The bug was patched within days, but developers acknowledged there’s still no way to prove it was never exploited before the fix.
A newly discovered vulnerability in Zcash’s Orchard privacy pool sent shockwaves through the market on June 5, prompting BitMEX co-founder Arthur Hayes to exit his entire ZEC position just hours after details of the flaw became public.
The selloff has reignited a long-running debate around privacy-focused cryptocurrencies, which is whether users can fully trust systems where certain types of supply-related exploits may remain hidden until long after they occur.
Hayes Exits as Zcash Team Races to Reassure Users
In a post on X, Hayes said, “The Holy Trinity is dead” and confirmed he had sold his entire ZEC holding following reports of the Orchard Pool vulnerability. The issue was first disclosed by Zcash founder Zooko Wilcox and members of the Shielded Labs, who explained that security researcher Taylor Hornby discovered the flaw on May 29.
The team said that a hacker could have used this weakness to make endless fake ZEC in Orchard, Zcash’s protected transaction area, without getting caught right away.
Developers quickly sprang into action, fixing the issue by June 1. Still, there was a major concern: due to Orchard’s private design, there’s no cryptographic method to show if the bug had been used before it got resolved. That uncertainty appeared to be the deciding factor for Hayes.
“While I think it’s extremely unlikely of any minting, it cannot be formally cryptographically proved impossible,” he wrote, adding that privacy-focused assets require “perfection not improbability.”
The market reacted swiftly, with CoinGecko data showing ZEC fell more than 35% in the last 24 hours to around $386 after trading as high as $611 during the same period.
The token is also down nearly 27% over the last week and more than 40% across two weeks, with trading activity spiking by nearly 46% as investors rushed to reassess risk, leading to daily spot volume topping $1.7 billion.
You may also like:
CoinGlass data shows the volatility triggered nearly $49 million in liquidations during the past day, with long positions accounting for more than $41 million of those losses.
This is the second time in recent days that Hayes has exited a position shortly after making bullish statements. Just yesterday, he revealed that he’d sold his HYPE and NEAR holdings, having previously suggested HYPE could reach $150.
Old Concerns Return as Supply Questions Linger
News of the vulnerability drew different reactions from the crypto community, with investor Udi Wertheimer arguing that privacy coins face a different category of risk than transparent blockchains because counterfeit issuance may remain hidden for extended periods. He pointed to a previous Zcash inflation bug that was disclosed years after it existed.
Others took a more measured view, including Helius CEO Mert Mumtaz, who noted that major software bugs have appeared across crypto, including Bitcoin. He added that the immediate concern is whether exploitation occurred before the patch.
Furthermore, he pointed out that Zcash developers are already working on a future network upgrade that could verify the integrity of the supply through migration to a new shielded pool.
Barry Silbert, founder of Digital Currency Group, also pushed back against the negative reaction, arguing that the disclosure demonstrated the effectiveness of Zcash’s security process rather than a failure of it.
“The AI-enabled assault on blockchains is here and I’m proudly on Team Zcash,” he wrote.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
Be the first to comment