Author: Zhou, ChainCatcher

On June 5, the leading privacy coin ZEC's daily maximum drop exceeded 56%, reversing nearly two months of gains, with a market value evaporating by about $5 billion at one point.

Data shows that the total liquidation amount of ZEC contracts across the network reached about $100 million within 24 hours, among which long positions liquidated exceeded 760000 dollars, with the liquidation amount only next to BTC and ETH.

Image source: RootData

The catalyst for this crash was a zero-knowledge proof vulnerability that had been lurking in Zcash's latest privacy transaction pool for four years, which theoretically allowed an attacker to infinitely forge ZEC under the veil of privacy, difficult to detect.

The good news is that the vulnerability was permanently fixed through a hard fork on June 3. The bad news is that due to the privacy characteristics of the Orchard pool, no one can prove through cryptographic means that this vulnerability was not exploited in the past four years, leading to market doubts about the integrity of ZEC's supply over the past four years.

BitMEX co-founder Arthur Hayes announced the liquidation of all ZEC holdings, while on-chain whales benefiting from short positions gained substantial profits, and market confidence was evidently damaged.

How the vulnerability was created and discovered

The Orchard pool is the third generation privacy transaction layer launched by Zcash in May 2022. Because the constraints on one element in the circuit were not strict enough, an attacker could insert false inputs into the elliptic curve multiplication computation but still get verified through the circuit, thereby infinitely generating forged ZEC within the pool. Due to Orchard's privacy design, this forging behavior would leave no detectable on-chain traces.

It is reported that independent security researcher Taylor Hornby discovered the vulnerability on May 29. In April of this year, the independent security organization Shielded Labs in the Zcash ecosystem had hired him to conduct a specific security audit of the Zcash protocol, aiming to find potential vulnerabilities before attackers did.

On May 28, Anthropic released the Claude Opus 4.8 model. The next day, Hornby included it in his custom AI audit framework and conducted targeted analysis on the Orchard circuit, pinpointing the vulnerability that same day and writing a complete exploit code in the local testing environment to verify the technical feasibility of infinite minting. That night, he responsibly disclosed the issue to the Zcash Open Development Laboratory (ZODL).

Within hours of receiving the report, ZODL engineers confirmed the vulnerability and immediately initiated emergency procedures. In the early hours of June 2, Zcash pushed a critical soft fork through Zebra 4.5.3, temporarily disabling all Orchard transactions. At 12:05 PM Beijing time on June 3, the mainnet completed the NU6.2 hard fork at block height 3,364,600, officially bringing the patched circuit online and permanently closing the vulnerability.

From discovery to the completion of the hard fork, it took about five days.The Zcash Foundation officially stated that this was the second time since Zcash's launch in 2016 that a protocol upgrade was triggered due to security issues, and there were no known exploits during the process. The network's total volume guardians confirmed that the total supply was always intact, and user privacy as well as Sapling and transparent transactions were not affected.

Image source: Claude

After the fix, doubts remain

Due to the privacy design of Orchard, if an attacker never transfers the forged tokens to the transparent pool, no existing mechanism can detect abnormalities on-chain. In other words, the conclusion of "total integrity" is based on the currently observable data, rather than strict proof at the cryptographic level. The vulnerability had existed since May 2022, and no one can rule out the possibility that it was exploited in the past four years.

Shielded Labs believes the likelihood of exploitation is low, for three reasons: the fact that the vulnerability went undiscovered for four years indicates a very high threshold; this was the result of proactive auditing rather than passive exposure; the window for repair after discovery was extremely short, giving attackers very limited time to exploit it. However, this statement itself indicates that the problem cannot be completely ruled out.

To address this gap, Shielded Labs is exploring new network upgrade proposals with multiple developers, planning to deploy new privacy pools, and implementing mandatory rotating door accounting reviews for all tokens migrating from Orchard so that anyone can publicly verify the integrity of the supply. A specific plan is expected to be announced next week and still needs to go through the community governance process.

Crypto investor Simon Dedic pointed out that this incident reveals two simultaneous cognitive shifts: privacy is not always an advantage; it may also pose risks in protocol design; the involvement of AI tools means that vulnerabilities of similar scale can be discovered in the future at a lower threshold, increasing the pressure for security audits across the crypto industry.

On-chain analyst Haotian summarized the core issue of this incident as "indeterminable," indicating that even if Shielded Labs launches a new rotating door auditing scheme, it can only demonstrate that the current supply is less than the total amount entering the pool, and cannot cover potential hidden losses that may have occurred in history. He also pointed out that there is an inherent contradiction between verifiable supply and privacy black boxes, which is a structural dilemma ZEC cannot circumvent.

Market panic concentrated release

Although the technical crisis has passed, the market has not fully digested the true nature of the vulnerability.

This morning, Zcash founder Zooko Wilcox, Shielded Labs, and Taylor Hornby jointly released a detailed article fully disclosing the exploitability of the vulnerability, the technical feasibility of infinite forgery of ZEC, and the "inability to cryptographically prove historical non-exploitation" due to the privacy characteristics of Orchard, which truly ignited market panic.

On the same day, Arthur Hayes announced the liquidation of all ZEC holdings and pointed out that the probability of malicious minting is extremely low, but it cannot be formally ruled out at the cryptographic level. The value support for the privacy narrative requires "perfect security," rather than "high probability security." Hayes also stated that if subsequent hypotheses are disproved, he would not rule out buying back at a lower price.

Hayes was previously one of the most well-known public supporters of ZEC and had listed it as his second largest asset, even claiming that ZEC should reach 10% of BTC's price, with the current upward trend "having significant room for increase." Now he publicly announced his exit, which has undoubtedly impacted market sentiment.

The combination of two events caused the price of ZEC to plummet rapidly. According to monitoring by on-chain analysts, when ZEC fell below $400, the three-fold leverage short position opening price of "1011 insider whale" Garrett Jin was $626.47, yielding tens of millions of dollars in profit.

However, some viewpoints suggest that this price crash was not entirely driven by the vulnerability. Crypto KOL Tu Ao Da Shi Xiong pointed out that there were already signs of significant capital involvement in ZEC's previous uptrend, and the news of the vulnerability may have only provided an exit opportunity; the large influx of spot trading on that day was actually a more direct driver of price. He lamented that the "strong consensus blue chip" valued at $12 billion evaporated $6 billion in a day, indicating the difficulty of building consensus in the coin circle and how easily it can be broken, while fixing it would be much longer.