How A Typo In Zerocoin’s Source Code Allowed Hackers To Steal $592,000


Short Bytes: Due to a single-letter typo bug in Zerocoin’s source code, the hackers were able to exploit the platform and steal Zerocoins worth about $592,000. Zerocoin is a Bitcoin-based cryptocurrency protocol for anonymous trading. The developers are working to push an update soon to resume the trading.

In the past, we’ve seen multiple examples of how small programming errors can be fatal. A recent incident of similar nature took place at Zerocoin. On February 16, the Zerocoin team found a bug in their implementation of Zerocoin, which was basically a single additional character in the code.

This minute typo allowed an attacker to steal 370,000 Zerocoins, which accounts for about $592,000. For those who don’t know, Zerocoin is a Bitcoin-based cryptocurrency protocol that uses Zero-Knowledge proofs for complete anonymity.

Explaining the attack, Zerocoin writes in a blog post that attacker used a very sophisticated approach that allowed him (or her) to hide the tracks while exchanging tons of information. Also, almost all stolen Zcoins have been sold and absorbed by the market.

Clarifying the doubts, Zerocoin has said the exploit happened due to the bug in code, not due to any loophole in cryptography.

“Despite the severity of the hack, we will not be forfeiting or blacklisting any coins,” Zerocoin added.

Zerocoin plans to resume trading once pools and exchanges have had enough time to make changes to the code. To do so, a release will be pushed soon. Find more information about the hack here.

Did you find this story interesting? Don’t forget to drop your views and feedback.

Adarsh Verma

Adarsh Verma

Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]
More From Fossbytes

Latest On Fossbytes

Find your dream job