A Source Code Typo Allowed An Attacker To Steal $592,000 In Cryptocurrency

An anonymous reader writes: "A typo in the Zerocoin source code allowed an attacker to steal 370,000 Zerocoin, which is about $592,000 at today's price," reports BleepingComputer. According to the Zcoin team, one extra character left inside Zerocoin's source code was the cause of the bug. The hacker exploited the bugs for weeks, by initiating a transaction and receiving the money many times over.

"According to the Zcoin team, the attacker (or attackers) was very sophisticated and took great care to hide his tracks," reports the site. "They say the attacker created numerous accounts at Zerocoin exchanges and spread transactions across several weeks so that traders wouldn't notice the uneven transactions volume... The Zcoin team says they worked with various exchanges to attempt and identify the attacker but to no avail. Out of the 370,000 Zerocoin he stole, the attacker has already sold 350,000. The Zcoin team estimates the attacker made a net profit of 410 Bitcoin ($437,000)."

Steal?

[beernutmark]

I don't think steal is the right word in this context. The article doesn't state that anyone else lost their coins. More accurately would be "created", "unauthorized-mining", or perhaps most accurately "counterfeited"

Re:Steal?

Indeed, he profited from a loophole in the system, and it's unclear whether this was illegal. The question of legality probably depends on the terms of service for Zerocoin, and on the laws of the country where the "attacker" resides.

But in human societies, when a lone wolf exploits a loophole, the lone wolf's behavior is usually unacceptable. When a group of individuals who possess social status exploit the loophole, their behavior is often acceptable. Isolated individuals with low social status have very few advantages in society. And when they figure out how to gain an advantage, society goes on the offensive against them.

Move along, please, nothing to see here...

[140Mandak262Jamuna]

They are not disclosing what that extra character was or even which language the code was written. As a coder I was interested in finding how it could have happened. But as it stands, it is a puff piece.

One char can make big different in performance and correctness. The greatest one character code change I made and got stunning performance improvement was adding an &. It took significant effort to find it, because instrumenting the entire executable for profilers was just out of the question. But once found it was trivial. The caller was passing a std::map by value. The answers were correct and the scaling effects were not visible till the map grew to big sizes. I expected to something along these lines.

Re:Move along, please, nothing to see here...

[snurfer]

It's pretty easy to find: https://github.com/zcoinofficial/zcoin/commit/b20c177032de3c4bfae62b5ada768a5dc2b4fa67

I'm gonna call all my off-by-one errors "typographical errors" from now on.

Bug Bounty

[Registered+Coward+v2]

Seems like he collected an ~500k$ bug bounty. The interesting part is "Zero Coin is a project to fix a major weakness in Bitcoin: the lack of privacy guarantees we take for granted in using credit cards and cash. Our goal is to build a cryptocurrency where your neighbors, friends and enemies can’t see what you bought or for how much" per Zero Coin. It seems they succeeded in their goal and were hoist by their own petard. Of course, had they recovered the funds then ZeroCoin would have failed at its purpose. I wonder who took the loss.

Re:Bug Bounty

Why did the Zcoin team even attempt to identify the attacker? Surely they realize that if they succeed, then no one will believe their claim about strong privacy guarantees and anonymity. This could harm their cryptocurrency by more than 592k$. Catch-22.

Re:Obviously

[infolation]

That is absolutely correct, and there was a very good article in The Economist relating to the removal of $55 million from 'The Dao' which made the same legal argument that exploiting poor programming in a Smart Contract was not theft but simply following the rules of a system, even if those rules did not do what the creators intended.

In addition The Economist argued that that whereas the heist was not a crime, altering digital ledgers to retrieve the lost ether was affront to the whole project.

attacker has already sold 350,000

[frovingslosh]

the attacker has already sold 350,000

By which we mean he has already moved it into other accounts that he likely controls.

== vs =, | vs ||, variable/pointer dereference

[raymorris]

> A one character bug? Really?

Sure, I've seen many single-character bugs, and created a few. I imagine MOST experienced programmers have done this at least once:

if (a = b) {

When they meant:
if (a == b) {

Every language I can think of has a common single-character bug. Many Microsoft SQL users routinely leave off the semicolon which terminates a statement. Sometimes that results in buggy behavior right away, sometimes not until two years later when a change is made to the *proceeding* statement.

> What about the tests?

This is crypto-currency, the hot new thing tests are for old fogeys who still use dollars. Get with the times, young programmers are Agile, they don't plan and test their work, they release early and often. They release the Minimum Viable Product (minimum piece of shit they can get away with for a moment), it's illegal now to even think about corner cases and make code robust.

Re:== vs =, | vs ||, variable/pointer dereference

[haruchai]

when a change is made to the *proceeding* statement

Did you mean "prEceeding"? If you, that's another 1 character bug you've created :-D

Re:== vs =, | vs ||, variable/pointer dereference

[TeknoHog]

Well, "proceeding" vs. "preceding" is really a 2-character bug. Although I wouldn't know for sure as I'm not a native English speaker.

Re:== vs =, | vs ||, variable/pointer dereference

[michael_wojcik]

Pascal got the := operator from ALGOL.

Aside from some contemporary proprietary dialects, COBOL doesn't use = for assignment either; you use the MOVE or SET verb, or an assignment clause such as GIVING with verbs that have such clauses.

LISP and descendants have SET, SETQ, and SETF for assignment per se, and possibly others (e.g. Scheme's set!), plus the binding forms LET and LETREC (and possibly others).

APL uses left-arrow for assignment, obviously.

Forth uses !.

Don't they teach programming language history these days?

The following statement, the next statement

[raymorris]

I mean the following statement. This works okay:

SELECT 1
SELECT 2;

This doesn't:
SELECT 1
THROW

The latter is equivalent to:
SELECT 1 AS THROW

I had originally written "the preceding or proceeding statement". That's reasonably clear, I think, though it stretches the definition of "proceeding". Then I realized that changes to the PRECEDING statement won't affect anything, so long as if that preceding statement is properly terminated with a semicolon. So I ended up with "the proceeding statement", which is poor wording.

Re: Show me the code.

[harperska]

If that is the right repository, then this is the relevant pull request: https://github.com/zcoinoffici...

It is a one line change from two days ago. Apparently the typo was initializing a variable to 1 instead of 0.

Re:Correction

[BarbaraHudson]

You'll notice that as the fake demand went up, so did the price. Nice scam.