Zcash fixes critical vulnerability that could have allowed unlimited ZEC minting; unable to verify if exploited due to privacy pool features

Odaily Planet Daily reported that Taylor Hornby discovered a critical counterfeiting vulnerability in the Orchard pool of Zcash on May 29, 2026. Taylor Hornby reported the vulnerability to the Zcash Open Development Lab, and the parties cooperated to complete the fix on June 2. The vulnerability could have been exploited to secretly create an unlimited number of counterfeit ZEC within the Zcash Orchard. Due to the privacy features of Orchard, it is cryptographically impossible to prove whether the vulnerability was exploited before the fix was deployed.

The vulnerability had existed since the activation of Orchard in May 2022 until the emergency fix was deployed on June 1, 2026. Taylor Hornby, with the assistance of AI tools, wrote a complete exploit program and generated an unlimited, undetectable amount of counterfeit ZEC in a local test environment. Currently, Shielded Labs is collaborating with other Zcash developers to explore network upgrade proposals that would allow anyone to verify the integrity of Zcash's supply.