TLDR
- Taylor Hornby found a critical Zcash Orchard pool vulnerability on May 29.
- The bug could have created unlimited, undetectable counterfeit ZEC.
- Zcash Open Development Lab completed the emergency fix by June 2.
- Shielded Labs said prior exploitation is unlikely but cannot be proven cryptographically.
- A proposed network upgrade may verify Zcash supply and replace the Orchard pool.
Zcash fell sharply after the ecosystem disclosed that a critical vulnerability in its Orchard shielded transaction pool could have allowed an attacker to create unlimited counterfeit ZEC without detection. The flaw was discovered on May 29 by security researcher Taylor Hornby and was fixed during an emergency response completed by June 2.
ZEC traded between about $409 and $443 after the disclosure, with market data showing a 24-hour decline of roughly 29% to 31%. The drop came as investors reacted to the possibility that the bug had existed for years before being identified and patched.
Shielded Labs said the vulnerability was real and exploitable. Hornby produced a working local test exploit that generated unlimited counterfeit ZEC in a regtest environment. The organization said the same tool, if used on mainnet before the fix, would have been capable of creating counterfeit ZEC inside the Orchard pool.
Orchard Bug Was Present Since 2022
The Orchard pool is Zcash’s shielded transaction pool, designed to allow private ZEC transfers using zero-knowledge proofs. The related Orchard circuit checks whether shielded transactions are valid before they are accepted by the network.
The vulnerability was tied to an under-constrained element in the Orchard circuit. According to Shielded Labs, the flaw allowed arbitrary false inputs into an elliptic curve multiplication while still passing the multiplication check. That created a path for counterfeit ZEC to be minted inside the shielded pool.
The bug had been present since Orchard activated in May 2022 and remained in the system until the emergency fix was deployed on June 1, 2026. Zcash Open Development Lab coordinated the response after Hornby disclosed the issue to engineers.
The repair window was short after discovery. Hornby found the flaw on May 29, and the ecosystem response was completed by June 2. Shielded Labs said the speed of the remediation reduced the opportunity for any attacker who may have learned of the bug during that period.
Prior Exploitation Cannot Be Cryptographically Proven
The central challenge is Zcash’s privacy design. Because Orchard is built for shielded transactions, there is no definitive cryptographic way to prove whether the vulnerability was exploited before it was fixed.
Shielded Labs said it believes prior exploitation was unlikely, but it also said users should not rely only on that assessment. The organization noted that the bug had avoided years of review by skilled cryptographers and that Hornby’s discovery came through a targeted security review, not an accidental finding.
— zooko🛡🦓🦓🦓 ⓩ (@zooko) June 4, 2026
Hornby had been engaged by Shielded Labs in April 2026 to conduct ongoing security research on the Zcash protocol. His review used traditional auditing methods and AI-assisted techniques. Shortly after Anthropic released its Opus 4.8 model on May 28, Hornby used it as part of a focused review of the Orchard circuit.
Shielded Labs said Hornby used the latest AI tools, a custom-built AI harness and targeted prompts to search for flaws before malicious actors could. The group said that combination of expertise and timing makes earlier exploitation less likely, though not impossible to disprove through cryptography alone.
Network Upgrade Could Verify Zcash Supply
Shielded Labs is now exploring a proposed network upgrade that would allow anyone to verify the integrity of Zcash’s supply and prove that counterfeit ZEC does not exist in the Orchard pool.
The proposed path involves launching a new shielded pool and enforcing turnstile accounting on all coins moving from Orchard. Turnstile accounting can be used to check whether value entering and leaving a pool remains consistent, helping confirm that no extra coins were created.
The upgrade would need community support and would have to pass through the standard Zcash governance process before activation. Shielded Labs said it plans to publish more details next week, including how the proposal would work and what tradeoffs it would require.
The organization is also expanding its security work. It said it has started the next stage of proactive research with Hornby and Anthropic and is beginning a project to formally verify the Orchard circuit. Formal verification would attempt to produce a mathematical proof that no similar undiscovered bugs remain in the circuit.
Shielded Labs also said it is looking to hire a head of security and a cryptographer to strengthen its review process. The disclosure places Zcash’s privacy technology under renewed scrutiny while the ecosystem works to restore confidence in Orchard’s supply integrity and future shielded pool design.
Be the first to comment