Well known privacy coin Zcash (ZEC) might not be so private after all, after a supposedly private transaction was traced back to its original address.
Zcash features both private and transparent transactions, represented by z-addresses (private) and t-addresses (transparent). On July 19, a user successfully traced a z-address transaction back to its original t-address, undoing Zcash’s claims to privacy in the process.
Zcash Privacy Claims Exposed
The drama began on July 17 when a Twitter user claimed that Zcash was “pure snake-oil” and that charity group Electric Frontier Foundation shouldn’t accept it in donations.
Another user then jumped into the Twitter thread to defend Zcash’s privacy status, and offered $100 to anyone who could trace his private transaction back to his public address. The user @MoneyKnowledge0 tweeted:
“Above is the tx-id to my donation. Please, if you are all sure of yourselves trace my T-address. Reward is $100 of a currency of your choice. If no one responds in the next 72 hours I’m led to believe all the privacy flawed Zcash tweets are just false information.”
It took less than 24 hours for the challenge to be met. Seen below, Twitter user @The8Connor managed to unearth the original transparent address of the sender.
The original poster of the challenge replied in acknowledgement and paid the $100 reward. They tweeted:
“Wow! Follow back to DM. I’d love to hear how you did if that’s okay with you.”
Implications for Zcash
Zcash launched in 2016 under the guidance of the Electric Coin Company, a private entity that contributes to the development of Zcash.
Among its original investors were a host of major companies and well-known cryptocurrency personalities such as Pantera Capital, Digital Currency Group, London Trust Media, Roger Ver, Vlad Zamfir, Erik Voorhees, and Fred Ehersam – one of the original founders of Coinbase.
The exposure of a supposedly private Zcash transaction, by all accounts, brings an end to any notion that the coin lives up to its original mission statement. The Zcash website states that an emergency upgrade would be activated immediately if a vulnerability were ever to be found in the protocol.
“In case a critical vulnerability is discovered in the protocol which would place user funds at risk, potentially compromise privacy, or present some other substantial danger, an emergency upgrade will be activated as quickly as safely possible.”
The optics of Zcash’s recent exposure look even worse in light of the ongoing Zcash founder’s reward. Activated at launch in 2016, the founder’s reward sees 20% of all block rewards distributed to “the Electric Coin Co., the Zcash Foundation, and to reward or repay original investors and contributors,” according to the Zcash website.
A significant percentage of that sum goes straight to Zooko Wilcox-O’Hearn, one of Zcash’s founders, and CEO of the Electric Coin Co. Despite being flooded with tweets in light of the undoing of Zcash’s privacy, neither O’Hearn nor the Electric Coin Co. have issued any kind of reply.