On Friday, Zcash Community, the official Twitter account managed by the blockchain project’s community, reposted a message from former Aspenware CEO Josh Swihart stating that sending and receiving Zcash has not changed.
The attackers implemented the exploit by misusing the shielding factor of the blockchain. As the addresses of the sender and recipient are connected to the input and output values, normal blockchain transactions may be traced. However, Zcash conceals input-output values using zk-SNARK cryptographic proofs. These are referred to as protected transactions.
According to The Block, the attackers have added several input-output values that have proved to be very data-intensive. According to statistics from Blockchair, this has led Zcash’s blockchain size to increase from 31 terabytes to over 115 gigabytes.
Somebody’s having fun spamming the zcash blockchain and tripling its size to over 100 GB. Rough estimate is that this attack is costing them ~$10 a day in transaction fees. pic.twitter.com/D8EB1niju3
— Jameson Lopp (@lopp) October 5, 2022
Sean Bowe, an engineer at Electric Coin Company, the company responsible for the creation of Zcash, stated in a tweet on Thursday that spam seems to have just two issues at the moment: it increases the chain size and makes it more difficult for wallets to synchronize.
For the record, yes, you can send ZEC just fine. Even better, you can receive it just as easily.
— Josh Swihart 🛡 (@jswihart) October 6, 2022
Although Zcash has not experienced any downtime, this assault is creating a tremendous demand on the blockchain, and the privacy-based chain’s nodes are having trouble synchronizing with the network owing to its quickly expanding size.
“It’s unfortunate to see. Given Zcash’s explicit absence of a fee market, DoS attacks were always possible “Ian Miers, a security researcher who once worked for Zcash, tweeted on Thursday. “Verifying the bigger and slower proofs makes the assault worse.”
At this point, there only seems to be two problems with the spam: it’s bloating the chain size, and it’s making it harder for wallets to sync.
Neither problem is contributed to by Orchard at all. It shouldn’t even be part of the equation even if the spammer was using Orchard!
— Sean Bowe (@ebfull) October 6, 2022
It’s sad to see. There was always a risk of DoS given Zcashs deliberate lack of a fee market, but the risk got worse with halo and was kinda ignored. The proofs are much larger and slower to verify, making the attack worse.
— Ian Miers (@secparam) October 5, 2022
According to Nick Bax, director of research at Convex Labs, the attackers are attempting to benefit from the blockage of the network. He stated that they are attempting to “make it more difficult for individuals to operate nodes.”