Shielded Labs has revealed that security researcher Hornby developed a fully functional exploit tool capable of producing unlimited, nearly undetectable counterfeit ZEC within a local test en
Shielded Labs has revealed that security researcher Hornby developed a fully functional exploit tool capable of producing unlimited, nearly undetectable counterfeit ZEC within a local test environment. According to Shielded Labs, if the same tool had been used on the Zcash mainnet, an attacker could theoretically have generated an unlimited supply of counterfeit ZEC in their own wallet.
Company sources said this scenario could have placed serious strain on trust in the ZEC supply. Undetected inflation in the circulating token count would also have directly damaged the market’s perception of ZEC’s value.
After discovering the flaw, Hornby immediately notified the Zcash Open Development Lab (ZODL). On June 1, ZODL coordinated an emergency fix, closing the vulnerability within several days. Zcash is known for its privacy-focused cryptocurrency network, where ZEC serves as the primary asset.
Shielded Labs noted they believe Hornby most likely identified the vulnerability before any malicious parties could exploit it.
Nevertheless, fixing the vulnerability did not result in a noticeable boost to market sentiment. The main reason: the flaw had existed undetected since the Orchard upgrade went live in May 2022. In other words, the issue persisted in the system for quite some time before being discovered.
Shielded Labs also admitted they could not definitively confirm whether the exploit had been used before the fix. This uncertainty introduced additional risk for investors who are especially sensitive to questions about supply integrity.
Glossary: Orchard refers to Zcash’s most recent shielded transaction system. The “shielded pool” is a privacy-focused asset pool that conceals sender, receiver, and transaction amount information.
TitleDetails from articleWhen flaw entered systemMay 2022, with Orchard upgradeCoordinated fixJune 1, coordinated by ZODLPotential impactUnlimited, hard-to-detect counterfeit ZEC productionExploit statusNo confirmed incidentsDespite the discovery, the organization argued that it is unlikely the flaw was exploited in practice. Their reasoning was that the bug went undetected for years despite routine review by expert cryptographers, and was only uncovered by targeted efforts using advanced AI tools and highly skilled researchers. They also highlighted the rapid patching process following the discovery.
The company suggested users should not rely solely on internal assurances, so they propose a network upgrade enabling independent verification of the ZEC supply’s integrity.
The plan includes launching a new shielded pool and introducing turnstile accounting for all coins exiting the Orchard pool. Shielded Labs stated they may release detailed technical documentation on this topic next week.
The organization also announced it will continue collaborating with Hornby, accelerate the formal verification project aimed at mathematically proving there are no undiscovered bugs in the Orchard circuit, and begin hiring a new security lead and cryptographer.
The post ZEC faced unlimited counterfeit risk since May 2022 appeared first on COINTURK NEWS.
