Hassan Maishera
TL;DR
-
A security researcher discovered a critical vulnerability in Zcash’s Orchard transaction pool that could have allowed exploiters to mint “unlimited” amounts of counterfeit ZEC.
-
ZEC is down 55% in the last 24 hours and is now trading at $258.
Security Audit Uncovers Serious Flaw in Orchard Shielded Pool
A critical vulnerability in Zcash’s Orchard shielded transaction pool could have allowed attackers to create an unlimited amount of counterfeit ZEC tokens without detection, according to a disclosure from Shielded Labs, an independent organization that supports the privacy-focused cryptocurrency.
The vulnerability was discovered by security researcher Taylor Hornby during a comprehensive protocol review commissioned by Shielded Labs in April. The findings were made public on Thursday after the issue had already been patched.
— zooko🛡🦓🦓🦓 ⓩ (@zooko) June 4, 2026
Orchard serves as Zcash’s primary shielded transaction pool, enabling users to send and receive ZEC with zero-knowledge privacy protections. At the heart of the system is the Orchard circuit, a zero-knowledge proof mechanism designed to verify the validity of transactions without revealing sensitive information.
According to Shielded Labs, a flaw in that circuit created the possibility of generating counterfeit ZEC while bypassing the protocol’s validation checks.
Hornby identified the vulnerability on May 29 using a combination of traditional security analysis techniques and advanced AI tools, including Anthropic’s recently released Opus 4 model.
After discovering the issue, he immediately notified engineers at the Zcash Open Development Lab (ZODL), allowing developers to begin work on a fix before details became public.
Shielded Labs said Hornby successfully developed a proof-of-concept exploit in a local testing environment that demonstrated the severity of the flaw.
“The vulnerability was real and exploitable,” the organization stated. “Taylor, with the help of Opus 4, wrote a complete exploit which generated unlimited, undetectable counterfeit ZEC in a controlled testing environment.”
The discovery highlights the growing role of artificial intelligence in cybersecurity research, where advanced models are increasingly being used to identify vulnerabilities before they can be exploited by malicious actors.
Under-Constrained Circuit Created Counterfeiting Risk
The root cause of the vulnerability was an under-constrained component within the Orchard circuit.
According to the disclosure, the flaw allowed attackers to provide arbitrary false inputs to an elliptic curve multiplication operation while still producing proofs that appeared valid to the network.
Because Orchard transactions are shielded by design, counterfeit tokens generated through such an exploit could potentially remain hidden within the privacy pool.
The vulnerability had reportedly existed since Orchard was activated in May 2022, meaning it remained undetected for more than four years before being identified and patched on June 1.
While the vulnerability was capable of enabling large-scale counterfeiting, Shielded Labs said there is currently no evidence that it was ever exploited in the wild.
The privacy-preserving nature of Orchard makes it difficult to determine whether counterfeit tokens were ever created, as shielded transactions intentionally conceal transaction details from public view.
Despite that uncertainty, the organization believes actual exploitation is unlikely. Researchers noted that the flaw escaped detection despite years of scrutiny from some of the world’s leading cryptographers and security experts.
They also emphasized that Hornby’s discovery was the result of a targeted effort using cutting-edge AI tools and specialized research techniques.
“The discovery was not accidental,” Shielded Labs said. “It was the result of a deliberate effort to identify vulnerabilities of this kind before malicious actors could.”
Proposed Upgrade Would Verify Zcash Supply Integrity
In response to the incident, the Zcash ecosystem is exploring a network upgrade designed to strengthen transparency around the coin supply while maintaining privacy guarantees.
The proposal would introduce a new shielded pool and implement turnstile accounting mechanisms for funds currently held in Orchard. The changes would allow anyone to verify the integrity of the Zcash supply and confirm whether counterfeit coins exist within the network.
Developers believe the upgrade could provide stronger assurances to users while preserving the privacy features that distinguish Zcash from other cryptocurrencies.
ZEC Price Drops Following Disclosure
The vulnerability disclosure coincided with significant volatility in the price of ZEC. Following the announcement, the token fell sharply, declining roughly 55% within 24 hours.
Most of the losses occurred in the hours immediately after Shielded Labs published its findings, reflecting investor concerns over the seriousness of the vulnerability despite assurances that no known exploitation occurred.
Even so, Shielded Labs expressed confidence in the network’s ability to recover.
