PivX coin plauged with libzerocoin vulnerability

Lead developer of PivX coin has published an important message about libzerocoin vulnerability that is affecting all coins based on Zcoin forks. While PivX coin was not affected / attacked with this vulnerability, for safety reasons, zPIV feature has been disabled.

Here is the statement posted on their telegram.

The recent vulnerability first mentioned on April 16, 2019 by Zcoin, has been analyzed and confirmed by the PIVX core developers with positive test results. We can now confirm with certainty that this new vulnerability exists within one of the cryptographc proofs which is part of the libzerocoin library created by Miers et al., IEEE S&P 2013 of Johns Hopkins University. Complete details of the vulnerability will be disclosed at a later date to be respectful for other projects using the same library.

Most importantly. PIVX was not attacked using this latest vulnerability, and not affected due to zPIV having already been disabled. All user funds are safe. Nothing was lost.

zPIV Activation

Now that the issue has been confirmed, we will no longer wait for the soft-fork to complete and will release a new PivX wallet that will allow conversion of all zPIV held in the wallet to PIV. This will mean that all users will be able to fully access their funds immediately once released. This new release will be mandatory, and the zPIV spends will no longer be private in light of this new vulnerability.

New Privacy Protocol

In light of this most recent discovery, the PIVX core development team will be putting increased efforts into the continued research and development of a brand new privacy protocol that was started last year (2018).

Team has just posted another message.

There have been reports of some wallets not matching the block explorer’s block hash and getting forked.

Developers are looking into the issue and will provide further updates soon.

In the mean time, please avoid coin transfers unless you are certain you & receipient are on same chain as the block explorers. (This is really standard recommended practice. and/or at least test with small amount first before sending desired amount)

PIVX Block Explorers
https://chainz.cryptoid.info/pivx/
https://explorer.pivx.link/
https://www.coinexplorer.net/PIV
https://pivx.ccore.online/

P.S. If you know your way around troubleshooting wallets, the only method confirmed working so far is to resync from own backup or linked snapshot taken prior to block 1778954 with deleting banlist.dat & peers.dat before starting the wallet. Latest core v3.2.1 remains as the recommended wallet version. Publicly available snapshot is http://178.254.23.111/~pub/PIVX/Daily-Snapshots/2019-04-29/BlockChain-1778058.zip

Snapshot Resync Instructions

  • Stop your wallet and/or daemon
  • Locate the data folder with the blockchain folders. Locations in link below.
https://pivx.freshdesk.com/support/solutions/articles/30000004664-where-are-my-wallet-dat-blockchain-and-configuration-conf-files-located-
  • Do a complete(!) backup of this folder in case something goes wrong. (or at least backup the wallet.dat file!)
  • Completely remove the folders “blocks”, “chainstate”, “sporks” and “zerocoin”
  • Delete banlist.dat & peers.dat
  • Download one of the snapshot-files (preferably the newest one) into the data folder
  • Unpack or copy the snapshot files into the data folder. The folders deleted above are now replaced by the ones from the snapshot.
  • Restart your wallet and/or daemon
  • Wait until it resyns completely.
  • Then check against block explorer’s latest hash using command: getblockhash