Statement regarding the August 2019 Veil Zerocoin exploit
Background
Background
In April 2019, Zcoin experienced an attack on their Zerocoin payment system. The attack found critical flaws in the underlying cryptography of the Zerocoin library (libZerocoin). This library is used by all coins that use Zerocoin, including Veil. Unfortunately the flaw is not easily fixable, and requires fundamental changes to the way Zerocoin operates.
At this point in time, most cryptocurrency projects that use Zerocoin have disabled any further use of the protocol. Veil, however, was in a situation that required continued temporary use of Zerocoin, since its proof-of-stake system is based on Zerocoin.
Veil placed Zerocoin into a de-anonymized mode that allowed the Zerocoin payment system to continue to function, but with the caveat that it would no longer provide any privacy. The fixes implemented by Veil were enough to prevent the same attack that was launched on Zcoin from being launched successfully against Veil.
Veil has been preparing its final step away from Zerocoin by changing the privacy-based proof-of-stake consensus system to utilize the RingCT protocol instead of the Zerocoin protocol.
August 2019 exploit
Unfortunately the final step away from Zerocoin has not come soon enough. In August 2019 an attacker has been able to create a mutation of the attack that took place on ZCoin’s network and use it against Veil, allowing for “fake spends” that effectively resulted in theft of coins, primarily in the 10K zerocoin accumulator. An audit is being conducted at this time to determine the exact extent of the theft.
For affected users, the result is that their wallet will report the presence of zerocoins, but which cannot be spent.
Veil Project response
Once the exploit was detected, we quickly identified its nature and will address it with two immediate updates.
-
The first, available now, fixes the exploit, thereby removing further network exposure. This is a mandatory update that all Veil users are required to immediately download and install. A network fork will happen on block #321701. All users need to be on this new wallet before then in order to remain on the correct chain.
-
The second, available shortly after the first, will return zerocoin redemption to its normal state. This will involve adding back the stolen balance to the zerocoin pools.
Exchanges and trading
We have asked exchanges to suspend withdrawals, deposits, and trading, and to work with us in the forensic investigation. It is estimated this investigation will be completed by the time the second wallet update is made, which adds back the stolen balances to the zerocoin pools.
Adjustment of the Veil emission schedule
Adding to the accumulator balances will accelerate the planned emission schedule for Veil. To maintain the same long-term emission schedule, two steps will be taken.
-
First, the network will remove the originally planned “Founders Reward” for years two through five.
-
Second, the remaining portion will be covered by “burning” some designated funds that the project has accumulated in its Operations Budget, i.e. Veil funds dedicated to project operations, but which haven’t been spent.
In light of this attack, the project is accelerating its move away from Zerocoin. We will first release a wallet in which RingCT can be staked, and Zerocoin staking will be deprecated. Then, we will make a second release that enforces the transfer of all Zerocoin held funds to RingCT. The release of Sonic is still on schedule, and will not be negatively impacted.
Concluding remarks
It is extremely unfortunate that the Veil network was exposed to this attack before we were able to transition away from Zerocoin. Veil has and will continue taking every measure to respond to the incident, with sacrifices made by the founder and operations team to ensure no user will lose any funds.
On behalf of the entire Veil team, we sincerely appreciate the continued trust of our community. Despite this incident, we are working towards truly remarkable technology, and supporting infrastructure, that will allow Veil to become one of the worlds’s leading privacy-focused cryptocurrencies. In the words of our founder, this movement is a marathon, not a sprint.
We remain committed to that journey, and believe great things will come to those who join us.