Privacy-Focused Blockchain Zcash Hit With Spam Attack

Popular privacy-focused proof-of-work blockchain Zcash has been hit with a spam attack. This means the network has been flooded with a huge number of transactions that are creating a clog.

Jameson Lopp, chief technical officer at crypto firm Casa, pointed out that the attackers are spamming the Zcash blockchain and have tripled its size to over 100 Gigabytes.

"Rough estimate is that this attack is costing them ~$10 a day in transaction fees," he said in a tweet Thursday.

Somebody's having fun spamming the zcash blockchain and tripling its size to over 100 GB. Rough estimate is that this attack is costing them ~$10 a day in transaction fees. pic.twitter.com/D8EB1niju3
— Jameson Lopp (@lopp) October 5, 2022

On Friday, Zcash Community, the official Twitter account run by the community of the blockchain project, retweeted a post from Josh Swihart, former chief executive officer of Aspenware, saying that there has been no change in sending or receiving Zcash.

For the record, yes, you can send ZEC just fine. Even better, you can receive it just as easily.
— Josh Swihart 🛡 (@jswihart) October 6, 2022

The attackers have misused the shielding factor of the blockchain to implement the attack. Normal blockchain transactions can be tracked, as the sender's and receiver's addresses are linked with the input and output values. However, Zcash shields the input-output values using cryptographic proofs called zk-SNARKs. These transactions are termed shielded transactions.

As The Block pointed out, the attackers have introduced input-output values in large numbers that have proven to be very data-intensive. This has caused Zcash's blockchain size to surge from 31 gigabytes to above 115 gigabytes, as per data from Blockchair.

"At this point, there only seems to be two problems with the spam: It's bloating the chain size, and it's making it harder for wallets to sync," Sean Bowe, an engineer at Electric Coin Company, the firm responsible for the development of Zcash, said in a tweet Thursday.

At this point, there only seems to be two problems with the spam: it's bloating the chain size, and it's making it harder for wallets to sync.

Neither problem is contributed to by Orchard at all. It shouldn't even be part of the equation even if the spammer was using Orchard!
— Sean Bowe (@ebfull) October 6, 2022

Although Zcash has not had any downtime, this attack is placing a heavy load on the blockchain, and due to its rapidly increasing size, the nodes operating on the privacy-based chain are having a hard time syncing up with the network.

"It's sad to see. There was always a risk of DoS given Zcash's deliberate lack of a fee market," Ian Miers, a security researcher who previously worked at Zcash, wrote in a tweet Thursday. "The proofs are much larger and slower to verify, making the attack worse."

It's sad to see. There was always a risk of DoS given Zcashs deliberate lack of a fee market, but the risk got worse with halo and was kinda ignored. The proofs are much larger and slower to verify, making the attack worse.
— Ian Miers (@secparam) October 5, 2022

As per Nick Bax, head of research at Convex Labs, the attackers are trying to profit off the network's clogging. He also added that they are trying to "make it harder for people to run nodes."