Zcash Counterfeiting Vulnerability Successfully Remediated

Eleven months ago we discovered a counterfeiting vulnerability in the cryptography underlying some kinds of zero-knowledge proofs.

The counterfeiting vulnerability was fixed by the Sapling network upgrade that activated on October 28th, 2018. The vulnerability was specific to counterfeiting and did not affect user privacy in any way. Prior to its remediation, an attacker could have created fake Zcash without being detected. The counterfeiting vulnerability has been fully remediated in Zcash and no action is required by Zcash users.

This blog post provides details on the vulnerability, how we fixed it and the steps taken to protect Zcash users.

Discussion on this topic should remain in this thread. Thank you!

1 Like

Now the world will ask are you 100% certain if the vulnerability was not exploited and if yes please prove it with evidence.

1 Like

I don’t know why, but the post read to me like a movie and I got all excited while reading it.

Congrats to the Zcash Team!


The blog outlines the reasons why we think the vulnerability wasn’t exploited. Further, our published policy defending against counterfeiting outlines the steps we would take if anything abnormal is detected.


The Foundation’s statement, in case anyone hasn’t seen it: Concerning the Sprout Vulnerability CVE-2019-7167 - zcash foundation

It’s short, so please read it!


Huge love to the honest cryptographers who patched the issue appropriately, considering the immense monetary compensation that would otherwise be afforded. Congrats to everyone who did the right thing :heart:


So will this change the current plans for deprecating sprout addresses? Accelerate?
This is a pretty serious issue, where the inflation could be limitless and any patient person could slowly bleed the network of value.


You know how it all the old conversations and in articles about Zcashs optional privacy and how Low Sprout shielded adoption was?
Good thing I guess


That’s exactly what I thought someone who is smart enough to hack this tech will be smart enough to not be detected while taking the loot.

A person smart enough to exploit the vulnerability wouldn’t get caught right now. If it was exploited it already happened and the individual already sold what they could.

Zcash team has done a commendable job by resolving this major vulnerability. But this whole episode makes me think, people will never trade security for privacy, given a choice they will tap on security over privacy. The market has already spoken they don’t like the news.

This was resolved back in October, suspect many who read the news didn’t get much past the headline before thinking ‘oh shit, sell!!!’

That’s another issue the headlines,was this approved by the zcash team?

“Zcash discloses vulnerability that could have allowed “infinite counterfeit” currency”

This was the headline of the fortune article, who will not be shit scared when they read this headline? The word “discloses” is ambiguous IMO and could have been “resolved, fixed, removed, eliminates”

We spoke with Robert, who btw I think did a great job with the article, but good reporters don’t give any editorial control on articles or headlines.


The issue is with people reading the headlines and the tweets under it…:)…that’s what most people do these days instead of reading the full article.

i think there should be a follow up article which says “Zcash becomes more robust and secure after eliminating a major vulnerability. Drastically reducing the possibility of counterfeiting”…:slight_smile:

I’m quite impressed with how this announcement was made - seemed well coordinated and clear.

No easy solution to reach headline skimmers & twitter junkies. Busy days ahead for the marketing team.


Been alot of news about this lately, I was hoping someone could explain a little more about the bug as there is very little information on how it would work. I seen one article showing 1 line of code in a formula was incorrect, but Im not sure how this would of lead to coins being created.

When would the coins appear, when a block was mined or during a transaction?

Could the fake coins appear in a t-add or a z-add or both?

I see the turnstile was added around the same time, was this in response to the bug?