Language

Security Announcements

2017-02-08
-
Users that are still running older versions of Zcash (in particular, <= 1.0.3) are at high risk of a blockchain fork or stalling event that could open them up to double-spending attacks. All users and miners are encouraged to update their Zcash clients to the latest version and to reindex if they are experiencing problems. Most miners have updated to the most recent version of Zcash, and there is no evidence of a persistent chain fork affecting updated clients.
The zcashd 1.0.3 release fixed a cache invalidation bug which an attacker could leverage to trigger a network fork. Mitigations and detectors are in place. This vulnerability is transient and fully mitigated once a majority of mining capacity upgrades.
2016-10-31
-
There was a brief DDoS attack yesterday. Our website was down for a bit while we engaged DDoS defenses.
2016-10-27
-
Live test of our urgent notification banner on this website.
2016-10-26
-
This log will track important security announcements, please check back for updates.

Other Sources of Security Information

The Zcash Company will announce any breaking security issues on this website.

Known Security Issues

Each release contains a ./doc/security-warnings.md document describing security issues known to affect that release. You can find the most recent version of this document here:

https://github.com/zcash/zcash/blob/master/doc/security-warnings.md

Note that this link points to the "in development" version of the file, so it may have more recent findings than the version released with your software. (It might also have issues that are only relevant for the upcoming release which don't affect the current release or older software.)

What if Zcash company gets hacked?

In the event the Zcash Company website is down or hacked, please also check these twitter handles: @ZcashCo, @zooko, and @least_nathan. The Zcash protocol has an alert system and currently a small set of people working for the Zcash Company control the keys to issue alerts. These will be sent to all nodes.

What if Zcash company turns evil?

If we are sufficiently hacked, or if we collectively turn evil, the above resources will not be sufficient to protect you. Luckily, the Zcash network is growing into a larger and more resilient community beyond the Zcash company itself. If you suspect that the company has been compromised, please also check other community resources unrelated to the Zcash Company.