Zerocoin Hacked, Attacker Profited 410 BTC

Published on:
Hacker exploits Zerocoin, creating and selling 370,000 phony tokens and making a profit of 410 BTC in the process.

It has emerged that a coding error on the Zerocoin source code allowed a malicious party to create 370,000 phony tokens.

The attacker later sold the fake tokens for almost 410 bitcoins, earning a profit equivalent to $450,000.

An announcement made by the Zcoin team revealed that the attacker took advantage of a single symbol error in the source code to create multiple spend transactions of Zcoins without any corresponding mint transactions.

To avoid arousing suspicion, the party created and sold fake Zerocoins using a series of exchange accounts.

The Zerocoin team suspects that the fraudsters took several weeks to actualize and cover the exploitation.

The Zerocoin team suspects that the fraudsters took several weeks to actualize and cover the exploitation.

Your TOR usage is being watched

Considering this unique modus operandi, they think that the attacker(s) are very sophisticated.

In the team’s announcement, they stated that they estimate the party created 370,000 entries that were completely sold back into the market, save for approximately 20,000 Zerocoin tokens were not used.

The announcement also stated that the estimated profit the party made stands at about 410 BTC.

The Zerocoin team is confident that the market has already absorbed the phony tokens, meaning the markets have co-opted the subsequent damages.

The team acknowledged the error and further added that they had isolated it and were working to have it fixed.

They urged all exchanges and pools to be on the lookout and to update operational software immediately the amended code is out.

Surprisingly, the hack had a positive effect on the markets, causing the price cap of Zerocoin to rise.

price cap of Zerocoin rised

Moreover, developers chose not to reverse the false transactions or destroy newly generated coins – an action that would have destabilized the markets.

The Zerocoin team circulated a release to exchanges encouraging them to continue trading as usual, despite the severe nature of the exploitation.

The Zerocoin team affirmed that the hack was possible only because of the error in the source code.

As such, the exploited vulnerability does not by any means reflect a weakness in the cryptocurrency.

Because of the error, the attacker was able to use existing valid proofs several times to produce additional spend transactions of Zerocoins.

The Zerocoin team mentioned in their announcement, that the hack did not compromise the anonymity of the cryptocurrency.

Building on that statement, they elaborate that they were able to detect the exploitation because of the stellar nature of the cryptocurrency.

“It was evident there was an attack when a discrepancy emerged between total mint transactions and overall spend transactions,” the announcement stated.

Had it been caused by an otherwise vulnerability with Zerocoin, it would not have been possible to detect the incident.

This structural integrity is very important considering that Zerocoin is designed to make the most of Zero knowledge proofs to provide an additional layer of anonymity to bitcoin transactions that operate within the bitcoin network.

This true cryptographic anonymity ensures that users get complete financial privacy.

The Zerocoin team mentioned that upon detection of the exploitation, they released the details of the hack to exchanges to help with investigations.

They however said that the party remains unidentified at this point.


Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.