Categories: Altcoin News

Zcash bug threatens to reveal user IPs; no respite soon says community developer

A Zcash bug threatens to reveal the metadata that contains the complete nodes along with shielded IPs. This bug, if materializes, threatens the Zcash forks as well.

Duke Leto, a community developer for Komodo (KMD), announced the bug in his blog. He goes on to add that to track the issue, a ‘Common Vulnerabilities and Exposures’ (CVE) code is already underway. As of September 29, no positive progress has been reported.

Zcash bug will ultimately reveal user identities

Leto explains that ever since Zcash and its protocol begin operations, the bug threatening the security of all the shielded addresses has always been there. Moreover, every Zcash source code forks, too, have the same glitch. It can reveal every IP address who owns a shielded address (zaddr) along with the associated nodes.

For example, if ‘A’ hands over a zaddr to ‘B’ to pay him, ‘B’ could very well discover the IP address of ‘A.’ This is frightening since the very foundation of a cryptocurrency transaction is shielded IP addresses. It goes against the Zcash design protocols and every known crypto security regulation.

In theory, anyone whose zaddr is published is under threat of identity revelation due to their IP address being in public. This vulnerability can expose the personal IP addresses of millions of Zcash and Zcash protocol users. Geo-location and IP address are associated with zaddr and hence vulnerable. Zcash problems will increase further as recently Coinbase in the United Kingdom removed Zcash for its local customers.

Multiple cryptocurrencies affected by Zcash bug

People who have not used a zaddr ever or employed a Tor Onion routing will not be victims. Moreover, there are many more cryptocurrencies that will face severe blow due to the same bug. Leto has provided a detailed list of cryptocurrencies facing a similar issue.

A non-exhaustive list includes many prominent names including Pirate, Snowgem, Ycash, ZClassic, Verus, Safecoin, VoteCoin, Arrow, Anon, Zelcash and many more. Out of these names, many have taken preventive steps as well. For example, Komodo no longer offers shielded address feature and now uses Pirate chain for this feature, making it secure against the said Zcash bug.

Gurpreet Thind

Gurpreet Thind is pursuing Masters in Electrical Engineering at University of Ottawa. His scholarly interests include IT, computer languages and cryptocurrencies. With a special interest in blockchain powered architectures, he seeks to explore the societal impact of digital currencies as finance of the future. He is passionate about learning new languages, cultures and social media.

Show comments
Share
Published by

Recent Posts

Coinbase steps up measures amid Coronavirus spread

In response to the fears surrounding the incurable Coronavirus spread, the San-Francisco based cryptocurrency exchange…

4 mins ago

Twitter CEO promotes Bitcoin and Black America

Recently Twitter CEO Jack Dorsey furthered the popularity of an Isaiah Jackson-written book that outlines…

3 hours ago

ELEV8 announces the first of four events to take place in 2020, ELEV8: Digital Assets

ELEV8 announces the first of four events to take place in 2020, ELEV8: Digital Assets. The…

3 hours ago

Trading Bitcoin and Other Cryptocurrencies in 2020

The world’s most famous cryptocurrency is about to turn eleven years old. During these years,…

3 hours ago

ConsenSys to spin off its health division to tackle issues in US healthcare industry

ConsenSys, the Ethereum-focused company established by Joseph Lubin, has announced that it will be spinning…

11 hours ago

South Korean tax experts propose two-step tax for cryptocurrencies

Tax experts in South Korea have advised the national administration to impose a two-step tax…

13 hours ago