Zcash is Clogging up in What Looks Like a Spam Attack

The Zcash protocol might be under a spam attack, as analysts pointed out on Twitter in a long discussion that started since Wednesday.


Being a privacy-focused protocol, Zcash’s “Shielded Transaction” feature designed for privacy is now being misused by the attacker.

According to the details shared by the analysts, the attacker has been adding output data to the shielded transactions, which are largely known to be data sensitive. By virtue of the attack, the size of the blockchain has grown from 31 GB in mid-June to more than 100 GB at this time per data from Blockchair.

The attack has been ongoing for a while, even though it has just been brought to the public’s notice. In fact, the knowledge exhibited by the contributors to the discourse on Twitter is evident that many have been investigating the occurrence for quite some time.

Notably, Zcash has not had any known downtime to date. The spam of the shielded transactions is placing intense demands on the protocol, thus causing a lag. The blocks are finding it hard to synchronize with the broader protocol, a situation which, if persisted, could cause a major drawback for the protocol.

“At this point, there only seems to be two problems with the spam: it’s bloating the chain size, and it’s making it harder for wallets to sync,” Sean Bowe, an engineer at Zcash’s core development firm Electric Coin Company said, adding that “Neither problem is contributed to by Orchard at all. It shouldn’t even be part of the equation even if the spammer was using Orchard!” 

It is unclear what the benefit is to the hacker at this time, but analysts on Twitter noted that the attack has survived this long because of the lack of a transparent fee structure on the Zcash protocol. The attack is notably costing the perpetrator(s) as low as $10 per day. 

The prevalence of hacking in the blockchain ecosystem is now very alarming, with Solana and Ethereum Classic having recorded their fair share of disruptions in recent times.

Image source: Shutterstock


Tagged : / / / /

Arbitrage bot’s spam attack on the Polygon network generated $6,800 per day

The growth of layer-two protocols has been one of the major stories of 2021 as the rising popularity of decentralized finance (DeFi) and nonfungible tokens (NFT) have driven transaction costs higher on the Ethereum (ETH) network effectively pricing out many participants. 

Earlier this year the Polygon network, formerly known as MATIC, emerged as one of the top contenders in the race for an effective Ethereum layer-2 scaling solution, and the project’s QuickSwap DeFi platform was also one of the more successful Uniswap clones.

The platform was quite popular initially but as other platforms like Arbitrum and Optimism popped up, discussions about Polygon fell to the wayside and some traders even refer to the platform as “slow”. Data from Flipside Crypto shows that the low-cost capabilities of the Polygon network came under attack after a cleverly devised arbitrage bot managed turn 14 Ether in 218.5 Ether in less than four months.

The bot filled each block with “meaningless transactions”

According to data from Flipside Crypto, the attack began in early May and at one point in June, pushed transactions on the Polygon network went as high as 8 million per day. In the same timeframe, the maximum number of transactions on the Ethereum network was at 1.2 million.

Number of transactions on Ethereum vs. Polygon. Source: Flipside Crypto

Data found on a Polygon forum indicates that the attacker has been inflating transaction volumes by as much as 90% by stuffing each block full of “meaningless transactions” while only having to pay around 0.02 MATIC to spam the entire block and roughly $1,000 for an entire day.

A deeper dive into the transactions and addresses interacting on the network revealed that around 30% of the network’s transaction count was coming from two contracts which have been determined to be arbitrage bots that conduct thousands of daily transactions to various decentralized exchanges (DEX).

The exact reason why the spammer chose to fill each block when the bots were only conducting 2,000 – 4,000 trades per day is uncertain, but one theory is that it was done in an effort to prevent anyone else from front running the trade.

Related: Polygon can hit $3.50 in Q4 as MATIC’s 20% weekly rally triggers bull flag setup

The bot netted $6,800 in average daily profit

Over a period of 120 days, the bot was able to grow an initial amount of 14 Ether to 218.5 Ether, which is currently worth $813,694.

That works out to an average daily of profit roughly $6,800 before including the cost to spam the network.

In response to the spammer, the team behind Polygon ultimately decided to increase the minimum cost of a transaction from 1 gwei to 30 gwei as a way to fight spam and improve network health.

The move appears to have achieved its intended goal as data provided by Delphi Digital shows that the spike in average transaction costs coincided with a marked decline in the number of daily transactions because it now costs $30,000 to spam the network for an entire day.

Polygon average gas cost vs. daily transaction count. Source: Delphi Digital

Network data shows that the spam transactions have dropped from 2 million to 500,000 transactions per day, a decrease of 75%, but they still account for 16.7% of daily transactions. This means that the bots are spending roughly $5,000 of their daily $6,800 profit on gas to keep the scheme running.

The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph.com. Every investment and trading move involves risk, you should conduct your own research when making a decision.