A security researcher hired by the ZCash team has uncovered a vulnerability that went undetected in the protocol for four years. The exploit was present in the privacy-focused cryptocurrency's code since its introduction, according to the team.
The Four-Year-Old Vulnerability
The ZCash team brought in a security researcher specifically to identify weaknesses in the protocol. During that engagement, the researcher found an exploit that had existed since the early days of the project. Details of the flaw have not been made public, but the team confirmed it was undiscovered until now.
Why the Researcher Was Hired
Proactive security audits are common in cryptocurrency projects, especially those like ZCash that emphasize privacy. The team engaged the researcher as part of ongoing efforts to harden the protocol. The discovery highlights how even well-reviewed code can hide flaws for years.
The researcher's full findings have not been released. It is not yet known whether the exploit was ever used maliciously, or when a fix will be deployed. The ZCash team has not provided a timeline for a patch.
