ZenCash Statement on Double Spend Attack
Latest update 8 June 2018 14:01 EDT. [FAQ section added]
The Zen network was the target of a 51% attack on 2 June at approximately 8:26 pm EDT (03 June 00:26 hrs UTC). The Zen team immediately executed mitigation procedures to significantly increase the difficulty of future attacks on the network.
Sequence of events:
- 6/2 (2026 EDT) – Received warning of potential attack from one of our pool operators
- 6/2 (2034 EDT) – Immediately initiated investigation and evaluated hash power distribution
- 6/2 In parallel, contacted exchanges to increase confirmation times
- 6/2 (2042 EDT) – Investigation showed that the suspect transaction was a double spend
- 6/3 – present – In progress: Additional forensics and jointly investigating with the affected exchange
- 6/3 (0900 EDT) – Released this official announcement about the attacks(edited)
- 6/4 (1150 EDT) – Released new finding on the investigation
- 6/6 (0946 EDT) – Co-founder, Rob Viglione, issued statement responding to the attacks and dispel misconceptions
A 51% attack or double spend is a major risk for all distributed, public blockchains. All Equihash-based networks are exposed to an influx of new Equihash power and therefore the best short-term mitigation strategy is to recommend that all exchanges increase their minimum required confirmations to at least 100.
WHAT WE KNOW SO FAR
At the time of the attack the Zen network hash rate was 58MSol/s. It is possible that the attacker has a private mining operation large enough to conduct the attack and/or supplement with rental hash power. Net hash rate is derived from the last mined block and therefore live hash rate statistics are not available.
The suspect pool address is znkMXdwwxvPp9jNoSjukAbBHjCShQ8ZaLib. Between blocks 318165 and 318275, the attacker(s) caused multiple reorganizations of the blockchain, reverting 38 blocks in the longest reorganization. In block 318204 and 318234 the attacker(s) performed double-spend attacks.
Note: Bittrex had transaction confirmation of 150 prior to the attack and therefore was not the target of the attack.
1st Double Spend – 3,317.4 ZEN (new finding)
Orphaned transaction
https://explorer.horizen.io/tx/e3a232af6d1175ad061b95f9bc12898fa22d6adcb2e9fdc9f45a2ff6711e5f93
In orphaned block
https://explorer.horizen.io/block/000000006fbe8353edc35b8d3a08ae60f689b92a5493f59995ccd1f0209bda29
Double-spend transaction
https://explorer.horizen.io/tx/cb072b3755547362b26fa32992380528d4f5f25b63d24bb50466a733b8edd513
Included in attacker block
https://explorer.horizen.io/block/00000000245571c7c62059b7bf951c613c6d733242ead752767dc6e632a80128
2nd Double Spend – 6,600 ZEN (previously believed to be the first double spend)
Orphaned transaction
https://explorer.horizen.io/tx/574255141dd0b7c89e339e96ff46af818dcb298311ec13660eaf621d5b8f4f84
In orphaned block
https://explorer.horizen.io/block/000000006be2c36df986223a4d37a520d1028e0db85db9277d9b14e811d243f3
Double-spend transaction
https://explorer.horizen.io/tx/60b6555144530a0dce591ad7121a99464454821a25bb2ae3464c2ea6d2274003
Included in attacker block
https://explorer.horizen.io/block/000000002e501b0a74eeae80091eddea52c8cd0f677f6de13abe0420af8397d9
3rd Double Spend – 13,234.9 ZEN (previously believed to be 2nd double spend)
Orphaned transaction
https://explorer.horizen.io/tx/1fdca015076dc3578a06f0cee0a6b97f9993a129bb4559289c94a56e5ea618cf
In orphaned block
https://explorer.horizen.io/block/00000000129b387f2980e70a8c7ba90eda0bb674a2cd197a0edb1aefa723f62c
Double-spend transaction
https://explorer.horizen.io/tx/17c14153004c701b4986fa1368fb9b2711953723d696258f451786b91c8dfa46
Included in attacker block
https://explorer.horizen.io/block/000000003b6cc6af447c4a422dd41b306211f9fc2990c744bae55c42df2a3b28
The suspect exchange deposit address is
zneDDN3aNebJUnAJ9DoQFys7ZuCKBNRQ115
FAQ
- Is my money safe?
Increasing required confirmations to 100 makes another attack highly unlikely, however, if you have any specific concerns about the general security of exchange platforms, please contact the exchange directly. As always, we recommend that users store their funds in wallets that they control such as cold storage with something like a Ledger Nano S or paper wallet.
- Did the ZenCash (ZEN) coin supply change due to the 51% attack?
No, the supply of ZEN remains 21 million. No additional ZEN was created as a result of this attack. The attacker effectively stole 23,000 ZEN from an exchange partner. The attacker effectively tricked the exchange into giving them $600,000 equivalent from the exchange for ZEN that they did not spend. The overall supply has not changed.
- Was ZenCash hacked?
No, ZenCash was not hacked. Computer hacking refers to the practice of modifying or altering computer software and hardware to accomplish a goal that is considered to be outside of the creator’s original objective. Proof-of-work is intentional design and proposed solution for double spend from creator of Bitcoin – Satoshi, with its weakness (51% attack) clearly explained. A 51% attack is possible with any PoW coin and some instances of PoS. Meaning all PoW coins are susceptible to this type of attack.
- What is a 51% attack?
A 51% attack is when a malicious miner acquires sufficient hash rate to inject fraudulent blocks to a blockchain. The typical attack profile is the criminal will privately mine a sequence of blocks, send a valid transaction of his own funds to an exchange, trade that cryptocurrency for another and withdraw funds, then inject the sequence of fraudulent blocks into the chain that invalidate his previous transaction. Key points here are that no new coins are created, and it is only the criminal’s own coins that he can manipulate by reversing a transaction. Everyone else’s coins are safe in that their private keys are secure and completely independent of this type of attack. The bottom line is that this type of attack is an instance of fraud against a specific victim that is conned into believe a transaction has occurred when it will simply be rescinded by the attacker.
The ZenCash chain experienced a 51% attack, which is a legacy threat from proof-of-work consensus. What happened was the attacker sent a transaction mined from a private chain onto the legitimate chain, then isolated their own attack chain where they double spent the same inputs. This attack chain was then mined longer than the legitimate chain, and once they had a long enough chain, released the attack chain. Due to consensus rules, inherited from bitcoin, it was the longest chain so it became the new chain and all of the blocks mined on the previous legitimate chain were orphaned. This is not a hack, but more of the way the inherited bitcoin consensus works. We are looking to change this.
- Was new ZEN created during the attack?
No, no additional ZEN was created as a result of this attack. See question #2 for more details.
- Were my private keys hacked as a result of the attack?
No, your private keys are safe. At no point during this attack were anyone’s private keys at risk of being compromised. The ZEN blockchain was not hacked, the attacker simply exploited the consensus mechanism that we share with Bitcoin (BTC) in order to trick an exchange into handing over a large volume of currency in exchange for ZEN that they fraudulently represented as deposited.
To put it simply, one of our exchange partners was robbed.
- Is ZenCash considering PoS?
We would be irresponsible not to consider proof-of-stake (PoS), but as of now have no design plans in works. If we were to ever go down this architectural path, we’d want extensive R&D, community feedback, prototyping, and rigorous testing. We’re quite a bit away from that at the moment.
- What steps are being take to mitigate another 51% attack?
Three solutions on the table currently are to
1) Require block hash pointers to n > 1 blocks whenever there are parallel blocks reported on the network.
2) Introduce a penalty metric for delayed block reporting (with a complementary option to dynamically adjust difficulty based on the penalty metric),
3) To use our node system as a sort of notarization service that effectively layers proof-of-stake on top of the current proof-of-work.
- Why was there a successful attack if ZenCash is so decentralized?
This attack is possible against proof-of-work (PoW) coins, no matter how minable. The ease of acquiring Equihash mining power recently has drastically reduced the cost of this attack. To be clear, we are typically the second or third most heavily mined Equihash coin, so it’s not like we are a tiny project with no hash rate. The cost of executing these attacks has simply collapsed to the point where they’re increasingly feasible for what were previously thought to be acceptable block confirmation intervals. In the near term, we have to encourage industry practices to increase minimum block confirmations before considering transactions immutable, but in the intermediate term we should be looking to improve Satoshi consensus to make these attacks technically infeasible.
- Why did ZenCash not prevent the attack?
ZenCash were aware of an increased risk of a 51% being carried out against an Equihash coin due to the huge volume of cheap hash power that is available from sites like NiceHash. The attacker mined in private which meant that they were undetectable until they started broadcasting their illegitimate chain to our network. As soon as the attack was recognised, our entire team sprung into action and immediately notified all of our exchange and business partners in order to make another double spend considerably more difficult to accomplish.
11. If ZenCash has such a large secure node network, why it was still attacked successfully?
Secure nodes aren’t meant to protect against 51% mining attack, they add different stakeholder group to new coin emission which reduces 51% attack on our stake voting system. We are also building sidechains running on nodes, and layered TLS into them for added privacy.
If you still can’t find your answer, please ask your question in the comment section below.
The Zen team will continue monitoring the network and conducting forensic analysis with the affected exchange. All information gathered will be provided to the appropriate authorities.
ZenCash remains committed to ensuring the security of its customers’ funds and recommends that our users contact exchanges directly with any specific security-related questions. ZenCash also remains committed to providing timely customer service to our community and will provide regular updates on the situation as it develops. Please follow us on social media to receive the latest update on this ongoing investigation.
June 3, 2018 @ 10:11 am
POS is the future, more pools and less hashrate sales will probably work too.
June 4, 2018 @ 7:35 am
Jeez, five pages of autobot links. Copy/paste as a way of life.
Take the Monero route. Make your algorithm as ASIC unfriendly as possible and allow for regular modifications. The more mainstream hardware you have mining the better.
And integrate your securenodes and (upcoming) supernodes into the process in some way. There’s a massive resource right there, right now, doing little other than synthetic challenges even before you get the supernodes sorted out. (I know, a trivial endeavour to get the nodes validating blocks)
You have all the pieces.
June 5, 2018 @ 10:41 pm
Has there been any consideration by the Dev team to the use of ProgPOW ( Progressive POW Algo ) ?
Атака 51%: можно ли взять блокчейн под контроль? — Bloomchain (Блумчейн.ру)
July 12, 2018 @ 4:59 am
[…] начале июня злоумышленники атаковали криптовалюту ZenCash. Хакеры перехватили контроль над блокчейном валюты и […]
A Brief Update on the Pending Upgrade - General and comprehensive content
August 17, 2018 @ 2:55 pm
[…] we’ve learned, and to work together to improve the safety of the crypto space. The recent Double Spend attacks using ZenCash remind us that we’re not out of the woods, […]
How Can Emerging Cryptocurrencies Prevent Attacks? – BTC Crypto News
September 13, 2018 @ 3:27 pm
[…] of the hash rate, enabling them to reorganize the blockchain and reverse blocks. According to a statement from the development team, this attacker was able to double spend two large transactions worth […]
How Can Emerging Cryptocurrencies Prevent Attacks? – BTC News Paper
September 13, 2018 @ 3:43 pm
[…] of the hash rate, enabling them to reorganize the blockchain and reverse blocks. According to a statement from the development team, this attacker was able to double spend two large transactions worth […]
How Can Emerging Cryptocurrencies Prevent Attacks? – Online Coin News
September 13, 2018 @ 4:09 pm
[…] of the hash rate, enabling them to reorganize the blockchain and reverse blocks. According to a statement from the development team, this attacker was able to double spend two large transactions worth […]
How Can Emerging Cryptocurrencies Prevent Attacks? – Top Coins News
September 13, 2018 @ 4:14 pm
[…] of the hash rate, enabling them to reorganize the blockchain and reverse blocks. According to a statement from the development team, this attacker was able to double spend two large transactions worth […]
Less than 1% of users buy subscriptions with cryptocurrency | Today Tech Life
September 28, 2018 @ 10:24 am
[…] While Pornhub says it seeks to supply funds in “cryptocurrencies that put user privacy and security at the forefront,” solely ZenCash and Verge come with built-in anonymity. That mentioned, each have dealt with technical difficulties, having to fend off 51 percent assaults earlier this year. […]
Pornhub: Less than 1% of users buy subscriptions with cryptocurrency - The Next Blog
September 28, 2018 @ 10:27 am
[…] Whereas Pornhub says it seeks to supply funds in “cryptocurrencies that put consumer privateness and safety on the forefront,” solely ZenCash and Verge include built-in anonymity. That stated, each have handled technical difficulties, having to fend off 51 percent assaults earlier this year. […]
Pornhub: Less than 1% of users buy subscriptions with cryptocurrency – Persian Version
September 28, 2018 @ 10:59 am
[…] While Pornhub says it seeks to offer payments in “cryptocurrencies that put user privacy and security at the forefront,” only ZenCash and Verge come with built-in anonymity. That said, both have dealt with technical difficulties, having to fend off 51 percent attacks earlier this year. […]
Pornhub: Lower than 1% of users rob subscriptions with cryptocurrency - TMSS Magazine
September 28, 2018 @ 12:01 pm
[…] Whereas Pornhub says it seeks to present funds in “cryptocurrencies that build user privacy and security at the forefront,” handiest ZenCash and Verge attain with built-in anonymity. That acknowledged, each beget handled technical difficulties, having to fend off Fifty one % attacks earlier this year. […]
Pornhub: Less than 1% of users buy subscriptions with cryptocurrency – Tech Entourage
September 28, 2018 @ 5:52 pm
[…] While Pornhub says it seeks to offer payments in “cryptocurrencies that put user privacy and security at the forefront,” only ZenCash and Verge come with built-in anonymity. That said, both have dealt with technical difficulties, having to fend off 51 percent attacks earlier this year. […]
Our Vision for Distributed Ledger Technology – Constellation Labs Blog
October 1, 2018 @ 7:32 pm
[…] enough power can instantly destroy” a smaller network. “Anyone with enough stake can manipulate their markets and the consensus models don’t reinforce one another.” These types of consensus models […]
Bitcoin (BTC) vs Bitcoin Cash (BCH): What’s The Difference? | ScoredTech
October 7, 2018 @ 8:00 pm
[…] ZenCash (based on Equihash at time of the attack) was hit with a 51% attack. They experienced 3 double spends; the first for 3,317.4 ZEN, the second for 6,600 ZEN, and the third for 13,234.9 ZEN. The Zen Team recommended exchanges to increase required confirmations to 100 to deter the attack happening again (currently Binance & Cryptopia require 100 confirmations for ZEN deposits, and Bittrex requires 200). […]
Nano Donations By Reddit Users Help Venezuelan Families Buy Food – ScoredTech
October 9, 2018 @ 10:46 pm
[…] ZenCash (based on Equihash at time of the attack) was hit with a 51% attack. They experienced 3 double spends; the first for 3,317.4 ZEN, the second for 6,600 ZEN, and the third for 13,234.9 ZEN. The Zen Team recommended exchanges to increase required confirmations to 100 to deter the attack happening again (currently Binance & Cryptopia require 100 confirmations for ZEN deposits, and Bittrex requires 200). […]
Ataques a blockchains, minería encubierta y robos a casas de cambio durante 2018 | CriptoNoticias - Bitcoin, Blockchain, criptomonedas
December 22, 2018 @ 4:10 pm
[…] epidemia de ataques cesó en el mes de junio con un último suceso en la red de Zencash, un ataque del 51% que produjo perdidas de 550 mil dólares para aquel […]
Ethereum Classic's 51 Percent Attack a Lesson For Altcoins - Fast Crypto Trade
January 12, 2019 @ 4:47 pm
[…] a tumultuous June 2nd, on which it suffered three double-spend attacks for losses in excess of $120,000, Horizen–the crypto formerly known as ZenCash–upgraded its […]
Ethereum Classic’s 51 Percent Attack a Lesson For Altcoins - Fast Crypto Trade
January 12, 2019 @ 6:19 pm
[…] a tumultuous June 2nd, on which it suffered three double-spend attacks for losses in excess of $120,000, Horizen–the crypto formerly known as ZenCash–upgraded its […]
Ethereum Classic’s 51 Percent Attack a Lesson For Altcoins – BTC News Paper
January 12, 2019 @ 7:34 pm
[…] a tumultuous June 2nd, on which it suffered three double-spend attacks for losses in excess of $120,000, Horizen–the crypto formerly known as ZenCash–upgraded its […]
Ethereum Classic's 51 Percent Attack a Lesson For Altcoins | Bitcoin Daily
January 12, 2019 @ 7:43 pm
[…] a tumultuous June 2nd, on which it suffered three double-spend attacks for losses in excess of $120,000, Horizen–the crypto formerly known as ZenCash–upgraded its […]
Ethereum Classic's 51 Percent Attack a Lesson For Altcoins - Bitsonline - WavesWorld
January 12, 2019 @ 8:01 pm
[…] a tumultuous June 2nd, on which it suffered three double-spend attacks for losses in excess of $120,000, Horizen–the crypto formerly known as ZenCash–upgraded […]
Ethereum Classic’s 51 Percent Attack a Lesson For Altcoins – Coins News Update
January 12, 2019 @ 8:21 pm
[…] a tumultuous June 2nd, on which it suffered three double-spend attacks for losses in excess of $120,000, Horizen–the crypto formerly known as ZenCash–upgraded its […]
Ethereum Classic's 51 Percent Attack a Lesson For Altcoins - Bitsonline - Coin Hub News
January 12, 2019 @ 10:06 pm
[…] a tumultuous June 2nd, on which it suffered three double-spend attacks for losses in excess of $120,000, Horizen–the crypto formerly known as ZenCash–upgraded its […]
Ethereum Cl@55ic’s 51 Percent Attack a Lesson For Altcoins | Perle de Ayiti
January 12, 2019 @ 10:29 pm
[…] a tumultuous June 2nd, on which it suffered three double-spend attacks for losses in excess of $120,000, Horizen–the crypto formerly known as ZenCash–upgraded its […]
Ethereum Classic 51 pour cent attaque une leçon pour Altcoins | BlockBlog
January 12, 2019 @ 10:53 pm
[…] un 2 juin tumultueux, sur lequel il a souffert trois attaques à double dépense Pour des pertes dépassant 120 000 dollars, Horizen, l'ancienne crypto connue sous le nom de […]
Is the blockchain vulnerable? The 51% attack case | cryptoTheHeroes
January 25, 2019 @ 11:16 am
[…] ZenCash Statement: https://blog.horizen.io/zencash-statement-on-double-spend-attack/ […]
The Rise From A Malicious Attack – Horizen’s 51% Attack Solution - COINSPOT
February 15, 2019 @ 10:08 pm
[…] 2 June 2018, the Horizen (ZenCash at the time) network was the target of a 51% attack. One of our exchange partners was the victim of an attack where a malicious actor was able to spend […]
51% Attacks Force Blockchain Networks Into Decision Mode | ICO Ranker
April 21, 2019 @ 5:00 pm
[…] ZenCash’s proposal includes: […]
51% Attack, the Doom of POW Cryptocurrency and ASIC Miners? | EastShore Mining Devices
September 14, 2019 @ 5:41 am
[…] was attacked on June 3, 2018. The official website almost immediately declared the details such as the TXID, amount and wallet address of attacker during the three double-spending […]
The Rise From A Malicious Attack - Horizen's 51% Attack Solution - Horizen
July 31, 2020 @ 1:04 pm
[…] 2 June 2018, the Horizen (ZenCash at the time) network was the target of a 51% attack. One of our exchange partners was the victim of an attack where a malicious actor was able to spend […]
September 2, 2020 @ 5:52 am
Watch All Bigg Boss 14 Episodes…!