• A single typo let hackers steal $400,000 from a bitcoin rival

    A single typo let hackers steal $400,000 from a bitcoin rival

    Typos aren’t just a headache — they can sometimes have very costly consequences.

    On Friday, digital currency Zcoin announced that a typographical error had let an unidentified attacker make a profit of around $400,000 (£320,000).

    Zcoin is similar to Bitcoin — it’s a digital currency powered by cryptography, and without any single central bank. It’s based on Zerocoin, a software protocol that was developed to to provide its users with “complete financial privacy and anonymity.”

    But in implementing it, the Zcoin made a single screw-up. “Yesterday, our team found a bug in our implementation of Zerocoin,” Zcoin community manager Reuben Yap wrote in a blog post on Friday. “A typographical error on a single additional character in code allowed an attacker to create Zerocoin spend transactions without a corresponding mint.”

    In other words, they got a single letter wrong in their code — and this let a hacker steal coins by cashing out from single transactions multiple times.

    Yap emphasises that there’s nothing wrong with Zcoin’s cryptography — it was just the typo that was the problem. “The exploit happened due to the bug in the code and not from any weakness in …read more  

    Write a comment