Zcash(zec) plunged 31% after researchers disclosed a critical flaw that could have allowed attackers to create unlimited counterfeit coins inside the network’s privacy-focused Orchard pool, t
Zcash(zec) plunged 31% after researchers disclosed a critical flaw that could have allowed attackers to create unlimited counterfeit coins inside the network’s privacy-focused Orchard pool, though developers say the bug was fixed before any known exploitation.
An independent support group, Shielded Labs, revealed Thursday that security engineer Taylor Hornbydiscovered a severe vulnerability in Zcash’s Orchard transaction pool during a protocol review that began in April.
The flaw affected Orchard, the network’s shielded pool that uses zero-knowledge proofs to verify private transactions. According to Shielded Labs, the vulnerability allowed an attacker to submit false inputs during an elliptic curve multiplication process while still passing transaction validation, potentially enabling the creation of unlimited counterfeit ZEC.
Hornby identified the issue on May 29 using a combination of traditional security analysis and AI-assisted research, including Anthropic’s Opus 4.8 model. He immediately reported the findings to engineers at the Zcash Open Development Lab, and the vulnerability was patched on June 1.
Researchers said they successfully created a proof-of-concept exploit in a local testing environment, demonstrating that the flaw was real and could generate undetectable counterfeit ZEC under controlled conditions.
Also Read:Anthropic Submits Secret S-1, Eyes October IPO At Near-Trillion Valuation
Despite the severity of the vulnerability, Shielded Labs said actual exploitation appears unlikely. The flaw had existed since Orchard launched in May 2022, yet remained unnoticed despite extensive review by cryptographers and security researchers.
The organization said the discovery resulted from a targeted effort to identify advanced vulnerabilities before malicious actors could find them. Researchers combined recently released AI tools with custom-built security workflows designed to accelerate code analysis and vulnerability hunting.
Because Orchard transactions are private by design, investigators cannot definitively determine whether the bug was ever exploited. However, Shielded Labs said there is currently no evidence suggesting counterfeit coins were created on the live network.
The team is now evaluating a network upgrade that would let users independently verify the integrity of the Zcash supply.
The proposal includes deploying a new shielded pool and introducing additional accounting mechanisms to prove that no counterfeit ZEC exists within Orchard.
The disclosure triggered a sharp market reaction.
ZEC fell to about $383 early Friday, 36% down over the previous 24 hours, with much of the decline occurring within hours of the public announcement. The token has experienced several periods of extreme volatility in recent years, often reacting strongly to developments involving privacy technology, regulation, and network security.
Read Next:Kalshi Seeks U.S. Clearance For XRP, Solana And Dogecoin Perps
