Zclassic / ZenCash trading suspended due to replay attack

Bittrex has locked out deposits and withdrawals (but not trading) of ZEN and ZCL due a vulnerability related to the split from ZCL to ZCL and ZEN. Bittrex is the primary exchange for them. The lead developer has left the project.

The nature of this type of attack, called a replay attack, could lead to a transaction replaying from the Zclassic blockchain to the Zen blockchain if the vulnerability is exploited.

ZEN company has thanked the lead developer for making the vulnerability public and bringing it to their attention at the same time he quit the project. I'm not trying to be sarcastic I'm just relaying their announcement. I haven't found his public comments, so I don't know if it was a rage quit.

ZCL seemed to get off to a good start on the appeal of not being directed by a company that receives coins. It was billed as ZEC without a "pre-mine". Up until the split was announced, ZCL was beating ZEC on appreciation rising over 20x from December to May. ZEC has risen only 10x from it's absolute brief low to its high.

But then they decided the no-profit route just did not cut work and split it into ZEN with no pre-mine, no ICO, etc and yet if you look at the breakdown of where coins go, 12% go places other than mining. If that's for the life of the coin, then I think that's more than ZEC takes.

There was talk that the split to ZEN enabled a lot of insider profits to be made by buying ZCL before the announcement.ZCL dropped immediately as ZEN trading became available. Now I'm wondering if an insider who may have returned to buying ZCL before this announcement is going to get a boost, especially if he soon publicly returns to ZCL.

1 Like

movrcx fully disclosed the vuln publicly without even thinking for a second the harm he'd do in the process to the miners and hodlers.
There are a number of us who are now stuck in limbo the past 48 hours waiting for the wallets to be re-enabled on the exchanges so we can get out of this ponzi for good.

The most bizarre thing out of it all, is that the party who disclosed the vuln was the main developer, and they left ZEN before even patching the vuln in which they themselves were responsible for placing in the code in the first place; ok they made a temp fix days before disclosure but it didn't amount to much - https://github.com/zencashio/zen/commit/75867a1c5183f3d0f76685c0fe7bce9724f31d7b *claps*.
All in all, this shows very little maturity from both projects seeing as ZEN is going on like nothing happened and kissing mov's ass, whilst ZCL is all "welcome back", "yes this is great, we finally have that amazing developer, who couldn't even patch his own vulns".

Best advice at this point is to be weary of both ZCL and ZEN.
If you're looking at both of these projects long term, don't.
Short term, they're both profitable but even then there's still risk.
Hush is the only zcash fork (possibly komodo too but haven't had time to look into it) which we should all be looking to now long term.
The fact that @anon47418038 is now the lead of that project and that they have a promising road map with realistic targets such as XCAT, i2p and IPFS integration and a lightweight client in the works should be more than enough to sway away those who were previously vested in ZCL and ZEN.



Oh and one last thing, on a more humorous note, I leave you with this; https://pbs.twimg.com/media/CrEafQ1XYAAeDnB.jpg:large

3 Likes

It would be interesting to know the back story on how someone goes from

May 30
zen is the world's first viable bitcoin alternative and we're going live tonight!

June 4
0) I'd love to get OG bitcoiners to invest in Zen.

June 5
$ZEN IS LIVE ON BITTREX GOGOGOGOGOGOGOGO!!!

To

June 8
Effective immediately I will no longer be providing developer support for $ZEN. Blog post coming tonight.

June 8
Speak in a language they can understand. [posts chart of Zen collapse]

June 8
MAKE $ZCL GREAT AGAIN

Z'classic' was the product of a tantrum about the Founder's Reward so I'm not all surprised by this amateur-hour bs.

3 Likes

Yikes. Both June 4th and 5th tweets should have been a clear indicator to stay the hell away.
What kind of lead dev advises others to invest in his play toy and then goes on to request for all his followers to place buy orders on an exchange.

Also couldn't help notice he favorites his own tweets which no one has responded to :frowning:
Definitely a narcissist, probably worse.

1 Like

By the way, a means of splitting coins (for any Zcash protocol/code-fork) without relying on the developers of that fork to have implemented replay protection correctly, is to send them in a JoinSplit anchored to a block that only exists (preferably, that can only exist, due to consensus rule changes) in the fork you intend to transact on.

This works for shielded transactions; Zcash Hard Fork 0 will implement reliable replay protection for all transactions.

My suggestion to the developers of any blockchain cryptocurrency is: don't do any kind of fork under time pressure. (I realise there are situations where this advice is difficult to follow; try to not get your coin into those situations in the first place.)

3 Likes

Sound advice @daira.
The ZEN debacle should serve as a lesson to all others thinking of jumping in on future splits.

And now I hear there's rumors circulating of zclassic looking to launch another coin in the future. If true, they might as well jump in on that ICO ponzi craze at this rate, seeing as last I heard, ICOs yield great returns.

Can't wait til ICO: The Smartest Guys in The Room. Going to make Enron look like child's play.

1 Like

Veering slightly offtopic of the OP now, but here's the ultimate satirical takedown of ICOs:
https://ponzico.win if you haven't seen it yet

2 Likes

Any endorsement from Waynechain is a clear sell.
Going to forward this onto denarium. All crypto veterans should own a ponzICO piece.
Shall sit nicely alongside my UASF and make ethereum immutable memorabilia :joy:

1 Like

when they first tweeted about ponzico I almost bought a piece, would have been just the 2nd txn on the contract...when will my crypto fomo end :slight_smile:

What about Zcoin? It used to be Moneta. Their team looks a lot better than ZenCash. But it seems they had a similar break with a co-founder in December. A few days (weeks?) later, someone started exploiting a single-byte code error to generate Zcoin and get away with 400 BTC.

How does Zcoin's RSA accumulators compare with Zcash's zk-SNARKS? Which one can scale better?

Before it was Moneta, it was ZeroVert. https://bitcointalk.org/index.php?topic=846471.0