Zerocoin’s bug that allows hackers to burn honest users’ coins is still not fixed

Zerocoin has a ‘denial of service’ bug that allows for attackers to burn honest users’ coins. This fact has been known for almost two months now, but remains unfixed.

The problem was highlighted by Tim Ruffing in his presentation ‘ A Tale of Zero Coins ‘ at the Genesis Conference in London in February.

Peter Todd tweeted in the aftermath that while ZCoin could prove that attackers can’t steal coins, but they couldn’t prove that attackers can’t destroy the coins they don’t own.

A research work published by four researchers in Germany including Ruffing, has now further proved this vulnerability.

The research paper shows how an attacker can force the network to reject an honest transaction as a ‘double-spend’:

ZCoin is based on the Zerocoin protocol introduced by authors Ian Miers, Christina Garman, Matthew Green, Aviel D. Rubin at The Johns Hopkin University, although none of them are involved with the project themselves.

There are other cryptocurrencies based on the Zerocoin protocol, and they have all had the same vulnerability at some point — but only ZCoin and Zoin still remain vulnerable to the bug, the research says.

When this bug was pointed out in February, ZCoin had said that they are aware of the vulnerability and they have a fix ready that is in internal testing.

The bug was apparently being fixed with the help of Tim Ruffing, who is one of the authors of the latest research that highlighted the bug. As per Ruffing, the contract with ZCoin had ended soon after they delivered the patches for some of the bugs that they were supposed to fix.

More than one month later though, the bug remains unfixed, and ZCoin is still saying that the bug is already fixed and the fix just needs to be activated on the network. This time they went a little far ahead, and tried to downplay the bug saying that the attack is very hard to pull off anyway.

ZCoin has been running in trouble with technical glitches for a while. Another bug was discovered in February, when hackers managed to mint 370,000 coins out of nothing, Emin G Sirer, Cornell Professor, shared on Twitter.

Such continuous bug discovery and fixing episodes have prompted Matt Odell to conclude that altcoins are just a free market bug bounty program to help improve Bitcoin.

3 crypto startups miss SEC deadlines to repay millions of dollars, report

Indian police involved in another $75M cryptocurrency scam

Everyone is riding the cryptocurrency bandwagon and it seems Indian police doesn’t want to fall behind. But instead of protecting the law, some officers are purportedly duping investors.

A police official is under investigation for aiding in a $75 million cryptocurrency scam in Mumbai, India.

The initial coin offering (ICO) scam by the name of Money Trade Coin (MTC) was uncovered by local crime branch of the Mumbai Police on Monday. The investigation came about following a complaint by a businessman who fell for the scam.

The police raided the company’s premises, resulting in the arrest of one, Taha Kazi, who was providing technology services to the company. Unfortunately, the five prime suspects who ran the company remain at large; indeed, the main suspect, Amit Madanlal Lakhanpal, is believed to have escaped to Dubai. The police seized 53 laptops, rubber stamps, and fabricated documents from the company’s office.

Further investigations have however revealed the involvement of a Dighambar Jangale, an assistant inspector of police (API) associated with the local police station, who is suspected to have aided the accused in running the scam.

The MTC website , which is still live as of press time, shows all signs of being a scam — with missing white paper, team section, and press-mentions that do not redirect anywhere. In spite of this, MTC still managed to get a feature length article in the Middle-East subsidiary of Forbes, which the police says lent an air of legitimacy to the project and lured investors.

“Just like an initial public offering (IPO), MTC offered a private initial coin offering (ICO), wherein he invited people and offered coins for just $3 each,” the person in charge of the investigations told local media. “Later, he hiked the value of one coin to $6,000, but nobody could cash their investment as MTC was never listed on any cryptocurrency exchange.”

The crime branch has charged all accused for cheating, forgery, and criminal conspiracy as applicable under the Indian laws.

It is worth noting that this is not the first time that an Indian police official has been involved in a cryptocurrency scam. Eight police personnels were earlier indicted for extorting 200 BTC from a local businessmen in the Indian state of Gujarat.