The Zcoin project announced yesterday that a typo in the Zerocoin source code allowed an attacker to steal 370,000 Zerocoin, which is about $592,000 at today's price. Zerocoin, also known as Zcoin or XZC, is a cryptocurrency protocol built on top of Bitcoin that implements Zero-Knowledge proofs to guarantee complete financial privacy and anonymity. Zerocoin is the precursor of Zcash and Monero, two similar cryptocurrencies that provide extra anonymity for their users, much more than the standard Bitcoin currency can provide.
According to the Zcoin team, one extra character left inside Zerocoin's source code caused a bug that an unknown attacker discovered and used to his advantage in the last few weeks. "The bug from the typo error allowed the attacker to reuse his existing valid proofs to generate additional Zerocoin spend transactions," the Zcoin team said yesterday. This allowed the crook to initiate one transaction but receive the money multiple times over.
According to the Zcoin team, the attacker (or attackers) was very sophisticated and took great care to hide his tracks. They say the attacker created numerous accounts at Zerocoin exchanges and spread transactions across several weeks so that traders wouldn't notice the uneven transactions volume. Nonetheless, as transactions piled up, the Zcoin team saw that the two sides of their blockchain weren't adding up.
The Zcoin team says they worked with various exchanges to attempt and identify the attacker but to no avail. Out of the 370,000 Zerocoin he stole, the attacker has already sold 350,000. The Zcoin team estimates the attacker made a net profit of 410 Bitcoin ($437,000).
so the upshot is... (Score:2)
...that -in fact- crime does pay...
one might be confused that our betters still talk as if morality has meaning, but that's just for the rubes...
Working as intended! (Score:0)
guarantee complete financial privacy and anonymity.
So, what's the problem? Oh right, maybe that this is pretty much tailor-made for criminals in the first place. There are very good reasons why you want to track monetary transactions and very few reasons you do not. Subtracting criminal activities (includes tax evasion!!), you end up with basically no reason as to not use untraceable currency.
And don't bring up BS reasons like
1. my gov't doesn't allow me to donate to Wikileaks or Muslim Brotherhood (assuming it's not banned in your country as terrorist organization yet) -- tough luck?
2. I don't want gov't to know about the dildo I purchased -- use petty cash? or you know, if that's your idea of a problem, then maybe you need to grow up?
3. I wear my aluminum hat with, shiny side out to stop the Mind Rays! -- you have other problems?
So, working as intended. and HAHA!
So anonymous currency breeds anonymous crime? (Score:2)
I'll admit I don't follow much in the whole Bitcoin world, which seems mostly a bizarre intersection of speculation investors and people who want to do shady stuff.
But, if I understand this stuff correctly, regardless of any source code mistake, any completely anonymous currency seems to be begging for exploitation and theft. One traditional advantage of depositing money in places, doing electronic transactions, etc. is that you have the safety of records in case something goes wrong. Carry around a wad of cash or pack it into your home freezer, and you have little recourse when somebody walks away with it.
I understand why some people desire a more anonymous electronic currency, but in doing so, it's going to open people up to those same problems that cash has... except instead of locking your door or safe or whatever, you now have to have the technical knowledge to ensure your electronic system is secure enough to protect your virtual "money." Except anonymous cryptocurrencies are even worse, because at least traditional cash might theoretically be traceable through fingerprints or residue or whatever. The more anonymous the electronic "coins" get, the less you have a chance to ever recover stuff that's stolen from you.
Anonymity seems to come at a potentially significant cost. Or am I missing something here?
