Zcash Zaddr Bug Threatens To Reveal User Metadata; ZEC Isn’t The Only Cryptocurrency Affected
A bug has existed for all protected addresses since the origin of Zcash and Zcash Protocol. It is present in all told Zcash source code forks. It's possible to search out the IP address of full nodes who own a shielded address (zaddr).
Duke Leto, the core developer at Komodo (KMD), declared the bug in his blogpost. He goes on to explain that to trace the problem, a ‘Common Vulnerabilities and Exposures' (CVE) code is already afoot. As of September 29, no positive progress was reported.
Leto defined: “A computer virus has existed for all shielded addresses because of the inception of Zcash and Zcash Protocol. It's found in all Zcash supply code forks. It's conceivable to search out the IP cope with complete nodes who personal a shielded cope with (zaddr).”
For example, if ‘A' hands over a zaddr to ‘B' to pay him, ‘B' might fine discover the IP address of ‘A'. This can be horrifying since the foundation of a cryptocurrency transaction is to protect the IP addresses. It goes against the Zcash style protocols and each better-known crypto security regulation. In theory, anyone whose zaddr is published is beneath the threat of identity revelation because of their IP address being public. This vulnerability will expose the private IP addresses of lots of Zcash and Zcash protocol users.
In conversation with Leto, he addresses that customers who by no means used a zaddr, best used it over the Tor Onion Routing community or best to ship value range, don't appear to be affected. Moreover, Leto, also, claims that Zcash isn't the one cryptocurrency affected and provides a non-exhaustive listing.
The cryptocurrencies integrated among the listing are Zcash, Hush, Pirate, Komodo sensible chains with zaddr enabled by means of default, Safecoin, Horizen, 0, VoteCoin, Snowgem, BitcoinZ, LitecoinZ, Zelcash, Ycash, Arrow, Verus, Bitcoin private, ZClassic and anon. Leto additionally addresses that Komodo has already disabled the secure addresses characteristic and transitioned it to the Pirate chain, which implies that KMD no longer includes the pc virus.