Zerocoin Protocol Flaws - Reading Assignment

Privacy Coins - Ultimate Course
#122
  1. Of Zerocash with respect to Zerocoin:

Advantages (The most widely known implementation of Zerocash is ZCash:

  • introduced efficiency improvements (i.e., smaller proof size and faster verification)
  • enhanced privacy (with added encryption of the amount and both sender & receiver addresses)

Disadvantages

  • The lack of auditability of its total supply: balances are hidden with the Zerocash protocol. On the other hand, the Zerocoin protocol does not hide them.
  • Less testing in its underlying cryptography (the main implementation of zkSNARKs is ZCash) and the general complexity of the cryptographic underlying the protocol, making it complex to audit the system
  • the time to generate a private transaction locally is high owing to its computationally intensive process.

  1. In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to Sigma.

  2. The technical cause behind the 2017 ā€œfake spendā€ incident was an exploited due to a typo in its source-code - to mint 370,000 additional ZCoins.

  3. Different responses to the 2019 attack on the Zerocoin core protocol:

4.1. Zcoin: As an urgent fix, the team decided to disable zerocoin mints and prevent any zerocoin spend to be conducted. Hence, they effectively froze the funds in the accumulator until the release of Sigma, bypassing the need for any trusted set-up,

  • after: ZCoin introduced a feature to remint zerocoins, i.e., transfer zerocoins to Sigma mints.

4.2. PIVX:

  • had deactivated the privacy features from Zerocoin, through a spork. Since then, zerocoins have been used in a public mode i.e., in a similar fashion as normal UTXO transactions.
  • zerocoin minting has been disabled while zerocoin spending remains enabled
  • the team relies on Schnorr Signatures to ensure that zerocoins could be spent back to basecoins, without any exposure to the pre-existing vulnerability

4.3. Veil:

  • decided to deactivate the anonymizing feature from the Zerocoin protocol, it initially prevented the attack from being conducted on the Veil chain; as the attack evolved:
  • Work with exchanges: withdrawals & deposits were suspended to prevent any transaction on the network,
  • Return to a ā€œtrueā€ state by adding back stolen balances to the zerocoin pools and ban the remaining zerocoins that had not been shuffled with RingCT
  • disabled zero-knowledge proof making zerocoins behaving in a similar fashion to other (normal) UTXO transactions
  • unlike PIVX, minting and issuing zerocoins were not disabled (as staking was only possible in zerocoin), but privacy features have been non-existent since then
  • adjusted the emission schedule
  • accelerated its departure from the Zerocoin protocol
1 Like
#123

What are the stated advantages and disadvantages of Zerocash with respect to Zerocoin?

Zerocash introduced efficiency improvements and enhance privacy.

In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to what?

ZCoin, Noir, Gravity Coin and NIX switched to Sigma protocol.

  1. What was the technical cause behind the 2017 ā€œfake spendā€ incident?

A typo in its source-code.

  1. Explain the different responses by Zcoin, PIVX and Veil to the 2019 attack on the Zerocoin core protocol.

ZCoin: Disable zerocoin mints and prevent any zerocoin spend to be conducted until the release of Sigma.

PIVX: Deactivated the privacy features from Zerocoin.

Veil: Deactivated the anonymizing feature from the Zerocoin protocol.

1 Like
#124

1.) Advantages: smaller proof size, faster verification
disadvantages: lack of audibility of itā€™s total supply, less testing in underlying cryptography, time to generate private tx.
2.) Sigma
3.) A typo in the source code
4.) Zcoin:
-disable zerocoin mints
-prevent zerocoin spend
-blacklist some mints
-remove zerocoin protocol with Sigma

Pivx:
-deactivate privacy features from zerocoin through a spork
-disable zerocoin minting
-rely on Schnorr Signatures
-Hard Fork Protocol V2

Veil:
-deactivate anonymizing feature
-zero-knowledge proof replaced with single signature
-work with exchanges : withdrawals & deposits suspended, add back stolen balances
-Adjustment of emissions schedule (increase supply)
-departure from zerocoin protocol

1 Like
#125

  1. The advantages of Zerocash were intended to be improved efficiency and enhanced privacy. However, three prominent disadvantages are: A) Inability to audit total supply B) A relatively untested cryptography in zkSNARKS, and C) Computationally intense generation of new transactions.

  2. Sigma

  3. a typo in the source code

  4. Zcoin has ultimately migrated to Sigma, after initially disabling zerocoin minting and disabling spending.
    PIVX used Schnorr Signatures to enable spending zerocoins back to basecoins while avoiding vulnerabilities and has implemented SHIELD which is their own implementation of the zkSNARK Sapling protocol.
    Veil initially prevented the attack by disabling the anonymizing feature, but eventually attackers managed to raid the accumulator. This was shut down by cooperating with exchanges, and returned to a true state by adding back stolen balances. The emission schedule has been adjusted to fix the excess inflation by adjusting the founders awards, and the long term plan for replacing zerocoin protocol has so far involved RingCT andSupersonic Proofs.

1 Like
#126
  1. Advantages:

efficiency improvements (i.e., smaller proof size and faster verification)
enhanced privacy (with added encryption of the amount and both sender & receiver addresses).

Disadvantages:

The lack of auditability of its total supply : balances are hidden with the Zerocash protocol. On the other hand, the Zerocoin protocol does not hide them. However, as discussed in the next section, some attackers managed to create false proofs from the RSA accumulator without detection, i.e., spending other peopleā€™s coins.
Less testing in its underlying cryptography (the main implementation of zkSNARKs is ZCash) and the general complexity of the cryptographic underlying the protocol, making it complex to audit the system.
The time to generate a private transaction locally is high owing to its computationally intensive process.

  1. Sigma - protocol which have the above three-move structure (commitment, challenge and response) are called sigma protocols

  2. A typo (mistake in writing, in this case an error within the code) in the source code that allowed to mint additional ZCoins.

  3. Zcoin - protocol was revomed and replaced by Sigma
    PIVX - introduced PoS Time Protocol v2
    Veil - the Veil team decided to deactivate the anonymizing feature from the Zerocoin protocol and disabled zero-knowledge proof making zerocoins behaving in a similar fashion to other (normal) UTXO transactions.

1 Like
#127

What are the stated advantages and disadvantages of Zerocash with respect to Zerocoin?

Advantages:

  • efficiency improvements (smaller proof size and faster verification)
  • enhanced privacy (with added encryption of the amount and both sender & receiver addresses)

Disadvantages:

  • The lack of auditability of its total supply
  • Less testing in its underlying cryptography
  • The time to generate a private transaction

In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to what?

Since July 2019, ZCoinā€™s Zerocoin protocol has been deactivated and replaced by Sigma

What was the technical cause behind the 2017 ā€œfake spendā€ incident?

A typo in the source code allowed attackers to mint 370.000 additional ZCoins.

Explain the different responses by Zcoin, PIVX and Veil to the 2019 attack on the Zerocoin core protocol.

ZCoin:

  • As an urgent fix, the team decided to disable zerocoin mints and prevent any zerocoin spend to be conducted
  • The team also blacklist ed some mints
  • In July 2019, the team officially removed the Zerocoin protocol and replaced it by Sigma, also bypassing the need for any trusted set-up
  • After its migration to Sigma, ZCoin introduced a feature to ā€œ remint" zerocoins

PIVX:

  • the PIVX team had deactivated the privacy features from Zerocoin, through a spork
  • the team relies on Schnorr Signatures to ensure that zerocoins could be spent back to basecoins, without any exposure to the pre-existing vulnerability
  • On January 5th 2020, PoS Time Protocol v2 was introduced with the 4.0 release (along with Cold Staking).

Veil:

  • the Veil team decided to deactivate the anonymizing feature from the Zerocoin protocol
  • addition of a patch to require all zerocoin spends to have a signature attached that links the spend to the mint.
  • The attack evolved so new measures were taken:
    • Work with exchanges: withdrawals & deposits were suspended
    • Return to a ā€œtrueā€ state by adding back stolen balances to the zerocoin pools and ban the remaining zerocoins that had not been shuffled with RingCT
    • Adjustment of the emission schedule
    • Accelerating its departure from the Zerocoin protocol
1 Like
#128
  1. It has smaller proof size and faster verification complemented with added encryption of the amount and both sender & receiver addresses
  2. It was replaced to Sigma
  3. A coding error or bug when writing the source code unlocking a minting option of the coin
  4. Zcoin officially removed the Zerocoin protocol and replaced it with Sigma, PIVX deactivated the privacy features from Zerocoin and Veil deactivated the anonymizing feature from the Zerocoin protocol and when it didnā€™t work had to work with the exchanges to return to a true state.
1 Like
#129

  1. Zerocash disadvantages: unable to audit total supply. less testing, computationally intensive

  2. Sigma

  3. a typo in the code resulted in a fake spend

  4. Zcoin disabled mints until Sigma was released
    PIVX deactivated privacy features
    Veil deactivated anonymizing.

1 Like
#130

  1. Advantages: 1) efficiency improvement due to smaller proof size and faster verification, 2) enhanced privacy due to added encryption of the amount and both sender & receiver addresses)
    Disadvantages: 1) lack of auditability of its total supply, 2) less testing in its underlying cryptography, 3) the time to generate a private transaction.

  2. new privacy protocol.

  3. Caused by exploitation of a typo in ZCoinā€™s source-code

  4. ZCoin responded by removing the Zerocoin protocol completely and replaced it by Sigma. PIVX responded by disabling zerocoin minting, relying on SChnorr Signatures and working on new privacy protocol. Veil responded by using RingCT staking and working on new protocol using Supersonic proofs.

1 Like
#131

  1. Advantages: efficiency improvements (i.e., smaller proof size and faster verification) and enhanced privacy (with added encryption of the amount and both sender & receiver addresses).
    Disadvantages: The lack of auditability of its total supply, Less testing in its underlying cryptography, The time to generate a private transaction.

  2. Sigma.

  3. A typo in its source-code was exploited to mint 370,000 additional ZCoins.

  4. The Zcoin team decided to disable zerocoin mints and prevent any zerocoin spending to be conducted.
    The PIVX team had deactivated the privacy features from Zerocoin, through a spork (zerocoin minting has been disabled).
    The Veil team decided to deactivate the anonymizing feature from the Zerocoin protocol.

1 Like
#132
  1. What are the stated advantages and disadvantages of Zerocash with respect to Zerocoin?
    Zerocash introduced efficiency improvements (i.e., smaller proof size and faster verification) and enhanced privacy (with added encryption of the amount and both sender & receiver addresses).
    Disadvantages: The lack of auditability of its total supply, less testing in its underlying cryptography, the time to generate a private transaction.
  2. In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to what?
    To Sigma.
  3. What was the technical cause behind the 2017 ā€œfake spendā€ incident?
    In 2017, an incident occurred, a few months after ZCoin revealed that a typo in its source-code was exploited to mint 370,000 additional Zcoins.
  4. Explain the different responses by Zcoin, PIVX and Veil to the 2019 attack on the Zerocoin core protocol.
    Zcoin: ultimately migrated to Sigma, after initially disabling zerocoin minting, disabling spending, blacklisting some mints.
    Pivx: deactivate privacy features from zerocoin through a spork, disable zerocoin minting, rely on Schnorr Signatures, PoS Time Protocol v2 was introduced.
    Veil: deactivate anonymizing feature, zero-knowledge proof replaced with single signature, work with exchanges to suspend withdrawals & deposits add back stolen balances, adjustment of emissions schedule (increase supply), accelerating its departure from the Zerocoin protocol.
1 Like
#133

1.Zerocoin advantages include faster verification, enhanced privacy, added encryption for sender and receiver. Disadvantages include lack of auditability of overall supply, less testing with the blockchain, computationally intensive.
2.Sigma
3.A typo in the source code
4.Pivx discontinued privacy features and the minting of new zero coins. Zcoin disabled zero coin mints, blacklist certain mints and move over to Sigma protocol. Veil deactivated the anonymizing feature, worked with exchanges to suspend deposits and withdrawals, adjusted emmission scheadule and moved away from zero coin protocal.

1 Like
#134
  1. Advantages:
  • improved efficiency (smaller proof size and faster verification)
  • enhanced privacy (added encryption of the amount and both sender and receiver addresses)
    Disadvantages:
  • lack of auditability of total supply
  • less testing in underlying cryptography

  1. Sigma

  2. A typo in the source code was exploited.

  3. Zcoin - disabled zerocoin mints and prevent zerocoin spend
    PIVX - deactivated the privacy features through a spork
    VEIL - deactivated the anonymizing feature from the ZeroCoin protocol.

1 Like
#135

1. What are the stated advantages and disadvantages of Zerocash with respect to Zerocoin?
Advantages: efficiency improvements (i.e., smaller proof size and faster verification) and enhanced privacy (with added encryption of the amount and both sender & receiver addresses).
Disadvantages: lack of auditability of its total supply (balances are hidden with the Zerocash protocol), less testing in its underlying cryptography (the main implementation of zkSNARKs is ZCash) and the time to generate a private transaction locally is high owing to its computationally intensive process.

2. In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to what?
Sigma.

3. What was the technical cause behind the 2017 ā€œfake spendā€ incident?
A typo in its source-code, which was exploited to mint 370,000 additional ZCoins.
ZCoin teams announced that 18,171 coins were generated through this exploit. Someone had been capable of generating fake spends, hence inflating the supply of ZCoin.

4. Explain the different responses by Zcoin, PIVX and Veil to the 2019 attack on the Zerocoin core protocol.
The Zcoin team disabled zerocoin mints and prevented any zerocoin spent to be conducted, were able to blacklist some mints, removed the Zerocoin protocol and replaced it by Sigma and introduced a feature to ā€œremintā€ zerocoins after that.

The PIVX team deactivated the privacy features from Zerocoin (through a spork, zerocoin minting had been disabled while zerocoin spending remained enabled), PoS Time Protocol v2 was introduced with the 4.0 release and they plan to release their next privacy protocol very soon.

The Veil team replaced the zero-knowledge proof required to prevent a double spend by a single signature which deactivated the anonymizing feature from the Zerocoin protocol.
As the attack evolved they decided to also: work with exchanges to suspend all withdrawals and deposits to prevent any transactions on the network, return to a ā€œtrueā€ state by adding back stolen balances to the zerocoin pools and ban the remaining zerocoins that had not been shuffled with RingCT.
Later on, they decided to: adjust the emission schedule and accelerate its departure from the Zerocoin protocol.

1 Like
#136

1.) The stated advantages of Zerocash with respect to Zerocoin were smaller proof size, faster verification, and enhanced privacy (i.e., encrypted transaction amounts and hidden sender/receiver addresses). Disadvantages regarding Zerocash with respect to Zerocoin were the lack of auditability towards its total supply, less testing in its underlying and complex cryptography, and long wait times to generate a private transaction.
2.) In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to the Sigma protocol.
3.) The technical cause behind the 2017 ā€œfake spendā€ incident was a typo in the Zcoin source-code, which was exploited to mint an additional 370,000 Zcoins. Through this exploit, a total of 18,171 true Zcoins were generated and the total Zcoin supply was significantly inflated.
4.) Zcoinā€™s response to the 2019 attack on the Zerocoin protocol was to release an immediate emergency network update that would prevent any additional Zerocoin spends. Later in 2017, it became harder to obtain a short position in Zcoin, which helped to prevent denial in spending attacks if they were to arise. PIVXā€™s response to the 2019 attack on the Zerocoin protocol were deactivating the privacy features that Zerocoin had included, and did this with a network spork. Zerocoins on PIVX now were spent in a public mode, like a normal UTXO transaction; in addition, Zerocoin minting was disabled and schnorr signatures were implemented to help PIVX ensure that Zcoins could be spent back to basecoins without exposure to pre-existing vulnerabilities. Veilā€™s response to the 2019 attack on the Zerocoin protocol was deactivating the anonymizing feature from Zerocoin being used on their chain. Veil switched their staking-reward rules too, which could only be paid out in Zerocoin as opposed to basecoin. Zerocoin spends on the Veil chain required an attached signature for zero-knowledge proof, which prevented double spending while removing anonymity.

1 Like
#137

:one: What are the stated advantages and disadvantages of Zerocash with respect to Zerocoin?

Zerocash introduced greater efficiency and better privacy from its predecessor.

:two: In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to what?

Four of the major Zerocoin implementations that switched from the Zerocoin protocol to Sigma were:

  1. ZCoin
  2. Noir
  3. GravityCoin, and
  4. NIX

:three: What was the technical cause behind the 2017 ā€œfake spendā€ incident?

There was a typo in the ZCoin source code, which meant an additional 370,000 Zerocoins were minted.

:four: Explain the different responses by Zcoin, PIVX and Veil to the 2019 attack on the Zerocoin core protocol.

  • Zcoin disabled Zerocoin mint and proceeded to prevent spending, until it was replace with Sigma.
  • PIVX deactivated privacy features and disabled minting, however spending was not disabled.
  • Veil deactivate the anonymizing feature from the Zerocoin protocol, which initially prevented the attack from being conducted on the Veil chain.
2 Likes
#139
  1. What are the stated advantages and disadvantages of Zerocash with respect to Zerocoin? : Zerocash introduced efficiency improvements (i.e., smaller proof size and faster verification) and enhanced privacy (with added encryption of the amount and both sender & receiver addresses). The most widely known implementation of Zerocash is ZCash.Despite some key advantages, several reasons explained why Zerocash did not replace Zerocoin. Among them, the most prominent3 ones are:The lack of auditability of its total supply: balances are hidden with the Zerocash protocol. On the other hand, the Zerocoin protocol does not hide them. However, as discussed in the next section, some attackers managed to create false proofs from the RSA accumulator without detection, i.e., spending other peopleā€™s coins.
    Less testing in its underlying cryptography (the main implementation of zkSNARKs is ZCash) and the general complexity of the cryptographic underlying the protocol, making it complex to audit the system.
    The time to generate a private transaction locally is high owing to its computationally intensive process.
  2. In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to what? : SIGMA ; 1. ZCoin 2. Noir 3. GravityCoin, and 4. NIX.
  3. What was the technical cause behind the 2017 ā€œfake spendā€ incident? : an incident occurred, a few months after ZCoin revealed that a typo in its source-code was exploited to mint 370,000 additional ZCoins6.Following this 2017 incident, ZCoin teams announced that 18,171 coins were generated through this exploit. Specifically, someone was capable of generating fake spends, hence inflating the supply of ZCoin.As an immediate fix, the team released immediately an emergency update to prevent additional zerocoin spends. As an end-result, the libzerocoin v2 was released, which led to a hardfork of ZCoin, and the reintroduction of zerocoin spends.
  4. Explain the different responses by Zcoin, PIVX and Veil to the 2019 attack on the Zerocoin core protocol ? : Zcoin : as urgent fix disable zerocoin mints and prevent any zerocoin spend to be conducted, in July 2019 remove Zerocoin protocol and replace it by Sigma, and then introduce a feature to ā€œremintā€ zerocoins. PIVX: deactivated privacy features from Zerocoin, disabling minting (Zerocoin spending remains enabled); the team relies on Schnoor Signatures to ensure that zerocoins could be spent back to basecoins. At he beginnig of 2020 PoS Time Protocol V2, a hard fork that allows Cold Staking. Veil: deactivate the anonymizing feature from Zerocoin, did not work, so they had to work with exchanges and return to a ā€œtrueā€ state by adding back stolen balances to zerocoin pools. Disable zero-knowledge proof (minting and issuing zerocoins were not disabled). In the medium/long term Veil will adjust the emission schedule and accelerate its departure from Zerocoin protocol. The most prominent solution to consider has been RingCT staking, in order to stake anonymously again. The team has also been working on a new protocol using Supersonic Proofs.
2 Likes
#140

  1. Zerocash is an improved version of the Zerocoin protocol that was developed to address some of the limitations of Zerocoin. Zerocash was designed to provide more efficient and private transactions by using zero-knowledge proofs to allow users to prove the validity of their transactions without revealing any details about the transaction itself.

  2. In 2019, four of the eight major Zerocoin implementations switched from the Zerocoin protocol to a different privacy-preserving protocol called Sigma. This was done to address some of the limitations of Zerocoin, such as the need for a trusted setup and the minting fee required to create new Zerocoins. Sigma is an improved version of the Zerocoin protocol that was designed to be more efficient, scalable, and private, and it does not require a trusted setup or minting fees.

  3. The technical cause behind the 2017 ā€œfake spendā€ incident was a flaw in the Zerocoin implementation that allowed attackers to create and spend fake Zerocoins without being detected. This flaw was discovered and exploited by attackers, who were able to create fake Zerocoins and use them to inflate the supply of Zerocoins, resulting in a loss of value for legitimate Zerocoin holders.

  4. In response to the 2019 attack on the Zerocoin core protocol, Zcoin implemented a hard fork to upgrade its protocol to Sigma, which is an improved version of Zerocoin that does not have the same vulnerabilities. PIVX also implemented a hard fork to upgrade its protocol to Sigma, while Veil decided to switch to a different privacy-preserving protocol called Zerium. These responses were intended to address the vulnerabilities in the Zerocoin protocol and provide better protection for usersā€™ privacy and assets.

1 Like
#141

1.Stated advantages of Zerocoin over Zerocash: faster verification, smaller proof size and encryption of the amount of both sender & receiver, increasing privacy.
But on the other hand, Zerocoin is not better than ZeroCash in:

  • Auditability of total supply (balances are hidden in Zerocash protocol, in Zerocoin is not.
    But attackers were able to create false proofs from the RSA accumulator without being detected, in practical terms, spending other users coins.
  • Cryptography implementation is less tested
  • Slower to generate a private transaction (computational intensive)

  1. ZCoin, Noir (previously Zoin), Gravity Coin (previously Hexxcoin) and NIX abandoned Zerocoin protocol and moved to Sigma in 2019.

  2. The 2017 ā€œfake spendā€ incident was caused due to a TYPO IN ITS SOURCE-CODE (had to highlight it - no dev is perfect, but cā€™momā€¦), which made it possible to an attacker to use fake proofs to spend money he didnā€™t had, inflating Zcoinā€™s supply.
    Then a denial of spending attack was able to burn ZeroCoin frontrunning honest participants of the networrk.

  3. 2019 attack on Zerocoin protocol - In short:

Zcoin: The team froze funds to prevent spending and minting of more coin,
and moved to Sigma protocol since August 2019.

PIVX: At the time of the incident discovery, they disabled minting, and kept Schnorr Signatures-based spending. Decided to deactivate its privacy features based on the Zerocoin protocol, claiming the desire to move to another model but kept with its public transactions usecase

Veil: Deactivated the anonymizing feature based on the vulnerable protocol and replaced the zk-proofs model for a single signature one; which didnā€™t work. They tried to restore the balances to the state before the attack and to prevent transactionsā€¦
The team gave up part of the founderā€™s money to surpass the massive inflation that happened to its coin, and started working on alternatives to Zerocoin protocol such as RingCT staking.

1 Like
#142

  1. What are the stated advantages and disadvantages of Zerocash with respect to Zerocoin?

    Aiming to provide full privacy, Zerocash introduced efficiency improvements (i.e., smaller proof size and faster verification) and enhanced privacy (with added encryption of the amount and both sender & receiver addresses).

    However, some disadvantages include:
    The lack of auditability of its total supply: balances are hidden with the Zerocash protocol. On the other hand, the Zerocoin protocol does not hide them. Some attackers managed to create false proofs from the RSA accumulator without detection, i.e., spending other peopleā€™s coins.

    Less testing in its underlying cryptography the main implementation of [zkSNARKs] is ZCash) and the general complexity of the cryptographic underlying the protocol, making it complex to audit the system.

    The time to generate a private transaction locally is high owing to its computationally intensive process.

  2. In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to what?
    Removed the Zerocoin protocol and adopted Sigma in 2019.

  3. What was the technical cause behind the 2017 ā€œfake spendā€ incident?
    A few months after ZCoin revealed that a typo in its source-code was exploited to mint 370,000 additional ZCoins.

  4. Explain the different responses by Zcoin, PIVX and Veil to the 2019 attack on the Zerocoin core protocol.
    Zcoin: As an urgent fix, the team decide to disable zerocoin mints and prevent any zerocoin spend to be conducted . Hence, they effectively froze the funds in the accumulator until the release of Sigma.

    PIVX: As a response to the incident, the PIVX team had deactivated the privacy features from Zerocoin, through a spork. Since then, zerocoins have been used in a public mode i.e., in a similar fashion as normal UTXO transaction

    Veil: Following the flaw discovery by ZCoin on April 17th 2019, the Veil team decided to deactivate the anonymizing feature from the Zerocoin protocol. It initially prevented the attack from being conducted on the Veil chain.