Reconciling Replays and Reimbursing Victims
One of the biggest challenges in doing a chain split is to protect against replay attacks, which are transactions on one chain being maliciously or fraudulently replayed on another blockchain. Blockchain splits leave two chains that are similar enough to each other to face this issue.
ZenCash (ZEN) suffered 26 replayed transactions within the range of blocks 110,002 to 120,600, after which code updates ended the threat.
We take this very seriously and find it unacceptable that users suffered losses to either mistake or malicious attack, therefore we’re reimbursing all known victims.
Here’s What You Need to Do
If you believe you’re a victim of one of these replayed Tx, please do the following:
- Amount lost, ZenCash address, and txid(s) if you have it.
- Sign and broadcast a message from the victimized address and send me the message and hash output so I can verify, or
- Send a small amount from the victimized address to znmnQvkytYdVp9GqGCtbDeFxy2uf5AcXR4k
In either case, send the information to me at email@example.com. Note that if you choose to sign a message from the address, you do not need to send any funds from it to prove it’s yours.
How to Sign a Message on ZenCash
From the command line you can use the
./zen-cli signmessage "address" "message"
The message can be anything you want, but I have a preference for cool things such as “I heart Zen”. Here’s an example:
./zen-cli signmessage "znmnQvkytYdVp9GqGCtbDeFxy2uf5AcXR4k" "I heart Zen"
I’ll need all of the information above to verify that you are, in fact, the owner of the victimized address. This means I need the address, your message exactly as input, and the hash output.
As soon as we can verify that you are the owner of one of the victimized addresses, we will disburse funds within 24 hours. Our deepest apologies to anyone who suffered loss, but we are committed to supporting our community through the good times and the bad!