EXPLOIT WARNING - Zerocoin Based Privacy Coins


#1

EDIT: Exploit Resolved.

Attention,

I am here on behalf of PIVX, please take heed of the following message.

A flaw has been found in the base libzerocoin protocol that has created an exploit that has affected ALL Zerocoin based privacy coins. This includes PIVX, as such all exchanges and service providers must place their wallets into maintenance mode and stop deposits/withdrawals. Not doing this presents a vulnerability to your service.

I would like to apologize for this troubling news. Our team is working on it at this very moment and hopes to have it resolved soon. I again, apologize for this inconvenience.


#2

Thanks for the heads-up, @Fused_Helios. Can you share a link with more information about the exploit?

I’ll note that we’ve only had a few PIVX trades on the network so far, but those were rather recent:

In any case, Bisq doesn’t support PIVX as a base pair, so all PIVX transactions happen outside of the Bisq exchange (just like all other altcoins used for payment in BTC-based trades). So while there is nothing for Bisq to do (other than possibly de-list zerocoin-based tokens), Bisq users should be still be aware of these issues before engaging in any trades.

@ManfredKarrer, can we do something with the alert system to blacklist PIVX trades for now?


#3

DM’d a response.


#4

FYI, PIVX has released the 3.0.5 wallet which has solved the exploit. I know you guys don’t have a wallet of your own, I just thought I’d update on the situation. I can’t speak for any of the other currencies affected.