ZenCash: Adjusting Satoshi Consensus to combat 51% attacks
"It's not about a cryptocurrency being hacked, it's about how the team reacts to it." is something we've said many times in the past. For ZenCash, this is definitely the case. Shortly after the attack they have done a great job informing the community and explaining what is going on. Now, 10 days later they have released their highly detailed whitepaper PDF on preventing future attacks by changing the longest chain rule, or Satoshi Consensus.
The longest chain rule, or Satoshi Consensus, worked well in the relatively decentralized environment in which it was introduced in 2009. Mining resources have since concentrated and dropped in cost for lease, such that the original dominant strategy of playing by the roles no longer holds for all proof-of-work (PoW) blockchains that rely on the longest chain rule.
ZenCash proposes to enhance the Satoshi Consensus making it better suitable for current conditions. The hack was possible due to this feature: The hackers started mining the ZenCash chain in private, possibly with rented hash power. In this private chain they have send their coins to an exchange on the public chain (but not on the private), and when that transaction had enough confirmations, and the private chain was longer than the public chain, they published their chain. Because of the 'longest chain rule' this chain now overrode all the older public transactions.
So how to solve this? ZenCash introduces a penalty in the form of a block acceptance delay in relation to the amount of time the block has been hidden from the public network. This way it will be impossible to mine the chain in private and release it to the public within the amount of confirmations needed to deposit your ZenCash on an exchange.