{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,6]],"date-time":"2026-07-06T16:02:44Z","timestamp":1783353764586,"version":"3.54.6"},"reference-count":38,"publisher":"Association for Computing Machinery (ACM)","issue":"10","license":[{"start":{"date-parts":[[2020,9,23]],"date-time":"2020-09-23T00:00:00Z","timestamp":1600819200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Archimedes Privatstiftung, Innsbruck"},{"DOI":"10.13039\/501100001742","name":"Israel Science Foundation","doi-asserted-by":"publisher","award":["1504\/17"],"award-info":[{"award-number":["1504\/17"]}],"id":[{"id":"10.13039\/501100001742","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100007515","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1714291"],"award-info":[{"award-number":["1714291"]}],"id":[{"id":"10.13039\/100007515","id-type":"DOI","asserted-by":"publisher"}]},{"name":"HUJI Cyber Security Research Center Grant"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2020,9,23]]},"abstract":"<jats:p>Software weaknesses in cryptocurrencies create unique challenges in responsible revelations.<\/jats:p>","DOI":"10.1145\/3372115","type":"journal-article","created":{"date-parts":[[2020,9,23]],"date-time":"2020-09-23T14:26:49Z","timestamp":1600871209000},"page":"62-71","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["Responsible vulnerability disclosure in cryptocurrencies"],"prefix":"10.1145","volume":"63","author":[{"given":"Rainer","family":"B\u00f6hme","sequence":"first","affiliation":[{"name":"Universit\u00e4t Innsbruck, Austria"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Lisa","family":"Eckey","sequence":"additional","affiliation":[{"name":"TU Darmstadt, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tyler","family":"Moore","sequence":"additional","affiliation":[{"name":"The University of Tulsa, OK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Neha","family":"Narula","sequence":"additional","affiliation":[{"name":"MIT, Cambridge, MA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tim","family":"Ruffing","sequence":"additional","affiliation":[{"name":"Blockstream"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Aviv","family":"Zohar","sequence":"additional","affiliation":[{"name":"Hebrew University Jerusalem, Israel"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2020,9,23]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-54455-6_8"},{"key":"e_1_2_1_2_1","first-page":"55","volume":"9","author":"Bech M.","year":"2017","unstructured":"Bech , M. and Garratt , R. Central bank cryptocurrencies. BIS Quarterly Rev. 9 ( 2017 ), 55 -- 70 . Bech, M. and Garratt, R. Central bank cryptocurrencies. BIS Quarterly Rev. 9 (2017), 55--70.","journal-title":"BIS Quarterly Rev."},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the IEEE Symp. on Security and Privacy","author":"Ben-Sasson E.","year":"2014","unstructured":"Ben-Sasson , E. , Chiesa , A. , Garman , C. , Green , M. , Miers , I. and Virza , M . Zerocash: Decentralized anonymous payments from Bitcoin . In Proceedings of the IEEE Symp. on Security and Privacy , 2014 . Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I. and Virza, M. Zerocash: Decentralized anonymous payments from Bitcoin. In Proceedings of the IEEE Symp. on Security and Privacy, 2014."},{"key":"e_1_2_1_4_1","volume-title":"Alert key disclosure. Bitcoin development mailing list","author":"Bishop B.","year":"2018","unstructured":"Bishop , B. Alert key disclosure. Bitcoin development mailing list ; https:\/\/lists.linuxfoundation.org\/pipermail\/bitcoin-dev\/ 2018 -July\/016189.html. Bishop, B. Alert key disclosure. Bitcoin development mailing list; https:\/\/lists.linuxfoundation.org\/pipermail\/bitcoin-dev\/2018-July\/016189.html."},{"key":"e_1_2_1_5_1","volume-title":"A comparison of market approaches to software vulnerability disclosure. Emerging Trends in Information and Communication Security","author":"B\u00f6hme R.","unstructured":"B\u00f6hme , R. A comparison of market approaches to software vulnerability disclosure. Emerging Trends in Information and Communication Security . G. M\u00fcller, Ed. LNCS 3995 (2006). Springer , Berlin Heidelberg , 298--311. B\u00f6hme, R. A comparison of market approaches to software vulnerability disclosure. Emerging Trends in Information and Communication Security. G. M\u00fcller, Ed. LNCS 3995 (2006). Springer, Berlin Heidelberg, 298--311."},{"key":"e_1_2_1_6_1","volume-title":"Global charts","author":"CoinMarketCap","year":"2019","unstructured":"CoinMarketCap . Global charts , 2019 ; https:\/\/coinmarketcap.com\/charts\/. CoinMarketCap. Global charts, 2019; https:\/\/coinmarketcap.com\/charts\/."},{"key":"e_1_2_1_7_1","volume-title":"A post mortem of the Burning Bug","author":"EBRUYNE.","year":"2018","unstructured":"d EBRUYNE. A post mortem of the Burning Bug , 2018 ; https:\/\/web.getmonero.org\/2018\/09\/25\/a-post-mortum-of-the-burning-bug.html. dEBRUYNE. A post mortem of the Burning Bug, 2018; https:\/\/web.getmonero.org\/2018\/09\/25\/a-post-mortum-of-the-burning-bug.html."},{"key":"e_1_2_1_8_1","volume-title":"CVE-2018-17144 Full Disclosure","author":"Bitcoin Core Developers","year":"2018","unstructured":"Bitcoin Core Developers . CVE-2018-17144 Full Disclosure ; https:\/\/bitcoincore.org\/en\/ 2018 \/09\/20\/notice\/. Bitcoin Core Developers. CVE-2018-17144 Full Disclosure; https:\/\/bitcoincore.org\/en\/2018\/09\/20\/notice\/."},{"key":"e_1_2_1_9_1","volume-title":"A call for a temporary moratorium on the DAO. Blog post","author":"Dino M.","year":"2016","unstructured":"Dino , M. , Zamfir , V. and Sirer , G.E . A call for a temporary moratorium on the DAO. Blog post ; http:\/\/hackingdistributed.com\/ 2016 \/05\/27\/dao-call-for-moratorium\/. Dino, M., Zamfir, V. and Sirer, G.E. A call for a temporary moratorium on the DAO. Blog post; http:\/\/hackingdistributed.com\/2016\/05\/27\/dao-call-for-moratorium\/."},{"key":"e_1_2_1_10_1","volume-title":"Responsible disclosure in the era of cryptocurrencies. Blog post","author":"Fields C.","year":"2018","unstructured":"Fields , C. Responsible disclosure in the era of cryptocurrencies. Blog post , 2018 ; https:\/\/bit.ly\/3cgSdYs Fields, C. Responsible disclosure in the era of cryptocurrencies. Blog post, 2018; https:\/\/bit.ly\/3cgSdYs"},{"key":"e_1_2_1_11_1","volume-title":"Reducing the risk of catastrophic cryptocurrency bugs. Blog post","author":"Fields C.","year":"2018","unstructured":"Fields , C. and Narula , N . Reducing the risk of catastrophic cryptocurrency bugs. Blog post , 2018 ; https:\/\/bit.ly\/2SKbd9Y. Fields, C. and Narula, N. Reducing the risk of catastrophic cryptocurrency bugs. Blog post, 2018; https:\/\/bit.ly\/2SKbd9Y."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-32101-7_7"},{"key":"e_1_2_1_13_1","volume-title":"IOTA vulnerability report: Cryptanalysis of the curl hash function enabling practical signature forgery attacks on the IOTA cryptocurrency","author":"Heilman E.","year":"2017","unstructured":"Heilman , E. , Narula , N. , Dryja , T. and Virza , M . IOTA vulnerability report: Cryptanalysis of the curl hash function enabling practical signature forgery attacks on the IOTA cryptocurrency , 2017 ; https:\/\/github.com\/mit-dci\/tangled-curl\/blob\/master\/vuln-iota.md. Heilman, E., Narula, N., Dryja, T. and Virza, M. IOTA vulnerability report: Cryptanalysis of the curl hash function enabling practical signature forgery attacks on the IOTA cryptocurrency, 2017; https:\/\/github.com\/mit-dci\/tangled-curl\/blob\/master\/vuln-iota.md."},{"key":"e_1_2_1_14_1","volume-title":"Cryptanalysis of curl-p and other attacks on the IOTA cryptocurrency. IACR Cryptology ePrint archive report 2019\/344","author":"Heilman E.","year":"2019","unstructured":"Heilman , E. , Narula , N. , Tanzer , G. , Lovejoy , J. , Colavita , M. , Virza , M. and Dryja , T . Cryptanalysis of curl-p and other attacks on the IOTA cryptocurrency. IACR Cryptology ePrint archive report 2019\/344 ; https:\/\/eprint.iacr.org\/ 2019 \/344. Heilman, E., Narula, N., Tanzer, G., Lovejoy, J., Colavita, M., Virza, M. and Dryja, T. Cryptanalysis of curl-p and other attacks on the IOTA cryptocurrency. IACR Cryptology ePrint archive report 2019\/344; https:\/\/eprint.iacr.org\/2019\/344."},{"key":"e_1_2_1_15_1","unstructured":"Householder A. Wassermann G. Manion A. and King C. The CERT Guide to Coordinated Vulnerability Disclosure. Special Report CMU\/SEI-2017-SR-022.  Householder A. Wassermann G. Manion A. and King C. The CERT Guide to Coordinated Vulnerability Disclosure. Special Report CMU\/SEI-2017-SR-022."},{"key":"e_1_2_1_16_1","volume-title":"All Android-created Bitcoin wallets vulnerable to theft. Ars Technica","author":"Hutchinson L.","year":"2018","unstructured":"Hutchinson , L. All Android-created Bitcoin wallets vulnerable to theft. Ars Technica , 2018 ; https:\/\/bit.ly\/2SMHiy5\/. Hutchinson, L. All Android-created Bitcoin wallets vulnerable to theft. Ars Technica, 2018; https:\/\/bit.ly\/2SMHiy5\/."},{"key":"e_1_2_1_17_1","volume-title":"Zcoin's Zerocoin bug explained in detail. Blog post","author":"Insom P.","year":"2017","unstructured":"Insom , P. Zcoin's Zerocoin bug explained in detail. Blog post , 2017 ; https:\/\/zcoin.io\/zcoins-zerocoin-bug-explained-in-detail\/. Insom, P. Zcoin's Zerocoin bug explained in detail. Blog post, 2017; https:\/\/zcoin.io\/zcoins-zerocoin-bug-explained-in-detail\/."},{"key":"e_1_2_1_18_1","unstructured":"Juarez A.M. Fraudulent transactions allowed by the CryptoNote key image bug remain valid. Archived version of Bytecoin GitHub; https:\/\/bit.ly\/2WbYkrn.  Juarez A.M. Fraudulent transactions allowed by the CryptoNote key image bug remain valid. Archived version of Bytecoin GitHub; https:\/\/bit.ly\/2WbYkrn."},{"key":"e_1_2_1_19_1","volume-title":"Dispute over digital music muzzles academic. Nature 411, 6833","author":"Lok C.","year":"2001","unstructured":"Lok , C. Dispute over digital music muzzles academic. Nature 411, 6833 ( 2001 ), 5. Lok, C. Dispute over digital music muzzles academic. Nature 411, 6833 (2001), 5."},{"key":"e_1_2_1_20_1","volume-title":"Disclosure of a major bug in CryptoNote based currencies. Blog post","author":"Riccardo","year":"2017","unstructured":"luigi1111 and Riccardo \"fluffypony\" Spagni. Disclosure of a major bug in CryptoNote based currencies. Blog post , 2017 ; https:\/\/bit.ly\/2xHiTmb. luigi1111 and Riccardo \"fluffypony\" Spagni. Disclosure of a major bug in CryptoNote based currencies. Blog post, 2017; https:\/\/bit.ly\/2xHiTmb."},{"key":"e_1_2_1_21_1","volume-title":"README of libzerocoin","author":"Miers I.","year":"2013","unstructured":"Miers , I. README of libzerocoin , 2013 ; https:\/\/bit.ly\/2L94ORJ. Miers, I. README of libzerocoin, 2013; https:\/\/bit.ly\/2L94ORJ."},{"key":"e_1_2_1_22_1","volume-title":"Proceedings of the 2013 IEEE Symp. on Security and Privacy.","author":"Miers I.","unstructured":"Miers , I. , Garman , C. , Green , M. and Rubin , A . Zerocoin: Anonymous distributed e-cash from Bitcoin . In Proceedings of the 2013 IEEE Symp. on Security and Privacy. Miers, I., Garman, C., Green, M. and Rubin, A. Zerocoin: Anonymous distributed e-cash from Bitcoin. In Proceedings of the 2013 IEEE Symp. on Security and Privacy."},{"key":"e_1_2_1_23_1","volume-title":"Proceedings of the Workshop on the Economics of Information Security","author":"Miller D.","year":"2007","unstructured":"Miller , D. The legitimate vulnerability market: Inside the secretive world of 0-day exploit sales . In Proceedings of the Workshop on the Economics of Information Security . Carnegie Mellon University, Pittsburgh, PA , 2007 . Miller, D. The legitimate vulnerability market: Inside the secretive world of 0-day exploit sales. In Proceedings of the Workshop on the Economics of Information Security. Carnegie Mellon University, Pittsburgh, PA, 2007."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3155808"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1900546.1900559"},{"key":"e_1_2_1_26_1","volume-title":"Effective cryptocurrency regulation through blacklisting","author":"M\u00f6ser M.","year":"2019","unstructured":"M\u00f6ser , M. and Narayanan , A . Effective cryptocurrency regulation through blacklisting , 2019 ; https:\/\/maltemoeser.de\/paper\/blacklisting-regulation.pdf. M\u00f6ser, M. and Narayanan, A. Effective cryptocurrency regulation through blacklisting, 2019; https:\/\/maltemoeser.de\/paper\/blacklisting-regulation.pdf."},{"key":"e_1_2_1_27_1","volume-title":"Glossary item in developer documentation. Dash project","author":"Multi-Phased Fork","year":"2017","unstructured":"Multi-Phased Fork . Glossary item in developer documentation. Dash project , 2017 ; https:\/\/dash-docs.github.io\/en\/glossary\/spork. Multi-Phased Fork. Glossary item in developer documentation. Dash project, 2017; https:\/\/dash-docs.github.io\/en\/glossary\/spork."},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the 2019 Financial Cryptography and Data Security Conf. I. Goldberg and T. Moore, eds.","author":"Reibel P.","unstructured":"Reibel , P. , Yousaf , H. and Meiklejohn , S . An exploration of code diversity in the cryptocurrency landscape . In Proceedings of the 2019 Financial Cryptography and Data Security Conf. I. Goldberg and T. Moore, eds. Reibel, P., Yousaf, H. and Meiklejohn, S. An exploration of code diversity in the cryptocurrency landscape. In Proceedings of the 2019 Financial Cryptography and Data Security Conf. I. Goldberg and T. Moore, eds."},{"key":"e_1_2_1_29_1","volume-title":"A cryptographic flaw in Zerocoin (and two critical coding issues). Blog post","author":"Ruffing T.","year":"2018","unstructured":"Ruffing , T. , Thyagarajan , S. , Ronge , V. and Schr\u00f6der , D . A cryptographic flaw in Zerocoin (and two critical coding issues). Blog post , 2018 ; https:\/\/bit.ly\/2WAib2B Ruffing, T., Thyagarajan, S., Ronge, V. and Schr\u00f6der, D. A cryptographic flaw in Zerocoin (and two critical coding issues). Blog post, 2018; https:\/\/bit.ly\/2WAib2B"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVCBT.2018.00023"},{"key":"e_1_2_1_31_1","volume-title":"Government's Role in Vulnerability Disclosure. Harvard Kennedy School discussion paper","author":"Schwartz A.","year":"2016","unstructured":"Schwartz , A. and Knake , R . Government's Role in Vulnerability Disclosure. Harvard Kennedy School discussion paper , 2016 . Schwartz, A. and Knake, R. Government's Role in Vulnerability Disclosure. Harvard Kennedy School discussion paper, 2016."},{"key":"e_1_2_1_32_1","volume-title":"Zcash counterfeiting vulnerability successfully remediated. Blog post","author":"Swihart J.","year":"2019","unstructured":"Swihart , J. , Winston , B. , and Bowe , S . Zcash counterfeiting vulnerability successfully remediated. Blog post , 2019 ; https:\/\/bit.ly\/2YDO790\/. Swihart, J., Winston, B., and Bowe, S. Zcash counterfeiting vulnerability successfully remediated. Blog post, 2019; https:\/\/bit.ly\/2YDO790\/."},{"key":"e_1_2_1_33_1","volume-title":"The multi-sig hack: A postmortem","author":"Parity Technologies","year":"2017","unstructured":"Parity Technologies . The multi-sig hack: A postmortem , 2017 ; https:\/\/www.parity.io\/the-multi-sig-hack-a-postmortem\/. Parity Technologies. The multi-sig hack: A postmortem, 2017; https:\/\/www.parity.io\/the-multi-sig-hack-a-postmortem\/."},{"key":"e_1_2_1_34_1","volume-title":"A postmortem on the parity multi-sig library self-destruct","author":"Parity Technologies","year":"2017","unstructured":"Parity Technologies . A postmortem on the parity multi-sig library self-destruct , 2017 ; https:\/\/www.parity.io\/a-postmortem-on-the-parity-multi-sig-library-self-destruct\/. Parity Technologies. A postmortem on the parity multi-sig library self-destruct, 2017; https:\/\/www.parity.io\/a-postmortem-on-the-parity-multi-sig-library-self-destruct\/."},{"key":"e_1_2_1_35_1","volume-title":"CryptoNote v 2.0. White Paper","author":"van Saberhagen N.","year":"2013","unstructured":"van Saberhagen , N. CryptoNote v 2.0. White Paper , 2013 ; https:\/\/cryptonote.org\/whitepaper.pdf. van Saberhagen, N. CryptoNote v 2.0. White Paper, 2013; https:\/\/cryptonote.org\/whitepaper.pdf."},{"key":"e_1_2_1_36_1","volume-title":"Disclosure: Consensus bug indirectly solved by BIP66. Bitcoin development mailing list","author":"Wuille P.","year":"2015","unstructured":"Wuille , P. Disclosure: Consensus bug indirectly solved by BIP66. Bitcoin development mailing list , 2015 ; https:\/\/bit.ly\/2zeC5rX. Wuille, P. Disclosure: Consensus bug indirectly solved by BIP66. Bitcoin development mailing list, 2015; https:\/\/bit.ly\/2zeC5rX."},{"key":"e_1_2_1_37_1","volume-title":"Further disclosure on Zerocoin vulnerability. Blog post","author":"Yap R.","year":"2019","unstructured":"Yap , R. Further disclosure on Zerocoin vulnerability. Blog post , 2019 ; https:\/\/zcoin.io\/further-disclosure-on-zerocoin-vulnerability\/. Yap, R. Further disclosure on Zerocoin vulnerability. Blog post, 2019; https:\/\/zcoin.io\/further-disclosure-on-zerocoin-vulnerability\/."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2701411"}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3372115","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3372115","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:45:06Z","timestamp":1750203906000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3372115"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,9,23]]},"references-count":38,"journal-issue":{"issue":"10","published-print":{"date-parts":[[2020,9,23]]}},"alternative-id":["10.1145\/3372115"],"URL":"https:\/\/doi.org\/10.1145\/3372115","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"value":"0001-0782","type":"print"},{"value":"1557-7317","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,9,23]]},"assertion":[{"value":"2020-09-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}