ZenCash Attack Proves Consensus Can Be Cheated

By Dmitriy

Another 51% attack where one person or party controls 51% of the hash rate, has followed the Bitcoin Gold hack, with niche cryptocurrency ZenCash being the new victim, resulting in the theft of hundreds of thousands of dollars worth of tokens.

As said before, cryptocurrencies with smaller networks tend to fall victim to such hacks, as attackers have to build a considerably smaller grip to completely cover more than 51% of the node systems. This is exactly what occurred with ZenCash, where over a period of four hours, attackers used masses of computing power to take control of the blockchain and create alternate histories, thereby letting them spend their ZenCash twice.

The hash rate influx allowed the attacker(s) to reorganize the blockchain several times, with the largest rollback reversing as many as 38 blocks.

The attacker was able to double spend two massive transactions – 13,000 and 6,600 ZEN – worth more than $550,000 at current prices, according to a statement made by the development team.

An app called Crypto51 provides insights into how much a 51% attack would technically cost to perform if rented from existing networks. The app looks at the hash rate, or global computing power currently mining different cryptocurrencies. In the case of ZenCash, the attacker would theoretically only need to spend around $30,000 to complete the double-spend hack.

Because the attackers covered their tracks, no one quite knows what they did with it, but it was definitely very profitable.

Blockchain networks like Bitcoin and Ethereum, which are exponentially larger compared to ZenCash, would require a multitudinal expenditure to complete a 51% attack — $717,000 for just one hour, according to Crypto51. Although the required rental power isn’t available in the world as of now, if an organization was to somehow get a hold of enough hashing power, those currencies would be just as vulnerable and could be attacked in much the same way.

The previous attacks on Bitcoin Gold and Verge required further less hashing power compared to ZenCash. The subsequent attack could be conclusive of a trend of upward trajectory attacks that could grow in size and end up attacking the bigger networks in no time.

When 51% attacks were considered in the past, most calculations included the cost of hardware, electricity, and maintenance. But this new “rent-an-attack” method is proving dangerous for smaller networks.