A newly disclosed, high-severity bug in Zcash’s Orchard shielded pool could have let an attacker create unlimited, undetectable counterfeit ZEC, the project’s researchers say. The flaw was discovered May 29, patched in an emergency response completed June 1–2, 2026, and has sparked intense debate about how a privacy-first blockchain can guarantee coin supply integrity.
What happened
- The vulnerability was discovered by security researcher Taylor Hornby, who had been hired by Shielded Labs in April 2026 to perform protocol-level security audits. Hornby combined traditional code review with AI-assisted analysis and found the issue almost immediately after Anthropic released its Opus 4.8 model on May 28; he used that model in a targeted review of the Orchard circuit on May 29.
- Hornby developed a full exploit and tested it in a local regtest environment. In that test it generated unlimited counterfeit ZEC that could not be detected. The disclosure says the same exploit, if run on mainnet, “would have generated unlimited, undetectable counterfeit ZEC” in a mainnet wallet.
- The bug was disclosed to Zcash Open Development Lab (ZODL), whose engineers coordinated the emergency fix with the broader Zcash ecosystem. Shielded Labs and ZODL completed the emergency response by June 2, with the emergency fix deployed June 1.
Technical root cause (in plain language)
- The flaw was not in Zcash’s underlying cryptographic primitives or the proof engine, the authors emphasize. Instead it lived in a human-written rule inside the Orchard circuit that was “under-constrained.”
- That under-constrained element allowed crafted, false inputs to pass an elliptic-curve multiplication check. In short: the circuit accepted bogus data as valid, so a shielded transaction could be faked while still producing a proof that verified.
Why this is particularly serious
- Orchard is a privacy-focused shielded pool that hides amounts and transaction histories by design. In transparent ledgers you can usually audit anomalies by inspecting balances and flows; Orchard’s privacy eliminates that straightforward audit path.
- Because of Orchard’s confidentiality guarantees, there is no purely cryptographic way to prove whether the vulnerability was exploited before the emergency fix. Shielded Labs calls prior exploitation “unlikely” based on factors like years of prior review and the targeted nature of Hornby’s audit, but cautions users not to rely solely on that assessment.
Proposed mitigation and next steps
- Shielded Labs and Zcash developers are proposing a network upgrade to restore verifiable supply integrity. The idea under discussion: deploy a new shielded pool and enforce turnstile-style accounting that tracks coins moving out of the existing Orchard pool, enabling anyone to verify the total ZEC supply and show that no counterfeit coins exist in Orchard.
- Any such change would require community support and the standard Zcash governance process. Josh Swihart of ZODL suggested a second Orchard pool could be targeted for NU7 at the end of July, though no firm decision has been made.
- Developers and researchers point to formal verification as a long-term fix: convert the handwritten rules into machine-checkable proofs so the parts that need human review are small and unambiguous. Shielded Labs says it has already launched a formal-verification project for Orchard, is accelerating AI-assisted security work with Hornby and Anthropic, and is hiring a Head of Security and a Cryptographer.
Market reaction
- The announcement rattled markets: ZEC fell nearly 45% over 24 hours and was trading around $337 at the time of the disclosure.
Bottom line
This incident underscores a core trade-off in privacy-preserving blockchains: shielding transactions protects user privacy but places enormous trust in the correctness of the underlying circuit rules. Zcash’s immediate emergency patch closed a real, exploitable bug that had existed since Orchard’s activation in May 2022, but because privacy prevents full post-hoc auditing, the project now faces the dual challenge of restoring public confidence and moving future shielded designs toward machine-checked guarantees. A follow-up from Shielded Labs with implementation details and tradeoffs is expected next week.
Read more AI-generated news on: undefined/news
