PIVX has been on a roller coaster of finding and attempting to resolve vulnerabilities on their privacy protocol, zPIV; from the “Fake Stake” vulnerability which affected a plethora of masternode coins to disabling zPIV earlier in March because of a “Zerocoin zPIV issue.”

It appears the vulnerability is yet to be solved. In a recent blog post, the team announced that:

We can now confirm with certainty that this new vulnerability exists within one of the cryptographic proofs which is part of the libzerocoin library created by Miers et al., IEEE S&P 2013 of Johns Hopkins University.

Even though the full details of the vulnerability have not been revealed, the PIVX team has assured users that their funds are safe.

Moving forward, they will be releasing a new wallet that will facilitate the conversion of all zPIV to PIV. This means zPIV spends will no longer be private. The team has also noted that they will continue to research on a new privacy protocol. It appears that Sigma will be replacing the Zerocoin protocol in the coming weeks.

zPIV provides a protocol-level coin mixing service using zero-knowledge proofs to sever the link between the sender and the receiver with 100% anonymity and un-traceability. The use of zPIV also means your balance can be masked to avoid being targeted by potential thieves.
The Sigma protocol will be solving the problems of having a trusted setup, introduce elliptic curve groups in place of RSA accumulators and reduce the proof size of Zerocoin from 25 kb to 1.5 kb. Sigma will also lead to improved security.

In response, popular exchange Bittrex has all masternode coins in maintenance mode, disabling all deposits and withdrawals.