A team of experts from Saarland University and the University of Erlangen-Nuremberg in Germany has identified vulnerabilities in the Zerocoin protocol and two security flaws in the libzerocoin library that could allow scammers to block user transactions and mine non-existent coins. Experts claim that these errors have been found in at least five cryptocurrencies that use the Zerocoin protocol, namely: SmartCash, Zoin, Zcoin, Hexxcoin and PIVX.
The danger of a protocol error is that fraudsters, having access to the network of the owner of the coin, can block the transaction, use the serial number of the coin sent to the network by the owner, generate a new coin and assign it the serial number stolen in this way. After which the owner receives a transaction refusal, since a coin with the same serial number has already been used and the network recognizes such a transaction as a “double spend”.
The immediate result of this error was that all tokens mined using the Zerocoin protocol were stuck in users’ wallets. Three of the five coins, PIVX, SmartCash and Hexxcoin, have disabled this protocol within their respective encryption source code after discovering this issue. The SmartCash team told researchers that it intends to return funds to owners of unspent coins, while the Hexxcoin and PIVX teams said they would support Zerocoin again once the bug is fixed.
Zoin and Zcoin coins continue to be vulnerable, and experts advise users not to spend them until the protocol bug is fixed, despite the fact that such an attack is not easy to carry out since scammers need to have access to the user's network to intercept a legitimate one. transactions.
In addition to problems in the protocol itself, experts also discovered two errors in the libzerocoin software library. One of them allows an attacker to generate new coins, and the second allows the library to incorrectly sign a transaction.
All three problems are not unexpected, since the Zerocoin protocol and libzerocoin library have not been used for many years. The Zerocoin protocol was replaced by the Zerocash protocol, which is now used by Zcash, and the libzerocoin library originally contained a security warning in its README file, which also made it into Zoin, Zcoin, SmartCash and Hexxacoin.
Users should not invest in outdated technology, experts say, and should not use libraries that contain security warnings.
According to https://www.bleepingcomputer.com
You May Also Like
Japan's largest bank has already begun testing its cryptocurrency
The largest financial group, the Japanese giant Mitsubishi UFJ Financial Group, has begun testing its own stablecoin Mufg Coin.
Stellar Dolphin fork set for August 30th
The Stellar Dolphin fork is scheduled for August 30th. The opinions of the crypto community are divided. Reddit users are sure that Dolphin is a scam with empty promises; the developers are convincing of the need for a fork and new features.
