Grayscale’s chief legal officer, Craig Salm, says the best signal about whether Zcash’s recent Orchard vulnerability was actually exploited may not come from prediction markets — it could be coming from the wallets themselves.
Background: the bug, publicized June 4, affects Zcash’s Orchard shielded pool. On June 5, Polymarket opened a contract asking whether that specific vulnerability was exploited on mainnet before it was fixed. The market currently prices a roughly 10% chance and has seen $14,306 in volume. Resolution requires explicit confirmation from Shielded Labs, the Zcash Foundation, or the Zcash Open Development Lab (ZODL), or an “overwhelming consensus” of credible reporting that a qualifying exploit occurred. The market’s scope is narrow: it only resolves “Yes” if evidence shows the June 4 vulnerability was exploited on mainnet prior to the fix (or a later official process uncovers excess or invalid ZEC traceable to that issue) — new, unrelated exploits after the fix are excluded. The deadline for confirmation is Dec. 31, 2026, 11:59 p.m. ET.
Salm’s take: rather than arguing Polymarket is priced wrong, he pointed to people with the strongest real-money incentive to get this right — users who still hold funds inside Orchard. “Perhaps a better ‘prediction market’ is the Zcash Orchard pool itself,” Salm wrote on X, noting Orchard balances have dropped by only about 5% since the vulnerability disclosure. His logic: if holders thought there was a high chance that unauthorized or unbacked ZEC existed in the pool, they’d have a strong incentive to exit; the limited outflows, he argues, are an informative signal. He added the usual caveat: this is “not proof of anything, but an interesting signal” from economically motivated participants.
On-chain analytics back up the idea that panic outflows were limited. CipherScan reported 380,000 ZEC was deshielded after the disclosure, but broke that number down to show much less immediate sell pressure:
- Only about half of the deshielded amount actually moved on-chain; roughly 45% stayed parked at transparent addresses.
- Just 21% of the deshielded ZEC — about 82,000 ZEC — left the Zcash network, equal to roughly 1.6% of the shielded pool and 0.5% of total supply.
- Around 47,000 ZEC went to exchanges (about 0.28% of supply), which CipherScan calls “the total sell pressure from Orchard holders.”
- Meanwhile, roughly 118,000 ZEC was re-shielded in the same period, implying that some users were still moving assets into privacy rather than only exiting.
“Holders parked. They didn’t panic,” CipherScan summarized, adding that security has been hardened and will be further improved.
Why this matters: Salm and on-chain analysts are highlighting behavioral and balance data as a complementary signal to market bets and headlines. Prediction-market odds reflect one set of incentives and potentially market sentiment; wallet flows reflect the decisions of people who stand to lose the most if an exploit actually created unbacked ZEC. Neither is definitive on its own — official confirmation from Shielded Labs, the Zcash Foundation, ZODL, or a broad consensus of credible reporting remains the gold standard for settling the question — but the modest outflows so far reduce the likelihood the pool was catastrophically exploited, at least in the eyes of many observers.
Market snapshot: ZEC was trading around $425 at press time.
Read more AI-generated news on: undefined/news
