Grayscale’s top lawyer Craig Salm is casting doubt on the signal coming from prediction markets and pointing instead to Zcash users themselves as the likeliest barometer of whether a recent shielded-pool bug was actually exploited.
The background: on June 4 a vulnerability in Zcash’s Orchard shielded pool was disclosed. The next day, Polymarket opened a contract asking whether that specific Orchard vulnerability was ultimately confirmed to have been exploited on mainnet before it was fixed. As of now the market prices the chance of confirmation at about 10%, with $14,306 in volume.
But Salm — Grayscale’s chief legal officer — argued on X that a more meaningful “prediction market” might be the Orchard pool balances themselves. His point: the users who still hold funds inside Orchard have the strongest direct financial incentive to detect and react to any exploit. If invalid or unbacked ZEC had been created and the turnstile limit was threatened, those users would have powerful reasons to withdraw. Yet Orchard balances have dropped only about 5% since the vulnerability was disclosed, Salm noted — a decline he says could equally reflect users preparing to migrate to a new shielded pool rather than fleeing stolen funds. He cautioned this isn’t proof the bug wasn’t exploited, but called it “an interesting signal” from the people with the most at stake.
Important: the Polymarket contract is narrowly framed. A “Yes” requires explicit confirmation that the June 4 Orchard vulnerability was exploited on Zcash mainnet before the fix was activated — with qualifying confirmation coming from Shielded Labs, the Zcash Foundation, or the Zcash Open Development Lab (ZODL), or an overwhelming consensus of credible reporting. The market also limits resolution to confirmation that extra or unauthorized ZEC was created by this specific vulnerability (or that a later audit/upgrades reveal excess ZEC attributable to it). Any separate, later exploits after the original bug was fixed are explicitly excluded. In short, Polymarket is pricing the odds of a specific historical exploit being officially confirmed, not the broader question of future shielded-pool risk.
On-chain analytics from CipherScan showed behavior aligned with Salm’s reading. CipherScan reported 380,000 ZEC was “deshielded” around the disclosure, but it argued the headline number exaggerates exit pressure: only about half of that amount actually moved, and roughly 45% remained parked at transparent addresses. CipherScan estimated that only 21% of the deshielded ZEC — about 82,000 ZEC — actually left Zcash, equivalent to 1.6% of the shielded pool and 0.5% of total supply. Roughly 47,000 ZEC was sent to exchanges — which CipherScan described as the “total sell pressure from Orchard holders,” about 0.28% of supply against a reported $6.7 billion market cap. The analytics account also noted that about 118,000 ZEC was shielded in the same period, suggesting some users were still moving funds into privacy pools rather than exiting them. “Holders parked. They didn’t panic,” CipherScan summed up, adding that security has already been hardened and will be further strengthened.
Market snapshot: at time of reporting ZEC traded around $425.
Bottom line: prediction markets put a low probability on an official confirmation of an Orchard exploit, while on-chain behavior and industry commentary so far show limited exit activity — a signal some industry figures view as meaningful, if not definitive. The final answer will depend on official investigations and further reporting.
Read more AI-generated news on: undefined/news
