Zcash Bug Could Have Minted Unlimited ZEC Undetected

A important vulnerability in Zcash’s Orchard shielded pool might have allowed an attacker to create an infinite quantity of counterfeit ZEC with out detection, in line with a brand new disclosure from Zooko Wilcox, Jason McGee and safety researcher Taylor Hornby. The flaw was found on May 29, remediated via an emergency ecosystem response accomplished by June 2, and has now triggered a broader debate over how Zcash can show provide integrity in a privacy-preserving system.

Orchard Flaw Puts Zcash Supply Integrity Under Scrutiny

The vulnerability was found by Hornby, an skilled safety engineer employed by Shielded Labs in April 2026 to conduct ongoing safety analysis on the Zcash protocol. According to the disclosure, the mandate was easy: discover protocol-level weaknesses earlier than adversaries did. Hornby started reviewing Zcash with a mix of conventional safety analysis and newer AI-assisted auditing strategies.

The timing was unusually compressed. Shortly after Anthropic launched its Opus 4.8 mannequin on May 28, Hornby used it in a focused evaluate of the Orchard circuit. One day later, he discovered a important counterfeiting flaw and disclosed it to Zcash Open Development Lab, or ZODL, whose engineers coordinated the emergency response with different ecosystem individuals.

“The vulnerability might have been exploited to undetectably create an infinite quantity of counterfeit ZEC inside Orchard,” the Shielded Labs publish said. “Because of the privateness properties of Orchard, there isn’t a option to cryptographically show whether or not the vulnerability was exploited earlier than it was remediated. However, a community improve could be deployed to guard customers and show the integrity of the Zcash provide.”

The disclosure states that the bug was “actual and exploitable.” Hornby, with the assistance of Opus 4.8, wrote an entire exploit and examined it in an area regtest surroundings, the place it generated limitless counterfeit ZEC that might not be detected. The authors mentioned that had the identical device been run on mainnet, it might have generated limitless, undetectable counterfeit ZEC in Hornby’s mainnet pockets.

Technically, the difficulty concerned an under-constrained aspect of the Orchard circuit. That made it attainable to feed arbitrary false inputs into an elliptic curve multiplication whereas nonetheless passing the multiplication verify. The vulnerability existed from Orchard’s activation in May 2022 till the emergency repair was deployed on June 1, 2026.

That timeline is central to the priority. In a clear ledger, provide irregularities can usually be audited by inspecting public balances and transaction values. Orchard is completely different by design: it hides quantities and transaction historical past. That privateness mannequin means the system relies upon closely on the correctness of the circuit guidelines that outline legitimate shielded transactions.

Josh Swihart, founder and CEO of Zcash Open Development Lab, the workforce behind the creation and launch of Zcash and builder of the Zodl pockets, framed the difficulty in these phrases in a separate publish. “A shielded Zcash transaction features a proof that it adopted the protocol’s guidelines, as outlined within the rulebook (the circuit) that defines what constitutes a legitimate transaction. The Orchard vulnerability was in one of many guidelines, written loosely sufficient that it might settle for false data and nonetheless go. As a end result, the engine might be satisfied {that a} pretend transaction was legitimate.”

Swihart added that the flaw was not in Zcash’s underlying cryptography or the proof engine itself, however within the handwritten guidelines. In his phrases, “This was a flaw within the handwritten guidelines, not within the underlying cryptography or the engine that creates proofs.”

Shielded Labs mentioned prior exploitation seems unlikely, whereas emphasizing that customers shouldn’t be requested to depend on that evaluation alone. The authors pointed to a number of causes for his or her view: the flaw had evaded years of scrutiny by main cryptographers, Hornby was particularly employed to search out such vulnerabilities, and the response window after discovery was sharply narrowed by the pace of ZODL and the broader Zcash ecosystem.

“The discovery was not unintended—it was the results of a deliberate effort to determine vulnerabilities of this type earlier than malicious actors might,” the publish mentioned. “Taylor is likely one of the most expert individuals on the earth at this. He used the newest AI instruments, out there solely to white-hat safety researchers, together with a classy custom-built AI harness and prompts, and labored onerous to outrace the attackers. We assume he most likely succeeded.”

Still, the authors acknowledged the unresolved cryptographic uncertainty. Because of Orchard’s privateness properties and the character of the bug, they mentioned there isn’t a definitive option to show solely via cryptography whether or not the vulnerability was exploited earlier than the repair.

Shielded Labs Eyes New Pool And Formal Verification

To deal with that, Shielded Labs is exploring a proposed community improve with different Zcash builders. The plan would deploy a brand new shielded pool and implement turnstile accounting on cash transferring from the prevailing Orchard pool, with the aim of permitting anybody to confirm the integrity of the Zcash provide and show the non-existence of counterfeit ZEC in Orchard. A follow-up publish is predicted subsequent week with extra particulars, together with tradeoffs and implementation mechanics. Any main improve would nonetheless want neighborhood assist and the usual governance course of earlier than activation.

Swihart mentioned a second Orchard pool might, in precept, be focused for NU7 on the finish of July, although he didn’t take a hard and fast place on whether or not that path needs to be pursued. He argued that the bigger situation is stopping this class of failure from recurring, with formal verification because the strongest reply.

“Formal verification fixes this,” Swihart wrote. “A mathematical proof could be constructed to scale back the elements people should evaluate to a concise, readable assertion of the principles. A pc then checks the whole rulebook to make sure it matches. AI instruments can now do the work of writing these proofs.”

Shielded Labs mentioned it’s already accelerating proactive safety work with Hornby and Anthropic, initiating a challenge to formally confirm the Orchard circuit, and opening searches for a Head of Security and a Cryptographer. The episode leaves Zcash with a troublesome however clear path: restore the belief assumptions round Orchard, show provide integrity the place attainable, and transfer future shielded design nearer to machine-checked ensures fairly than human-reviewed complexity.

Over the previous 24 hours, ZEC has fallen practically 45% amid the uncertainty. At press time, it was buying and selling at $337.

Zcash Bug Could Have Minted Unlimited ZEC Undetected

Orchard Flaw Puts Zcash Supply Integrity Under Scrutiny

Shielded Labs Eyes New Pool And Formal Verification

Crypto Price Analysis December-12: ETH, XRP, ADA, BNB, and HYPE

Bitcoin Targets $96K-$99K Recovery as Indices Signal Reversal

60,000 BTC Bought by Whales in 7 Days: Will Bitcoin Pump or Dump?

Bitcoin Dominates Binance Futures With $543B Volume – Institutions Are Back in the Game

XRP Price Analysis: is Ripple About to Surge Above $3 or fall to $2 This Week?

Pi Network Issues Urgent Safety Warning for All Pioneers

Curated by experts. Filtered for relevance.

Resources

About

Subscribe & learn more every day!

Orchard Flaw Puts Zcash Supply Integrity Under Scrutiny

Shielded Labs Eyes New Pool And Formal Verification

Similar Posts

Curated by experts. Filtered for relevance.

Resources

About

Subscribe & learn more every day!