The Zcoin team discovered a vulnerability in the cryptography of the Zerocoin protocol that allows an attacker to forge zero-knowledge proofs and create coins out of thin air. Coins using the protocol such as PIVX and Veil are vulnerable to attack until Zerocoin is disabled. Although the exposed flaw is fixable, the Zcoin team does not plan to allocate resources to the issue and instead will continue to focus on transitioning to its new privacy protocol, Sigma.
On Apr. 9, 2019, the XZC team was alerted to a series of irregularities in the mint and spend patterns of 100 tokens. They immediately contacted all pools, exchanges, and projects that utilize the protocol to disable Zerocoin while a deep investigation took place. By Apr. 19, the root cause of the issue was found and on Apr. 24 an emergency update was released.