The Rise From A Malicious Attack – Horizen’s 51% Attack Solution

Horizen is working hard to secure our network and prevent 51% attacks. Our engineering team improved the original Satoshi Consensus algorithm by creating a penalty mechanism to punish malicious miners. We hope this can be a long-term solution that will protect all proof-of-work coins that use the Bitcoin consensus.

On 2 June 2018, the Horizen (ZenCash at the time) network was the target of a 51% attack. One of our exchange partners was the victim of an attack where a malicious actor was able to spend their ZEN twice.

Within the first hour of the attack, our early warning system was tripped and the response team spun up. The Horizen team immediately executed mitigation procedures to significantly increase the difficulty of future attacks on the network. In the same morning of the attack, the team released an official statement including the sequence of events, addressed the community’s concerns, kept the community informed about the attack and Horizen’s actions.

The attack was a terrible event, but the reality is that Horizen has become stronger. Horizen Co-founder and team lead, Rob Viglione, released a statement on June 6th and clarified misconceptions about 51% attacks and let the public know that we were working on a few solutions that would protect the project from 51% attacks.

A 51% attack is when a malicious miner acquires enough hash rate to inject fraudulent blocks into a blockchain.

The typical attack will privately mine a sequence of blocks, send a valid transaction of the attackers own funds to an exchange, trade that cryptocurrency for another and withdraw funds, then inject the sequence of fraudulent blocks into the chain that invalidates his previous transaction.

No new coins are created. The criminal can use their own coins to manipulate the system by reversing a transaction.

The bottom line is that this type of attack is an instance of fraud against a specific target.

The attacker cons the target into believing a transaction has occurred, but it will be rescinded by the attacker.

The graphic on the right explains the steps that are involved in a 51% attack.

The longest chain rule, or Satoshi Consensus, worked well in the relatively decentralized environment of 2009. As the industry matured, mining resources concentrated and prices to lease hashing power dropped. As we’ve seen with many projects recently, it has become economically feasible for malicious actors to launch a 51% attack on operational public blockchain networks.

This vulnerability is a result of Satoshi’s longest chain rule. It allows an adversarial miner to push an entire sequence of privately mined blocks onto the blockchain. This creates an opportunity to confuse people or conduct a double spend attack.

To combat fraud, we’ve created the penalty mechanism for delayed block reporting. The penalty affects actors who try to mine blocks in private and later inject them into the chain. Malicious actors will be penalized based on block height. It is an elegant solution designed by our very own engineering team.

On 14 June 2018, Horizen released a whitepaper that proposes a novel adjustment to Satoshi Consensus that makes it exponentially more costly, and hence unlikely, to launch such attacks for any proof-of-work mineable cryptocurrency system.

On 7 September 2018, Horizen’s enhanced consensus code went live on testnet.

On 24 September 2018, Horizen successfully upgraded its core software to ZEN 2.0.15 and the enhanced consensus algorithm is live on mainnet.

We informed and encouraged all of our exchange partners about this update, and most of our partners decreased confirmation number for ZEN transactions since our upgrade.

For a more complete analysis of our proposal to modify the Satoshi Consensus, please read our whitepaper