Denial-of-Spending and Inflation Bugs Found in Several Cryptocurrencies

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A team of academics has identified an issue with the Zerocoin protocol, along with two security flaws in libzerocoin, the software library used for building actual cryptocurrencies around protocol.
Researchers said they found these three issues to affect at least five cryptocurrencies based on Zerocoin, each in varying degrees. The five are SmartCash, Zoin, Zcoin, Hexxcoin, and PIVX.
The four-man team of academics from Saarland University and the Friedrich-Alexander-Universität Nürnberg-Erlangen in Germany, have published their findings in a research paper titled "Burning Zerocoins for Fun and for Profit."

The denial-of-spending issue

According to researchers, the Zerocoin protocol is affected by a denial-of-spending issue that allows attackers to halt a victim's legitimate transaction, and issue a "spend" operation before the legitimate request. This results in the approval of the attacker's "spend" and the rejection of the legitimate transaction —which is marked as a "double spend" operation/bug/attack.
Researchers say this protocol scheme issue affects SmartCash, Zoin, Zcoin, Hexxcoin, and PIVX. Three of the five —PIVX, SmartCash, and Hexxcoin— have disabled the Zerocoin protocol inside their respective cryptocurrency source code, following the disclosure of this issue.
The immediate result of such an action was that all the altcoins mined via the Zerocoin protocol became stuck in users' wallets.
The SmartCash team told researchers they intend to refund owners of unspent coins, while the Hexxcoin and PIVX teams said they plan to re-enable Zerocoin support after the issue has been fixed.
 
  • Like
Reactions: harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top