ZenCash was the latest victim to the public blockchain sector’s ultimate scourge; 51 percent attacks. The privacy-centric altcoin joins a growing list of cryptocurrencies succumbing to the attack in recent times, including bitcoin gold, eletroneum, and verge.
The ZEN Attack
As per an official statement released by ZenCash (ZEN), a deceitful miner/s launched the attack on June 2, 2018. However, the foundation immediately deployed “mitigation procedures to significantly increase the difficulty of future attacks on the network.”
Details of the attack are as follows:
- 6/2 (20:26 EDT) – Pool operators warn ZEN of a potential 51 percent attack,
- 6/2 (20:34 EDT) – ZEN developers launch an investigation and evaluate hash power distribution, in parallel exchanges quickly notified to increase confirmation times,
- 6/2 (20:42 EDT) – Results of Investigation confirmed that the suspect transaction was a double spend,
- 6/3 (09:00 EDT) – An official statement issued by ZEN,
- 6/6 (09:46 EDT) – Rob Viglione, co-founder of ZEN, responded to the attacks and dispelled community misconceptions.
As observed, the ZEN network hash rate at the time of attack reached 58MSol/s. Thus, it is believed that the hacker was a large organization with enough mining power to execute the attack.
ZEN revealed the suspected pool address in their statement. The attack seemed to originate from wallet address znkMXdwwxvPp9jNoSjukAbBHjCShQ8ZaLib and occurred between blocks 318165 and 318275. Additionally, several reorganizations of the blockchain were performed by the attackers, and they executed double spends between block 318204 and 318234 the attacker(s) performed double-spend attacks.
As revealed, the fraudulent deposits were made at exchange address zneDDN3aNebJUnAJ9DoQFys7ZuCKBNRQ115.
Security Concerns Addressed
To dispel security concerns, ZEN stated:
“Increasing required confirmations to 100 makes another attack highly unlikely, ZenCash remains committed to ensuring the security of its customers’ funds and recommends that our users contact exchanges directly with any specific security-related questions.”
The foundation added that funds are best secured in cold storage wallets such as a paper wallet or a Ledger Nano S.
Additionally, Viglione addressed the ZEN community on a podcast:
#ZenCash Co-founder dispels misconceptions about 51% attack. 1) supply remains intact, 2) the event was fraud against an exchange, 3) private keys & off-exchange ZEN are safe. 4) Zen's actions to block this threat for all POW coins. Read more here: https://t.co/txOzB9dmPB pic.twitter.com/Ma7AVDCteK
— ZenCashOfficial [No Free ETH] (@zencashofficial) June 6, 2018
ELI5: 51 Percent Attack
For the uninitiated, a 51 percent attack severely affects a blockchain network and occurs after hackers secure a majority of the network’s hashrate.
Once secured, attackers can confirm fraudulent blocks and conduct “double spend” attacks by simultaneously depositing digital tokens at an exchange and confirming a transaction that sends the same coins to their wallet.
Also, attackers can successfully fork the blockchain, and they possess a majority consensus of the network and reverse the exchange transactions to a separate wallet. This proves to be a largely profitable venture and can lead to millions of dollars in profits for fraudulent parties.
In the ZenCash attack, it is reported that a total of 23,152 ZEN were made of these exploits, worth $700,000 at the time.
With a market cap of $88 million, ZenCash is the world’s 141st largest cryptocurrency by market cap and forked from privacy protocol ZClassic in May 2017. ZEN currently trades at $22.37 at the time of writing, down over 30 percent after the news of the attack emerged.