ZenCash, 51% attack. “It was a prepared attack.”
Luca Cermelli, ZEN‘s country manager for Italy, is convinced of this after the 51% hack that occurred a week ago against ZenCash.
Dr Cermelli, after the hack there was the reversal of two large transactions. A random episode or everything prepared in advance?
So let us try to clarify what happened.
ZenCash was hit by a double spending attack, also called a 51% attack, last weekend.
The criminals were able to get away with more than 23,000 ZENs being stolen from an exchange.
This is certainly not something we are proud of, but there have been some great misunderstandings about what this really means, what we are doing about it and what it might mean for the project in the long term.
It was certainly a prepared attack, in advance, and now we are focused on finding and implementing solutions so that it does not happen again. It is important to know, however, that:
Coins were not created from scratch.The event was a fraud against a specific victim, a valid exchange partner. Private keys, messages and all ZENs outside the exchange are perfectly secure.
What countermeasures did you take immediately?
Within the first hour of the attack, our rapid alert system was triggered. Our team of people dedicated to this type of emergency immediately took action. We have worked all night to remedy this.
First, we contained the damage, our exchange partner took measures to contain it, so our marketing team released a detailed update to the community the same morning.
This was the response of a professional team, aware of what they are doing.
We will use this as an opportunity to improve the whole industry. We will continue to push hard to deliver on our community promises.
Do you have structural countermeasures in mind to prevent a repetition of 51% attacks on Zencash?
We’re not the kind of team that gets knocked down or gives up. It is not in our DNA, so we are doing everything to ensure that such things do not happen again.
The consensus described by Satoshi imagined a more decentralized world than we have today in crypto. The vision was that every computer would be a miner, so the protection against the 51% attack was based on the assumption that it would be difficult to implement and that it would not be the best strategy from the economic point of view.
Playing by the rules had to be the dominant strategy to earn, for everyone.
Times have changed, however. Today we live in a world of ASICs, professional and well-capitalized mining farms, with hash rates rented through services such as Nicehash, which can be used instead of spending a lot of money on your own farm to temporarily hijack a network.
We are seeing that today a 51% attack is technically feasible and cost-effective for the executioner. Success is still an uncertain outcome, so it is mostly a bet, but as long as there is a reasonable expectation of profit, which is completely illegal, let us remember, we will see a steady stream of dishonest people ready to make an attempt.
Are there engineering solutions?
Of course, we must push for engineering solutions that make 51% attacks impossible. We already have some plans to eliminate this nonsense once and for all.
Double spends are not magic: they occur when attackers privately mine a sequence of blocks that they then put into the chain all at once in a way that gives their proof of work version a quid of higher “truth”.
A fact that induces the rest of the network to build blocks on the fraudulent chain. I repeat, it is not magic. There are some interesting ways we are looking at to make private mining unnecessary.
Three solutions are currently being studied:
Request the hash pointer of the block n > 1 blocks whenever there are parallel blocks on the network.
Introduce a penalty system for reporting delayed blocks (with a complementary option to dynamically adjust the difficulty based on the penalty system).
Use our node system as a kind of notary service that actually places proof-of-stake above the current proof-of-work.
What plans do you have for the future, beyond this episode?
The fact that one of our exchange partners has lost 23,000 ZENs is terrible, but the reality is that Zen has never been so strong. We have the second largest network of nodes in the industry with nearly 12,000 secure nodes, we are just a month from the significant increase in node remuneration to 20% which will almost certainly make Zen low-handed the largest network in the industry.
We have our voting system, based on game theory, already in prototype. We have significant core protocol updates ready for the next software update in July, we have a suite of new products ready for the market and we are in the process of designing an innovative sidechain architecture that will open up the system as a platform to rival the largest smart contract systems.
In addition, we must not forget the innovative blockDAG system that we are working on with our IOHK partners.
The blockDAG system would put our volume of transactions on a par with the Visa circuit and involve a complete rewriting of the protocol; finally we can stop calling ourselves forks of the fork of a clone and know what Zen really is – a powerful innovation led by a top team, supported by a passionate and devoted community.