ZCash is under attack

News from the crypto space, privacy coin ZCash in under attack, a spammer has taken advantage of the fee structure of the shielded transactions to highlight a weakness in the protocol design.

ZCash is under attack
ZCash is under attack

Work is currently underway to resolve this issue by ZCash’s foundation ECC, but it does offer the question, why did an audit not pick this up sooner?

ZCash has been experiencing an ongoing spam / DOS (Denial of service) attack. Privacy is the holy grail for Cryptocurrencies, and ZCash is one of the contenders for this title and has focused the majority of its efforts in this area.

The attack started at the beginning of June 2022, and at the time of publishing this has been on going for +3 months. The attack is related to Zcash’s shielded transactions and the fee for each transaction being low and not linked to transaction size. This is in contrary to the majority of on-chain transactions that are linked to the size. This attack has currently added approximately 90 GB to the size of the chain. Before the attack the chain was approximately 31 GB, It's now over 119 GB.

Blockchain Explorer - Zcash blockchain size chart

What's happening to the chain?

“Somebody's having fun spamming the ZCash blockchain with thousands of transactions a day and tripling its size to over 100 GB. A rough estimate is that this attack is costing them $10 a day in transaction fees.” @lopp

At first, the speculation was that ZCash had an influx of users, but this narrative soon changed to manipulation or bot activity, as we’ve seen in other chains aiming to falsify their market value.

“I thought txs must have just been really large and that accounted for the massive size of the chain, but in retrospect the tx count also didn't make sense, figured someone was churning to make them look active.” @JZ

“The node count also seems way off, went from 200 to 8k. There's no way there are more ZEC nodes than BTC nodes, especially at this chain size.- https://blockchair.com/zcash/nodes“ @JZ

ZEC Nodes

Transactions and Nodes

An on-chain and privacy enthusiast from the Monero community @xenumonero conducted further investigation to highlight this attack
- https://twitter.com/xenumonero/status/1577544987612520448

The ZCash spam attack continues. Almost every block contains a shielded transaction with hundreds of outputs. In doing so, the spammer can successfully blow up the size of the chain by maxing each 2mb block every 75 seconds. The cost of each spammed transaction? Less than a cent.

ZCash Transaction chart

The effects of this spam attack is also having an impact on ZCash node sync performance. The node has to perform many more computational operations per block once the attack begins around height 1,710,000 in June. Note: this is for a node that does NOT have to scan for wallet data. See for yourself!

Zcachd Full validation sync performance

ZCash Block Explorer – https://explorer.zcha.in/undefined
ZCash Transaction Chart – https://explorer.zcha.in/statistics/transactions

Electric Coin Company

The ZCash foundation (ECC) and the dev team are working on a fix for this issue and have given the following information to its community.

Since mid-June, the size of the Zcash blockchain has grown from approximately 30 GB to approximately 116 GB, representing an almost quadrupling in chain size. During that time, we’ve added on average .78 GB per day to the chain. At ECC, we’ve been tracking the impact of the increased shielded transaction load since it started and have been taking steps to mitigate its impact ever since.

Our first priority was to ensure the stability of network operations and restore node performance to near historic levels, even under this increased load. We released multiple zcashd releases (5.1.0 and 5.2.0) for that purpose. Release 5.1.0 provided faster block validation for Sapling and Orchard transactions, reducing worst-case block validation times for observed historic blocks by around 80%. We also made performance improvements to the getblocktemplate RPC to reduce block propagation times.

Release 5.2.0 provided a number of updates to node and zcashd wallet performance including various caching improvements, parallelizing and batching trial decryption of Sapling outputs, and improvements to witness handling. We will release zcashd 5.3.0 next week which will have continued performance and scalability improvements primarily in the area of concurrent memory utilization.  The full ZCash Foundation response can be found here – https://twitter.com/reldev/status/1578589120024100864

The future of privacy

ZCash community member and previous Decred contributor @Micheal2xl suggested Decred had been under a similar attack from BTC maxis years ago – https://twitter.com/michae2xl/status/1578544908289179648

When asked, Decred lead developer Dave Collins said, “I've seen a few attempts of various things in that vein, but they aren't really effective. Because fees are based on tx size, so it costs the same regardless, and the max block size is intentionally low because we can easily change it via a stakeholder vote when genuine organic demand requires it.”

Moving forward, in terms of privacy, Zcash and Monero are particularly vulnerable to spam attacks because unlike Decred, they can't do pruning: all nodes need to maintain a list of spent coins indefinitely.

Unlike Monero, Decred has optional privacy which uses the CoinShuffle++ mechanism, which is linked to Decred’s stake pool for high throughput.

Decred + CoinShuffle + Lightning = much more scalable.

If you have any more thoughts, opinions, or information on this attack, please leave a comment below. It would also be interesting to get the input from members of the ZCash community.