Nature of the technical vulnerability discovered in coin $ZEC
Location of the vulnerability: The issue was in the Zero-Knowledge Proofs system, specifically in the "Orchard Action Circuit".
Severity: The vulnerability theoretically allowed for unlimited and undetectable minting of fake ZEC coins, meaning the supply of the currency could be inflated without anyone noticing.
Duration: It turns out this vulnerability had been in the network's code since 2022, and it went unnoticed for all these years until AI recently flagged it.
Privacy Coin Dilemma (Why did investors panic?)
Even though the founder of Zcash (Zooko) and the Zcash Foundation explicitly stated that there is no evidence that the vulnerability was exploited by hackers, the news sent shockwaves due to the nature of the coin itself:
Since Zcash is a fully private coin that hides transaction details, amounts, and party addresses, achieving a 100% definitive verification that the vulnerability hasn't been exploited in the past is technically very challenging. The development team confirmed that the current supply appears sound, but they admitted it’s hard to prove that absolutely, which raised concerns among investors about potential hidden inflation.
Location of the vulnerability: The issue was in the Zero-Knowledge Proofs system, specifically in the "Orchard Action Circuit".
Severity: The vulnerability theoretically allowed for unlimited and undetectable minting of fake ZEC coins, meaning the supply of the currency could be inflated without anyone noticing.
Duration: It turns out this vulnerability had been in the network's code since 2022, and it went unnoticed for all these years until AI recently flagged it.
Privacy Coin Dilemma (Why did investors panic?)
Even though the founder of Zcash (Zooko) and the Zcash Foundation explicitly stated that there is no evidence that the vulnerability was exploited by hackers, the news sent shockwaves due to the nature of the coin itself:
Since Zcash is a fully private coin that hides transaction details, amounts, and party addresses, achieving a 100% definitive verification that the vulnerability hasn't been exploited in the past is technically very challenging. The development team confirmed that the current supply appears sound, but they admitted it’s hard to prove that absolutely, which raised concerns among investors about potential hidden inflation.