Horizen (formerly ZenCash), the privacy-oriented blockchain technology platform, has released a security adjustment to Bitcoin’s Satoshi Consensus algorithm. The adjustment, thoroughly tested by Horizen and its community, is designed to enhance protection of Proof-of-Work blockchains against 51% attacks. A double spend attack occurs when a miner privately mines a longer chain with fraudulent transactions, effectively reverting a transaction that was considered confirmed by an exchange. Horizen’s security adjustment increases the difficulty and cost of these attacks by imposing a penalty to chains privately mined.
The original Bitcoin consensus mechanism assumed that the majority of computing power was controlled by “honest” miners who acted in the best interest of the network. However, as the industry matured, mining resources concentrated and the price to lease hashing power dropped. This shift made it economically feasible for malicious actors to launch double spend attacks on Proof-of-Work blockchains, even ones with strong hash rates.
“The operating environment for cryptocurrency systems has changed significantly since 2009 when mining power was more decentralized. It’s now imperative for public blockchains to upgrade their consensus rules to protect against bad actors and we believe the release of our update will act as a resource to vastly improve security across the industry.”
“The update follows the original mission of Bitcoin to create a trusted, fair means for decentralized peer-to-peer payments — one that strongly resonates with Horizen’s vision. Our open-source contribution enhances protection against advanced attack methods and helps improve the security of the entire industry.”
Horizen’s security update increases the economic barriers to successfully execute a double spend attack, making the process much more costly. The update issues a penalty for delayed block reporting, penalizing actors who try to mine blocks in private and later broadcast them to the network. Honest miners will not consider a fraudulent chain as the active one until the penalty has been served. This process increases the resources required to perform such attacks.
The Horizen whitepaper on the proposal to modify Satoshi Consensus is available for download.
The ZenCash network was the target of a 51% attack on June, 2nd, 2018 at approximately 8:26 pm EDT (03 June 00:26 hrs UTC). The Zen team immediately executed mitigation procedures to significantly increase the difficulty of future attacks on the network.
The sequence of events:
- 6/2 (2026 EDT) – Received warning of potential attack from one of our pool operators
- 6/2 (2034 EDT) – Immediately initiated investigation and evaluated hash power distribution
- 6/2 In parallel, contacted exchanges to increase confirmation times
- 6/2 (2042 EDT) – Investigation showed that the suspect transaction was a double spend
- 6/3 – present – In progress: Additional forensics and jointly investigating with the affected exchange
- 6/3 (0900 EDT) – Released this official announcement about the attacks(edited)
- 6/4 (1150 EDT) – Released new finding on the investigation
- 6/6 (0946 EDT) – Co-founder, Rob Viglione, issued statement responding to the attacks and dispel misconceptions
ZenCash reportedly lost over $500k in the 51% attack. Double spend is a major risk for all distributed, public blockchains.
