Hackers Pounce on Coding Error, Steal Over $400,000 of Zcoin

Updated March 28, 2020 at 12:17 am This article is more than 4 years old

News

Hackers Pounce on Coding Error, Steal Over $400,000 of Zcoin

On Friday, February 17, the community manager of the cryptocurrency Zcoin (XZC), Reuben Yap, announced in a blog post the discovery of a bug in the anonymous altcoin’s coding that allowed a hacker to get away with over $400,000 worth of cryptocurrency.

According to Zcoin’s statement, “a typographical error on a single additional character in code allowed an attacker to create Zerocoin spend transactions without a corresponding mint.” In other words, an incorrect letter in the code allowed someone to create new Zcoins without actually minting them. The hacker created around 370,000 XZC, which they then slowly started to sell in small amounts for BTC using accounts on different cryptocurrency exchanges to remain undetected and not to devalue their ill-gotten gains.

The hacker “did many things to camouflage his tracks through the generation of lots of exchange accounts and carefully spread out deposits and withdrawals over several weeks. We estimate the attacker has created about 370,000 XZC which has been almost completely sold except for about 20,000 XZC and absorbed on the market with a profit of around 410 BTC,” according to Zcoin.

The Zcoin team clarifies that this was a human error and not a weakness in the digital currency’s cryptography. Furthermore, it ensures users that Zcoin’s anonymity has not been compromised because of the coding error. The bug in the code was discovered as the total mint transaction did not match up with the spending transactions, which means that Zcoin’s total supply is still verifiable and the cryptocurrency is still intact.

Zcoin is built on Zero-Knowledge proofs to guarantee anonymity and financial privacy when making transactions in the digital currency.

Along with other anonymous cryptocurrencies which have gained substantially in popularity and market share, Zcoin joins the likes of Monero and ZCash, as it has become apparent that bitcoin’s pseudo-anonymity does not offer sufficient payment anonymity due to a range of new ways to identify bitcoin users have emerged.

The price of XZC has not been affected negatively by the announcement of the hack and has been trading in the $1.38 to $1.97 range with an upward trend since February 17, with the price at $1.62 at the time of writing on the Bittrex exchange.