Zcash plunged double digits overnight after developers disclosed a critical vulnerability in the protocol's Orchard shielded pool that could have allowed undetectable counterfeiting for over four years.
The privacy coin dropped from Wednesday's local top of $635 to an intraday low of $309 on Thursday, according to CoinGecko data. It has since recovered slightly to around $330, down 37.8% on the day.
The vulnerability was discovered on May 29 by security researcher Taylor Hornby using AI-assisted auditing tools.
It resided in two lines of code within the Orchard circuit, the cryptographic component governing Zcash's shielded transactions, and allowed a malicious actor to create counterfeit ZEC inside the shielded pool with no on-chain signature. Had the bug been exploited before discovery, there would have been no way to prove it.
"The vulnerability was present from Orchard's activation in May 2022 until the emergency fix was deployed on June 1, 2026," Shielded Labs, the organization behind Zcash development, wrote in a disclosure post. "Due to the privacy properties of Orchard and the nature of the bug, there is no definitive way to determine, using only cryptography, whether such exploitation occurred."
The incident has reignited debate over a structural problem that critics say goes beyond the specific bug. Unlike Bitcoin or Ethereum, where on-chain exploitation is immediately visible, privacy coins like Zcash create conditions where a successful attack may never be detected.
"Zcash enables a unique class of bugs where if they're exploited, no one would know," crypto commentator Udi Wertheimer tweeted. "This unique class still exists. The fact that they fixed this specific bug is immaterial."
Under-constrained elliptic curve checks, the category of flaw at the heart of this vulnerability, are among the most common weaknesses in production ZK circuits, according to Joe Andrews, CEO of Aztec Labs, a privacy-first product studio. The pattern is not new to Zcash, Andrews said, adding that AI is accelerating the rate at which such bugs are discovered across the industry.
The long-term fix, Andrews told Decrypt, is formal circuit verification combined with a second proof system, an approach Ethereum is already planning. "Both systems must agree for a state transition to be valid, which drastically lowers the chances of bugs being exploited," he said.
Market’s mixed reaction
Arthur Hayes, former CEO of BitMEX, disclosed that he had liquidated his entire Zcash position following the disclosure.
The immediate risk for holders is not chain-wide inflation but potential insolvency of the Orchard pool itself, meaning shielded ZEC holders could be diluted if counterfeit claims competed against legitimate ones for a finite pool balance.
Not everyone shares that alarm. Craig Salm, chief legal officer at Grayscale, argued that exploitation before the patch was unlikely. To believe the vulnerability was actually exploited, Salm said, someone would have had to examine the codebase more thoroughly than all core developers combined, and then resisted the urge to drain the entire pool during a historical bull run. "Seems unlikely to me," he tweeted.
Shielded Labs has proposed a network upgrade deploying a new shielded pool with turnstile accounting, which would allow anyone to verify the integrity of the Zcash supply.
Andrews said the structure of that upgrade, which requires all coins to unshield before entering the new pool, effectively caps the risk from any prior exploitation to the current amount of shielded assets. "Formal verification of the new upgrade reduces risks substantially further," he said.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
