This article was originally posted on CoinStaker.
A recently discovered Zcash bug has got experts worried. Currently, all Zcash implementations and the majority of its forks are able to leak metadata which contains the full nodes with the protected addresses.
The Zcash bug was initially just a rumor but many people began to realize the gravity of the situation after the Komodo (KMD) core developer Duke Leto fully described the bug in his personal website.
As many people have already figured out, a Common Vulnerabilities and Exposures (CVE) code is already assigned to track the development of the bug.
Last week, Leto explained that the bug has in fact been there for quite a while:
“A nasty bug has existed for all the shielded addresses ever since the inception of Zcash and its protocol. It is currently present in all of Zcash’s source code forks. Basically, the bug allows to find the IP addresses of full nodes who own a shielded address. If person A gives person B their zaddr to be paid, it can potentially result in person B being able to discover person A’s IP address. This is something that is completely against the design of the Zcash protocol.”
The Zcash bug has probly affected many
The announcement also mentions that everyone who has provided their zaddr to a third party is most likely affected by the vulnerability. Leto mentions that users should carefully consider their geo-location and IP address information as its tied to their zaddr.
Leto mentions however, that users who actually never used a zadrr and only used the Tor Onion Roution Netowrk (TOR) or only send funds, are most likely not affected. He also mentioned that Zcash is by far not the only cryptocurrency suffering from this issue.
Leto revealed that Zcash is joined by Hush, Pirate Komodo smart chains with the zaddr enabled by their default settings, Horizen, Zero, VoteCoin, BitcoinZ, LitecoinZ, Zelcash, Verus, Arrow, Ycash, Bitcoin Private, Zclassic, Anon and quite a few more.
Leto has also pointed out that Komodo has already fully disabled the shielded addresses feature and transitioned it to the pirate chain. This means that KMD is now fully rid from the bug.
You can also check out:
The post Zcash Bug Leaking Metadata Containing Full Nodes With Zaddrs appeared first on CoinStaker | Bitcoin News.