Zcoin, PIVX, SmartCash, Zoin, and Hexxcoin have been vulnerable to the denial-of-spending attack. Of those currencies, Zcoin, and Zoin are still vulnerable at the time of writing.
A denial-of-spending attack on Zerocoin
In both of the proposed Zerocoin schemes, a minted zerocoin is represented by a public bitstring, which is a commitment to the serial number but hides the serial number at the time of minting. Users are supposed to choose a random serial number to ensure that it is unique (with very high probability). However, an attacker can, instead of taking a new random serial number, freely choose the serial number when he mints a zerocoin.
This leads to the following attack:
An honest user tries to spend her (honestly generated) zerocoin and sends the spend transaction (including the serial number) to the network. An attacker, which is assumed to have control over the victim’s network, now blocks that message such that it never reaches the nodes of the cryptocurrency. Then the attacker mints a new malicious zerocoin with the exact same serial number. The attacker can now spend this maliciously zerocoin, revealing the serial number.
As soon as this spend transaction performed by the attacker is confirmed, the nodes in the cryptocurrency network record this serial number as used. As a result, the honest user cannot spend her zerocoin anymore.
Tldr; Basically, some number while minting coins should have been randomly generated but it turns out to be there are ways to ignore that function. Some evil bastards can exploit that shit and choose whatever number they want over that random number.
As a result, he can print as many coins as he wants on those networks mentioned above. As far as I know PIVX is the biggest coin on that list. R.I.P.
Edit:That was a bit confusing. The attacker mints a coin and can spend what he created but the honest miner can't. (because the coins they created share the same serial number) That's not like what I thought I guess. I mean It's not like printing coins. (you know like breaking the supply cap) The attacker can only block the honest miner's coins If I understood correctly. Still very serious.
