Written byCassandra Stephenson and Ryan Johnston
The Shadow Brokers say they will be accepting Zcash for subscriptions to their monthly dumps of leaked NSA files — a decision intended to needle the U.S. government over its role in the cryptocurrency’s creation. But the company that oversees Zcash says that federal agencies have no ties to the cryptocurrency beyond some general connections to its academic roots.
In announcing the subscription service, the Shadow Brokers insinuated that Zcash has links to the Defense Advanced Research Projects Agency, other U.S. military agencies and Israel.
“Maybe USG is needing to be sending money outside from banking systems? If USG is hacking and watching banking systems (SWIFT) then adversaries is also hacking and watching banking systems. Maybe is for sending money to deep cover foreign assets? Maybe is being trojan horse with cryptographic flaw or weakness only NSA can exploit? Maybe is not being for money?” the blog post written in broken English reads.
Though the hacking group has claimed Zcash’s privacy model to be unreliable and potentially entwined in U.S. government interests, it said it will continue to use the cryptocurrency at least through June.
Researchers and executives at the Zerocoin Electric Coin Company, Zcash’s operator, maintain that the platform offers strong security benefits and is free of U.S. government influence. Users of the Zcash network own about $350 million worth of the currency, the company says.
Government help, but no ties
ZECC says it prides itself on transparency. It discloses investors on its website and offers further financial information in a regularly updated blog.
“There’s no other financial backing of the Zcash company other than what’s shown in our blog posts,” Zcash CEO and founder Zooko Wilcox told CyberScoop.
Zerocash, the research project that led to Zcash, lists DARPA, the Air Force Research Laboratory, the Office of Naval Research, the Israeli Centers of Research Excellence I-CORE program and the Israeli Ministry of Science and Technology as sponsors, among others.
When Wilcox founded Zcash, however, none of the above institutions invested in or supported the company, he said.
“They don’t have any financial stake in the company,” Wilcox said. “They donated money to the research institutions years ago, and none of them are among the investors in the company. On the other hand, all of our scientists are still on good terms with that world. Our scientists still work at the same institutions, still doing new research and still getting grants from those or other grant-making institutions, governments or universities.”
Matthew Green, creator of the Zerocash protocol and a professor at Johns Hopkins University, said the protocol originated in an academic paper meant to address the privacy flaws in cryptocurrency like bitcoin.
“We wanted to build basically an experimental currency that would offer at least reasonable privacy, if not more, and so that was kind of why we deployed with Zerocash,” Green said. “We wanted to see people actually using the technology in the real world.”
The paper, he said, lists DARPA, ONR and other organizations as sponsors because he was funded by a variety of ongoing grants through his work at Johns Hopkins. “It wasn’t like anyone specifically, explicitly funded us for that work,” Green said, noting that it is his practice to include thanks to each funder in papers he produces.
“DARPA did not fund us to make Zerocash, and neither did the Office of Naval Research and any of those people,” Green said.
DARPA Chief of Media Relations Jared Adams wrote in an email that the contract number listed in the Zerocash paper funded the PROCEED program, which supports research in practical computation on encrypted data. Georgia Tech is recorded as the lead institution on this project, but research that occurred at other institutions, such as Johns Hopkins, could have benefited from this funding.
“They did receive funding from FY10 through FY14, so some sub, including Zcash, could have contributed research in that time,” Adams wrote.
As far as connections to Israel, Green said he did collaborate with a “globally spread” team, including contributors from MIT, Tel Aviv University and Technion, the Israel Institute of Technology.
“We published the first paper, and we had met them at a conference, and got good discussion about how we could improve it,” Green said. “They had been working on some other technology that was really helpful, and so we basically used some parts of their technology to build a new system.”
Leveling the playing field
Zcash itself was not deployed by Green and fellow researchers. ZECC spawned instead from a collaboration between Wilcox and the researchers in transforming the ideas published in the academic papers into a commercial venture.
“We had some input, obviously, as scientists, but basically that was our role, is just to give advice,” Green said.
Wilcox had been leading the charge in the crypto-technology industry for years prior to his contact with Green and the researchers, which is what drew the two parties together, Wilcox said. A consistent proponent of internet privacy, Wilcox initially declined the offer to work with the researchers on commodifying Zerocash, he said, because he believed the technology would fail to reach a large audience in the ultra-competitive cryptocurrency market.
The CEO had a change of heart, however, when he woke up the next morning and realized that the increased privacy features that Zcash offers might match up perfectly with the needs of mainstream businesses.
“You need a level playing field for everyone in an economy to be safe and have secure transactions, so I thought, ‘Zcash can be the mainstream that all business can rely on for all transactions,’” Wilcox told CyberScoop.
An experiment in privacy
On May 28, the Shadow Brokers emptied a bitcoin wallet previously associated with a bidding war for other outdated NSA hacking tools. The mysterious group’s latest statement attempts to explain its adoption of the cryptocurrency: “Zcash is making claiming bitcoin + privacy.”
While the content of the Shadow Brokers’ next supposed data dump in June remains unclear, the group has set the price for access at 100 Zcash, equivalent to approximately $23,000.
The near-anonymity that Zcash offers allows organizations like the Shadow Brokers to receive their payments without fear of discovery or unmasking. While bitcoin allows for transactions to be publicly monitored, and thus traceable, Zcash hides the identities and transaction data of its users, rendering tracking of the currency impossible.
Despite the technology behind the cryptocurrency, the Shadow Brokers have claimed that Zcash is neither safe nor reliable. That should not matter to the “high rollers, hackers, security companies, OEMs and governments,” who may be interested in the subscription program, the group says.
“Playing ‘the game’ is involving risks,” a statement reads.
Wilcox likens the Zcash network to other widely accessible digital platforms.
“Zcash is just an open tool, like bitcoin or ethereum, and like a lot of the internet technology that’s out there, like email or Firefox; it’s just an open tool,” Wilcox said.
Neither Wilcox, nor any other institution or agency, could lock out the Shadow Brokers from the Zcash network even if they wanted to.
“It would be nice if there were somebody who had the ability to ban bad actors from using the network, but on the other hand, since there isn’t anybody who has the ability to ban anyone else from using the network, that makes it like the internet in being a global, human utility that nobody can get locked out of,” Wilcox said.
Chris Bing contributed to this report.