It’s turning out that executing a 51% attack on cryptocurrency networks is not as difficult as people initially thought it to be – not on smaller altcoin networks at lest. In the recent days a number of altcoin networks have been compromised through these attacks, which include some popular networks as well (i.e. Bitcoin Gold, Verge, Monacoin). Now after these networks a new privacy focused altcoin called ZenCash has also suffered from 51% attack over the weekend. The shocking news came as developers of ZenCash officially confirmed the attack, leaving entire crypto community in dismay.
According to statement released by ZenCash, the network was compromised by a malicious miner who successfully took over at least 51% of total ZenCash network hashrate for some time. The attacker also did 3 double-spend transactions during the period when he had majority control of the network, and this happened on 3rd of June at 8:13 AM IST.
As we explained previously in similar articles, in order to successfully execute a 51% attack the miner must have more hashing power at disposal than the combined hashing power of remaining miners in the network. Even if this majority hashpower is acquired for a short while, the miner in charge of this power can use it to make his version of blockchain bigger than the rest of the network. This is typically achieved by not making some mined blocks public. That way the chain of miner who is in charge of majority hashpower grows bigger than the rest of chain by accumulating more proof of work. That bigger version of blockchain may then be utilized by attacker at any point of time to reorganize the rest of chain according to his own preferences. He can do transactions and then reverse them by making his secret version of chain public to the entire network, which will then be accepted by the the network because of containing the most Proof of Work.
In case of ZenCash attacker did what was done recently in case of Bitcoin Gold. He sent ZEN tokens to some exchanges, withdrew them to another wallet under his control and then reversed the initial transactions in which he had sent the tokens to exchanges. That way he effectively never sent anything to exchanges, but got his own wallets credited by exchanges. The attacker reportedly made off with a hefty 23,152 ZEN tokens in his 3 transactions, which were worth over $700,000 in value at the time of attack.
Also I’d like to clarify that though named similarly, ZenCash and Zcash are different things and should not be confused. But yes, both come from same family of cryptocurrencies: ZenCash is a fork of ZClassic, and ZClassic is a fork of Zcash. And that’s why both are privacy-centric cryptocurrencies. However, if they’re compromised like this, it raises the question of how worthwhile their privacy offering is when money held in them can vanish at anytime? Wouldn’t it be better to have less privacy but more security provided by bigger networks like Bitcoin and Ethereum? Share your thoughts in the comments.