Privacy coins sound beautiful, but the technical risks behind them are easily overlooked. Take Zcash as an example. Since its launch with the Sprout version, it concealed a cryptographic flaw that existed for a full 2 years until it was fixed in the Sapling version. The most terrifying part is that there was an 8-month gap between discovering the vulnerability and fixing it. To this day, it’s unclear whether the vulnerability was exploited before it was patched.

This isn’t the first problem Zcash has faced. During its early development, there was also an InternalH collision vulnerability, which could have allowed token forgery. Although it was never deployed, it shows how significant the potential threat was.

nBTC (a forked and merged version of Zcash and Bitcoin) is even more outrageous, having experienced nearly 10 months of hidden inflation that went unnoticed until they checked the Bitcoin UTXO import process. This time, it’s not a cryptographic technical issue but someone involved in pre-mining.

Where is the fundamental problem? Many privacy coins adopt experimental cryptographic technologies. zkSNARKs sound impressive, but their security is actually based on the assumption of the bilinear pairing-based discrete logarithm problem (KEA). This assumption is relatively new and has faced criticism. Some experts have openly stated that the cryptography behind zkSNARKs is relatively weak.

Adding to the complexity, Zerocash itself is extremely intricate, often called "moon math"—meaning very few people truly understand it. Auditing it requires highly advanced cryptographic knowledge. Over the years, top cryptographers, scientists, and auditing teams have failed to uncover the forgery vulnerabilities in Zcash until they finally surfaced.

This is essentially a trade-off where concealment is used to create an illusion of security. In contrast, schemes like Lelantus, Lelantus Spark, RingCT, and MimbleWimble are designed to be much more transparent.