Whenever you see news of a breach, it is almost always negative with information on how “incalculable damage, ” or it is a great a catastrophe. However, once every blue moon, we get a report of an incident response done right. Incidence Response is how a company, organization, or in this case coin responds to an attempted or successful vulnerability attack upon their systems. Before the Zcoin hard fork, there was a vulnerability in a library used by almost all Zerocoin based projects. Today we will be looking at the Zcoin Teams response to the weakness in the library used by the Zerocoin protocol. We will be using The National Institute of Standards and Technology (NIST)’s plan on Incidence Response. We will be covering this step by step as to define how Zcoin did in this high severity situation. The 3 and a half steps that exist for a NIST Evaluation are Organization and Communication, Incidence Response, Detection and Coordination. These are the cornerstones of a successful incidence response.
1. ORGANIZATION AND COMMUNICATION
Zcoin had the entire team responding to the discovery fast and concisely. From what information is available, the team was all notified directly without error and confusion
2. INCIDENT RESPONSE
When the security issue was identified, it is not enough to just release a patch; there must be secure communication before the release of the patch as any information of the vulnerability before the patch can lead to significant issues and further losses.
NIST STANDARD QUESTION: How did they know there was a security incident in the first place?
The Zcoin team had measures in place to identify if there are any irregular changes to the Zcoin networks fundamental information. Zcoin shares a similar block reward to bitcoin, meaning the increase of coins available by 17,000 was a fundamentally substantial change in volume which could be detected and notified to all of the required people quickly.
Other methods that may have been employed are not listed include chain analysis, proofs, and other subjects that require much more detailed explanation.
3. INFORMATION SHARING AND COORDINATION
Zcoin contacted their pools and significant users of the package as well as other projects using the LibZeroCoin Package. They are also offering support to others affected with their ending with “…security update to the original libzerocoin library. We recommend all projects using Zerocoin to reach out to us for details on these fixes for those that haven’t done so already. ” being one of the closing remarks of their HF release statement. Some of those that were contacted include PIVX which implemented the changes to the LibZeroCoin Package.
Overall, Zcoin went above and beyond in handling this incidence response. They made sure that all of the ends were tied, and that information was properly controlled until it was safe to release more information. This is a model response to an incidence in a high-intensity security situation.