Zclassic / ZenCash trading suspended due to replay attack

zawy · June 10, 2017, 11:09am

Bittrex has locked out deposits and withdrawals (but not trading) of ZEN and ZCL due a vulnerability related to the split from ZCL to ZCL and ZEN. Bittrex is the primary exchange for them. The lead developer has left the project.

The nature of this type of attack, called a replay attack, could lead to a transaction replaying from the Zclassic blockchain to the Zen blockchain if the vulnerability is exploited.

ZEN company has thanked the lead developer for making the vulnerability public and bringing it to their attention at the same time he quit the project. I'm not trying to be sarcastic I'm just relaying their announcement. I haven't found his public comments, so I don't know if it was a rage quit.

ZCL seemed to get off to a good start on the appeal of not being directed by a company that receives coins. It was billed as ZEC without a "pre-mine". Up until the split was announced, ZCL was beating ZEC on appreciation rising over 20x from December to May. ZEC has risen only 10x from it's absolute brief low to its high.

But then they decided the no-profit route just did not cut work and split it into ZEN with no pre-mine, no ICO, etc and yet if you look at the breakdown of where coins go, 12% go places other than mining. If that's for the life of the coin, then I think that's more than ZEC takes.

There was talk that the split to ZEN enabled a lot of insider profits to be made by buying ZCL before the announcement.ZCL dropped immediately as ZEN trading became available. Now I'm wondering if an insider who may have returned to buying ZCL before this announcement is going to get a boost, especially if he soon publicly returns to ZCL.

anon · June 10, 2017, 4:32pm

movrcx fully disclosed the vuln publicly without even thinking for a second the harm he'd do in the process to the miners and hodlers.
There are a number of us who are now stuck in limbo the past 48 hours waiting for the wallets to be re-enabled on the exchanges so we can get out of this ponzi for good.

The most bizarre thing out of it all, is that the party who disclosed the vuln was the main developer, and they left ZEN before even patching the vuln in which they themselves were responsible for placing in the code in the first place; ok they made a temp fix days before disclosure but it didn't amount to much - https://github.com/zencashio/zen/commit/75867a1c5183f3d0f76685c0fe7bce9724f31d7b *claps*.
All in all, this shows very little maturity from both projects seeing as ZEN is going on like nothing happened and kissing mov's ass, whilst ZCL is all "welcome back", "yes this is great, we finally have that amazing developer, who couldn't even patch his own vulns".

Best advice at this point is to be weary of both ZCL and ZEN.
If you're looking at both of these projects long term, don't.
Short term, they're both profitable but even then there's still risk.
Hush is the only zcash fork (possibly komodo too but haven't had time to look into it) which we should all be looking to now long term.
The fact that @anon47418038 is now the lead of that project and that they have a promising road map with realistic targets such as XCAT, i2p and IPFS integration and a lightweight client in the works should be more than enough to sway away those who were previously vested in ZCL and ZEN.

Oh and one last thing, on a more humorous note, I leave you with this; https://pbs.twimg.com/media/CrEafQ1XYAAeDnB.jpg:large

zawy · June 10, 2017, 10:03pm

It would be interesting to know the back story on how someone goes from

May 30
zen is the world's first viable bitcoin alternative and we're going live tonight!

June 4
0) I'd love to get OG bitcoiners to invest in Zen.

June 5
$ZEN IS LIVE ON BITTREX GOGOGOGOGOGOGOGO!!!

To

June 8
Effective immediately I will no longer be providing developer support for $ZEN. Blog post coming tonight.

June 8
Speak in a language they can understand. [posts chart of Zen collapse]

June 8
MAKE $ZCL GREAT AGAIN

Voluntary · June 10, 2017, 11:03pm

Z'classic' was the product of a tantrum about the Founder's Reward so I'm not all surprised by this amateur-hour bs.

anon · June 11, 2017, 12:03am

Yikes. Both June 4th and 5th tweets should have been a clear indicator to stay the hell away.
What kind of lead dev advises others to invest in his play toy and then goes on to request for all his followers to place buy orders on an exchange.

Also couldn't help notice he favorites his own tweets which no one has responded to
Definitely a narcissist, probably worse.

daira · June 11, 2017, 8:43am

By the way, a means of splitting coins (for any Zcash protocol/code-fork) without relying on the developers of that fork to have implemented replay protection correctly, is to send them in a JoinSplit anchored to a block that only exists (preferably, that can only exist, due to consensus rule changes) in the fork you intend to transact on.

This works for shielded transactions; Zcash Hard Fork 0 will implement reliable replay protection for all transactions.

My suggestion to the developers of any blockchain cryptocurrency is: don't do any kind of fork under time pressure. (I realise there are situations where this advice is difficult to follow; try to not get your coin into those situations in the first place.)

anon · June 11, 2017, 4:06pm

Sound advice @daira.
The ZEN debacle should serve as a lesson to all others thinking of jumping in on future splits.

And now I hear there's rumors circulating of zclassic looking to launch another coin in the future. If true, they might as well jump in on that ICO ponzi craze at this rate, seeing as last I heard, ICOs yield great returns.

Can't wait til ICO: The Smartest Guys in The Room. Going to make Enron look like child's play.

anon47418038 · June 11, 2017, 7:54pm

Veering slightly offtopic of the OP now, but here's the ultimate satirical takedown of ICOs:
https://ponzico.win if you haven't seen it yet

anon · June 12, 2017, 1:19am

Any endorsement from Waynechain is a clear sell.
Going to forward this onto denarium. All crypto veterans should own a ponzICO piece.
Shall sit nicely alongside my UASF and make ethereum immutable memorabilia

anon47418038 · June 12, 2017, 6:25am

when they first tweeted about ponzico I almost bought a piece, would have been just the 2nd txn on the contract...when will my crypto fomo end

zawy · June 12, 2017, 1:15pm

What about Zcoin? It used to be Moneta. Their team looks a lot better than ZenCash. But it seems they had a similar break with a co-founder in December. A few days (weeks?) later, someone started exploiting a single-byte code error to generate Zcoin and get away with 400 BTC.

How does Zcoin's RSA accumulators compare with Zcash's zk-SNARKS? Which one can scale better?

bitcartel · June 13, 2017, 7:04am

Before it was Moneta, it was ZeroVert. https://bitcointalk.org/index.php?topic=846471.0