ZenCash to Undergo 51% Attack

The attacker was able to double spend two large transactions for a total of $ 550,000
04 June 2018   1284

The network of ZenCash cryptocurrency was attacked. The initiator of the attack, which captured more than 51% of the hashrate of the network, was able to reorganize the blocks in the blockchain and double spend two large transactions. This is reported by Bitcoinist.

ZenCash cryptocurrency was attacked; one miner was able to take 51% of the network's processing capacity. This allowed the initiator of the attack several times to reorganize the blocks in the blockchain, and the largest modified chain contained 38 blocks. The attacker was able to double spend two large transactions for a total of $ 550,000. Mining-pool operators alerted the ZenCash team about the issues. ZenCash team recommended that all exchanges to increase the number of transaction confirmations.

During the attack, approximately 110 blocks were mined, and its duration was about 4 hours. 1 hour of this attack costs the organizer $ 7,700.

ZenCash is a crypto currency with the Proof-of-Work mechanism of consensus and the Equihash mining algorithm. 

Vulnerability to be Found in Zcash Implementations

The bug that allows metadata leakage existed since the Zcash protocol release and is present in all branches of the source code
30 September 2019   105

An error in all implementations of Zcash and most of its forks allows you to reveal the IP address of the full node to which the protected address belongs (zaddr).

Komodo ex community contributor Jonathan Leto said on the blog that the bug has existed since the Zcash protocol release and is present in all branches of the source code. The vulnerability allows metadata leakage, including the IP addresses of nodes, which “strongly contradicts” the principles of Zcash development.

According to the report, the vulnerability could affect anyone who published their secure address or provided it to a third party.

A detected error will not lead to data leakage if the user only sent funds to other zaddr but did not receive it. It eliminates the value of IP address disclosure for attackers using the Tor browser, Komodo developer recalled.

Summer brought a complete list of affected coins: Zcash (ZEC), Hush (HUSH), Pirate (ARRR), Horizen (ZEN), Zero (ZER), VoteCoin (VOT), Snowgem (XSG), BitcoinZ (BTCZ), LitecoinZ ( LTZ), Zelcash (ZEL), Ycash (YEC), Arrow (ARW), Verus (VRSC), Bitcoin Private (BTCP), ZClassic (ZCL), Anon (ANON) and all Komodo smart chains (KMD). He recalled that KMD had historically had zaddr, but the feature was subsequently disabled.