoin team said yesterday. This allowed the crook to initiate one transaction but receive the money multiple times over.

According to the Zcoin team, the attacker (or attackers) was very sophisticated and took great care to hide his tracks. They say the attacker created numerous accounts at Zerocoin exchanges and spread transactions across several weeks so that traders wouldn't notice the uneven transactions volume. Nonetheless, as transactions piled up, the Zcoin team saw that the two sides of their blockchain weren't adding up.

The Zcoin team says they worked with various exchanges to attempt and identify the attacker but to no avail. Out of the 370,000 Zerocoin he stole, the attacker has already sold 350,000. The Zcoin team estimates the attacker made a net profit of 410 Bitcoin ($437,000).

Source:

https://www.bleepingcomputer.com/news/security/a-source-code-typo-allowed-an-attacker-to-steal-370-000-zerocoin-592-000-/


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by art guerrilla on Monday February 20 2017, @08:01PM

    by art guerrilla (3082) on Monday February 20 2017, @08:01PM (#469405)

    ...that -in fact- crime does pay...
    one might be confused that our betters still talk as if morality has meaning, but that's just for the rubes...

    • (Score: 2) by captain normal on Monday February 20 2017, @11:29PM

      by captain normal (2205) on Monday February 20 2017, @11:29PM (#469496)

      Yep...who knows if you steal the money the right way, you could wind up being President some day.

      --
      When life isn't going right, go left.
  • (Score: 0) by Anonymous Coward on Monday February 20 2017, @08:14PM

    by Anonymous Coward on Monday February 20 2017, @08:14PM (#469413)

    guarantee complete financial privacy and anonymity.

    So, what's the problem? Oh right, maybe that this is pretty much tailor-made for criminals in the first place. There are very good reasons why you want to track monetary transactions and very few reasons you do not. Subtracting criminal activities (includes tax evasion!!), you end up with basically no reason as to not use untraceable currency.

    And don't bring up BS reasons like

      1. my gov't doesn't allow me to donate to Wikileaks or Muslim Brotherhood (assuming it's not banned in your country as terrorist organization yet) -- tough luck?
      2. I don't want gov't to know about the dildo I purchased -- use petty cash? or you know, if that's your idea of a problem, then maybe you need to grow up?
      3. I wear my aluminum hat with, shiny side out to stop the Mind Rays! -- you have other problems?

    So, working as intended. and HAHA!

    • (Score: 1, Insightful) by Anonymous Coward on Monday February 20 2017, @09:04PM

      by Anonymous Coward on Monday February 20 2017, @09:04PM (#469437)

      Oh ye of little imagination... when I was still a teenager I thought the same thing, so much would be fixed by complete financial transparency. However, that path leads to fascism. Your shitty examples are just that, shit.

    • (Score: 1, Funny) by Anonymous Coward on Monday February 20 2017, @09:40PM

      by Anonymous Coward on Monday February 20 2017, @09:40PM (#469452)

      I don't want my wife's religious fundamentalist parents to know about the penis extender I purchased on the advice of Ethanol-Fueled, because she would be devastated if they did that weird ritual where they erase her name from the Book of Life in Heaven (see Revelation, etc) and refuse to acknowledge that she exists ever again.

      FTFY

    • (Score: 3, Interesting) by tangomargarine on Monday February 20 2017, @09:58PM

      by tangomargarine (667) on Monday February 20 2017, @09:58PM (#469458)

      And don't bring up BS reasons like
          1. my gov't doesn't allow me to donate to Wikileaks or Muslim Brotherhood (assuming it's not banned in your country as terrorist organization yet) -- tough luck?

      Anonymous Coward has decreed that authoritarianism is well and good so I guess we can all go home now.

      Subtracting criminal activities (includes tax evasion!!), you end up with basically no reason as to not use untraceable currency.

      That something is illegal does not necessarily make it immoral/unethical. If you axiomatically believe that the government can't be wrong, that isn't a problem for you, though.

      --
      "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
      • (Score: 2) by captain normal on Monday February 20 2017, @11:54PM

        by captain normal (2205) on Monday February 20 2017, @11:54PM (#469500)

        "axiomatically" I love that word! Did you just coin that, or did it just hang your brain waiting for a good time to use it?
        Just googled it and it seems to be a real word.
        Now I'm going for "axiomagically". Expecting something to happen or come true because you heard it or saw it on the interweb and it confirms your own unfounded beliefs.
         

        --
        When life isn't going right, go left.
        • (Score: 2) by art guerrilla on Tuesday February 21 2017, @12:35AM

          by art guerrilla (3082) on Tuesday February 21 2017, @12:35AM (#469512)

          speaking of favorite new words:
          pinxterflower
          in the context of an alternate common name (which it has a bunch) for the wild azalea...
          not sure why, but it just tickled me...

    • (Score: 1) by Scruffy Beard 2 on Tuesday February 21 2017, @05:38AM

      by Scruffy Beard 2 (6030) on Tuesday February 21 2017, @05:38AM (#469586)

      Cryptocurrencies need strong anonymity because the block-chain is public.

      Without it, any recipient can trace your entire transaction history. Sometimes, as in the case of political parties, this transparency is required by law. In other cases, such as paying your landlord or barrista, you may not want them to know exactly how much money you make and where you spend it.

    • (Score: 1) by terryk30 on Tuesday February 21 2017, @03:36PM

      by terryk30 (1753) on Tuesday February 21 2017, @03:36PM (#469716)

      ...with no reason as to not use untraceable currency

      *poof*

      Ah thanks, looks like I had a bug in wetware function Parse:Simplify:CancelDoubleNegative( )

  • (Score: 4, Insightful) by AthanasiusKircher on Monday February 20 2017, @08:18PM

    by AthanasiusKircher (5291) on Monday February 20 2017, @08:18PM (#469416) Journal

    I'll admit I don't follow much in the whole Bitcoin world, which seems mostly a bizarre intersection of speculation investors and people who want to do shady stuff.

    But, if I understand this stuff correctly, regardless of any source code mistake, any completely anonymous currency seems to be begging for exploitation and theft. One traditional advantage of depositing money in places, doing electronic transactions, etc. is that you have the safety of records in case something goes wrong. Carry around a wad of cash or pack it into your home freezer, and you have little recourse when somebody walks away with it.

    I understand why some people desire a more anonymous electronic currency, but in doing so, it's going to open people up to those same problems that cash has... except instead of locking your door or safe or whatever, you now have to have the technical knowledge to ensure your electronic system is secure enough to protect your virtual "money." Except anonymous cryptocurrencies are even worse, because at least traditional cash might theoretically be traceable through fingerprints or residue or whatever. The more anonymous the electronic "coins" get, the less you have a chance to ever recover stuff that's stolen from you.

    Anonymity seems to come at a potentially significant cost. Or am I missing something here?

    • (Score: 3, Insightful) by Anonymous Coward on Monday February 20 2017, @08:25PM

      by Anonymous Coward on Monday February 20 2017, @08:25PM (#469419)

      Anonymity seems to come at a potentially significant cost. Or am I missing something here?

      Boils down to: do you want to be free or safe?

      • (Score: 5, Insightful) by AthanasiusKircher on Monday February 20 2017, @10:30PM

        by AthanasiusKircher (5291) on Monday February 20 2017, @10:30PM (#469471) Journal

        Boils down to: do you want to be free or safe?

        Anonymity doesn't necessarily equal freedom. In fact, they are often present in completely opposite circumstances -- i.e., societies where anonymity is necessary are generally less free ones. People who want to use Bitcoin or whatever anonymously for illicit purchases are doing so not because they are more "free" but because they are LESS so, and that lack of freedom to do as they wish forces them into hiding. In a more free world overall, one doesn't always need to compromise safety for freedom.

        And, in fact, one might even reverse the claims of "free" vs. "safe" depending on your perspective. To a person dealing in illicit items, it is in fact "safer" to be anonymous. And for someone who wants to carry on business without worrying too much about the reputation of the seller or whether they might run away with their money and never return, a shopper actually has "more freedom" to choose without those worries if transactions to specific sellers can be tracked. I mean, think of all the millions of sellers you can instantly buy from across the United States on eBay or Amazon or whatever -- the freedom of choice in purchasing frequently comes from TRACKING the transactions and thus reputation of people selling you stuff. If you didn't have that tracking information, you'd likely have very little freedom of choice in purchases, instead restricted to a few sellers you knew personally or whatever, and complete anonymity would make it difficult to verify if you were even dealing with the same person again.

        "Freedom" and "safety" are relative to your goals.

        That said, I take your point -- tracking of monetary transactions also has plenty of downsides, including potential government interference and tracking, etc. I just think no one should be surprised when something designed to be anonymous is exploited by BAD anonymous people.

    • (Score: 2) by VLM on Monday February 20 2017, @09:10PM

      by VLM (445) Subscriber Badge on Monday February 20 2017, @09:10PM (#469440)

      Bitcoin is not terribly anonymous. Coinbase just recently was asking me questions about the coins I mined back in the old days.

      So dude spent 410 BTC on... what exactly? I can tell you for certain he didn't launder it thru coinbase and drop it in his personal checking account.

      And frankly 1/2Mil of black market stuff is too bulky, thats like truck pallets of weed not discrete envelopes from return addresses nearby Amsterdam.

      A half mil of gold is not as heavy as you'd think. Maybe he bought gold and had it shipped (to what address pray tell?)

      One interesting solution is turn it into the cryptocurrency you think most likely to survive and then sit on it until the statute of limitations expires or you've moved to some special location.

      So the dudes identity is out there somewheres...

      • (Score: 0) by Anonymous Coward on Monday February 20 2017, @10:18PM

        by Anonymous Coward on Monday February 20 2017, @10:18PM (#469464)

        and then sit on it until the statute of limitations expires or you've moved to some special location.

        John Doe indictment filed. Statute of limitations no longer applies. Statute of limitations would only apply if the theft happened, X time goes by, and no charges were filed.

        Special locations... Some do apparently exist. The trick is to continue to have enough money such that you can't find yourself extraordinarily rendered either (a la Dog the Bounty Hunter....)

      • (Score: 3, Interesting) by bob_super on Monday February 20 2017, @10:28PM

        by bob_super (1357) on Monday February 20 2017, @10:28PM (#469470)

        > So the dudes identity is out there somewheres...

        The next obvious question: if you found his/her identity, which country or entity is legally entitled to bring charges against him/her for the "theft" of unregulated anonymous computer zeros and ones, the fiduciary value of which is unrecognized by any government?

        • (Score: 2) by VLM on Tuesday February 21 2017, @01:34PM

          by VLM (445) Subscriber Badge on Tuesday February 21 2017, @01:34PM (#469667)

          the fiduciary value of which is unrecognized by any government?

          Behind the times man, the IRS has written opinions on the topic of BTC as do many other countries. In the old wild west days when I got started things were a little different. It hasn't been 2009 in a long time man.

          That's kinda the whole point, since its money, coinbase has to do the "know yer customer" thing to tattle on us to the IRS, just like if I walked into a bank with a bag of cash to deposit.

          I am not a lawyer but my interpretation of the relatively clear language IRS ruling from a couple years ago is at least WRT taxation if you buy and sell its subject to cap gains and if you mine its taxable income based on the value of the BTC at the time of mining, and a later sale would be a cap gain.

          Other countries seem to have issued legal documents explaining its considered a currency and you're participating in currency trading, which in their tax structure might be taxed differently than income or cap gains.

    • (Score: 1) by tftp on Tuesday February 21 2017, @06:38AM

      by tftp (806) on Tuesday February 21 2017, @06:38AM (#469600) Homepage

      instead of locking your door or safe or whatever, you now have to have the technical knowledge to ensure your electronic system is secure enough to protect your virtual "money."

      It's worse. When you have physical possession of cash you can build walls, doors, safes, alarms to protect your precious. However cryptocurrencies keep your money "in the cloud" - in the opinion of the majority of miners that this particular money belongs to you. The miners do not care one way or another, actually. If someone gives them a sufficiently good reason to believe that your coins are not your coins, they will happily sign this into the blockchain as the fact, and you cannot do a thing about it.

      Even outside of the software bugs and exploits, your wallet can be invisibly stolen and spent before you realize it - just like your cash can be stolen from your pocket. But people don't walk around with all their money in the pocket. Is that so with cryptocoin wallets? How many wallets people are going to have? Technically, they can have as many as they want to. Practically - one, unless they are fanatics of bookkeeping. It's trivial to take a few bills with you; but you'd have to transfer some money into your "pocket" wallet before leaving home. What if you need just a bit more? Tough luck, just like with cash. You do not have access to your other money, and it would be too risky to have such access because if you are forced to transfer it at gunpoint, it's gone forever. Credit card stolen? One phone call and it's all reversed.

      Banks offer products (c/c) that not only provide goods on credit, they also insure against the risk. Cryptocoins are a step back; they will force everyone to be their own bank and, essentially, carry their money on the belt, like they used to do centuries ago. This is one of several reasons why cryptocurrencies are not so popular - banks are providing useful service *and* interest. They count your money for you, they insure it for you, they give you payment instruments, they have convenient web sites where you can watch your income and expenses and pay bills for you. In most cases all this is free, and often you get paid for using bank accounts and credit cards. I, personally, do not use cash for several decades now.

      • (Score: 0) by Anonymous Coward on Tuesday February 21 2017, @03:28PM

        by Anonymous Coward on Tuesday February 21 2017, @03:28PM (#469712)

        "Cryptocurrencies" are the equivalent of box top stamps backed by CO2 biscuits.

  • (Score: 5, Informative) by Lagg on Monday February 20 2017, @09:25PM

    by Lagg (105) on Monday February 20 2017, @09:25PM (#469445) Homepage Journal

    From my research. It looks to be like a fix that is slightly larger and slightly dirtier in terms of magic number hax than "1 character" if I am correct in this commit range being the fix. Can we please start putting sauce links up you guys? It's something we can do here right?

    I imagine it was stated this way because frankly - and from research done by myself, a random systems programmer and not cryptography expert - the zerocoin code is bad. It's duplicated everywhere. Fix is ugly. Needs refactoring before production use. Comments in the repo itself seem to agree with this opinion.

    https://github.com/zcoinofficial/zcoin/compare/33796c839f7d4df4fb89c2775ec971982cfc8996%5E...ca0bb3cabe300c204749731e3a7c3e7fa1f24c71 [github.com]

    There was also a breaking commit due to what I assumed was a panicked ctrl-v. But don't judge them harshly for that. We know how it feels when prod has issues.

    --
    http://lagg.me [lagg.me] 🗿
    • (Score: 2, Informative) by Anonymous Coward on Monday February 20 2017, @09:36PM

      by Anonymous Coward on Monday February 20 2017, @09:36PM (#469449)

      I was just this commit, that fixed the issue.
      https://github.com/zcoinofficial/zcoin/commit/b20c177032de3c4bfae62b5ada768a5dc2b4fa67 [github.com]

      You're looking at the dev's entire pre-commit work history.

      • (Score: 3, Informative) by arslan on Monday February 20 2017, @10:42PM

        by arslan (3462) on Monday February 20 2017, @10:42PM (#469477)

        The comment below the pull request is pretty telling... "This doesn't prevent a miner not using the reference code from including zerocoin spends in their blocks, right? Where's the change in the validation code (if you're prepared to say publicly)?"

        Anyone with more deep blockchain knowledge want to chime in? Does the network somehow validates signature of running code?

        • (Score: 2) by inertnet on Tuesday February 21 2017, @01:33AM

          by inertnet (4071) on Tuesday February 21 2017, @01:33AM (#469534) Journal

          Just a wild guess, but could this have been an intentional 'typo', in order to create the circumstances to pull this stunt off?

      • (Score: 2, Insightful) by tftp on Tuesday February 21 2017, @06:15AM

        by tftp (806) on Tuesday February 21 2017, @06:15AM (#469596) Homepage

        I see plenty of duplicated code, which is indicative of low quality of the software. Why don't they have a method like this?

        public static Bool IsThisAValidPubCoinId(unsigned int id) { ... }

        • (Score: 0) by Anonymous Coward on Tuesday February 21 2017, @05:54PM

          by Anonymous Coward on Tuesday February 21 2017, @05:54PM (#469792)

          I see plenty of duplicated code, which is indicative of low quality of the software. Why don't they have a method like this?

          public static Bool IsThisAValidPubCoinId(unsigned int id) { ... }

          Because code wants to be free not chained to a function! :D

  • (Score: 2) by requerdanos on Tuesday February 21 2017, @02:09AM

    by requerdanos (5997) Subscriber Badge on Tuesday February 21 2017, @02:09AM (#469542) Journal

    The Zcoin team estimates the attacker made a net profit of 410 Bitcoin ($437,000).

    That seems to me to be a strange unit of measure in which they would be estimating....