Privacy Crisis: ZEC Plunges Over 30%, an "Infinite Minting" Vulnerability That Cannot Be Proven Innocent

TL;DR

• Orchard was found to have a vulnerability that could generate unlimited and undetectable counterfeit ZEC. Although it has been fixed, the community still cannot prove it was never exploited over the past nearly four years.
• The essence of ZEC's sharp drop of over 30% is the market beginning to re-question the credibility of Zcash's supply.
• Related assets: ZEC (Zcash), Anthropic (unlisted)

On June 5, Zcash founder Zooko Wilcox published a rare, in-depth post-mortem on the security incident.

The article disclosed that security researcher Taylor Hornby discovered a critical counterfeiting vulnerability in Zcash's latest generation privacy pool, Orchard, on May 29. An attacker could construct a transaction that should not pass verification, generating unlimited and undetectable counterfeit ZEC within Orchard.

This was not just a theoretical risk. Taylor developed a full exploit program in a local test environment and actually generated counterfeit ZEC. If the same program were deployed on the mainnet, an attacker could theoretically generate an unlimited amount of counterfeit assets in their own mainnet wallet.

After the news was made public, ZEC once fell over 30%. CoinMarketCap data shows ZEC dropped to a 24-hour low of $408.39, down about a third from its high of $610.47 during the same period. Unfortunately, this was one of the few assets in the crypto space with excellent wealth effects recently, possessing a strong narrative favored by numerous influential figures, now completely shattered by this vulnerability.

Looking only at the outcome, this seems like another familiar crypto security incident: a vulnerability is discovered, developers rush to fix it, and the market plunges into panic.

But the truly棘手 aspect of the Orchard incident is that although the vulnerability has been fixed, the Zcash community cannot directly answer another, more sensitive question:

Over the past four years, has anyone already exploited this vulnerability?

Four-Day Emergency Fix, Orchard Temporarily Suspended

Orchard is Zcash's new-generation privacy payment protocol launched in 2022 and is currently one of Zcash's main privacy pools. Users can hide their balances, transaction amounts, and fund flows, while proving to the network via zero-knowledge proofs that transactions comply with the rules.

According to the timeline disclosed by Zooko, Shielded Labs, and the Zcash community, Taylor discovered an anomaly during a targeted security review of the Orchard circuit on May 29 and immediately disclosed the vulnerability privately to the Zcash Open Development Lab (ZODL). Shielded Labs is an independent Zcash ecosystem support organization based in Switzerland, operating on donations, and has long been involved in Zcash's protocol development, security, and network sustainability. It is not affiliated with the Zcash Foundation or ZODL.

ZODL engineers confirmed the issue's existence within hours of receiving the report and began searching for a fix. To avoid exposing the vulnerability's mechanism by publicly releasing code patches, the team first chose to temporarily disable Orchard: prohibiting the creation of new Orchard outputs and preventing the spending of funds already in Orchard.

After coordinated upgrades among developers, miners, node operators, exchanges, and infrastructure service providers, the emergency soft fork took effect on June 2. Subsequently, Zcash updated the verification keys for the Orchard circuit via a hard fork upgrade and restored Orchard functionality on June 3. Transparent addresses and the Sapling privacy pool continued to operate during this period.

From vulnerability disclosure to completion of the fix, the entire process took only a few days. In terms of emergency response speed, this was already a quite successful handling.

However, the market did not calm down after the fix, because the fix addressed the future, not the past.

The Market's Fear Is Not That an Attack Will Still Happen, But That It May Have Already Happened

Typical security incidents usually have a relatively clear scale of losses. If a smart contract is exploited, the amount of assets taken by the attacker can be tracked on-chain; if a cross-chain bridge has a vulnerability, fund flows and affected addresses can also be tallied.

The Orchard incident is different.

According to Shielded Labs' explanation, the vulnerability could be used to generate unlimited and undetectable counterfeit ZEC within Orchard. Due to Orchard's inherent privacy features, the outside world cannot cryptographically prove whether this attack vector was exploited before the fix.

This means the market is not facing a determined loss number, but a hard-to-quantify uncertainty:

If someone had indeed discovered and exploited the vulnerability in the past, do counterfeit ZEC already exist within Orchard? If so, what is the scale? Are these assets still sitting in the privacy pool? Have some gradually flowed out through normal transactions?

More importantly, this risk window did not start on May 29. Shielded Labs stated that the vulnerability had existed since Orchard's launch in May 2022 until the emergency fix was completed in June 2026. In other words, the problem had been latent for nearly four years.

What the market truly fears is not what happened between May 29 and June 2, but whether an anomaly that cannot be directly observed occurred during the past four years.

This is also the core reason for ZEC's drop of over 30%.

The market is not just selling off due to a vulnerability; it is repricing the credibility of the supply.

How a Missing Mathematical Constraint Escalated into an "Unlimited Mint" Risk

When seeing the words "unlimited mint vulnerability," our first reaction might be that a hacker obtained admin privileges or some protocol backdoor.

The reality is more fundamental.

Orchard's security relies on a set of zero-knowledge proof circuits (Orchard circuit). Users can hide transaction details but must prove to the network that their transactions comply with protocol rules. The most important rule is asset conservation: a transaction cannot create new value out of thin air.

Simply put, users don't have to disclose how much ZEC they own or how much they sent to whom, but the network must be able to confirm:

The spent assets indeed come from legitimate inputs.

The problem Taylor found was an elliptic curve multiplication check within the Orchard circuit.

Shielded Labs described it as an "under-constrained element." Because the relevant mathematical relationship was not fully constrained, an attacker could input arbitrary, incorrect data into the elliptic curve multiplication process, yet the verification process might still pass.

In other words, the attacker does not need to crack cryptographic algorithms or control network nodes.

They only need to construct a set of data that should not be valid, tricking the system into falsely believing the transaction still satisfies asset conservation.

Once this false proof is accepted by the network, ZEC that didn't exist can be treated as legitimate assets, remaining within Orchard.

This is why Shielded Labs used extremely strong language:

unlimited, undetectable counterfeit ZEC

The truly dangerous aspect is not just "unlimited," but "undetectable."

An Important Distinction Exists Between the Two Statements

In its announcement after the upgrade was completed, the Zcash Foundation stated that currently, no evidence of the vulnerability being exploited has been found, no unauthorized value creation has been detected, and user funds and privacy are unaffected. The announcement also emphasized that Zcash's existing Turnstile Accounting mechanism can track value flows between different pools and protect the 21 million ZEC total supply cap.

At the same time, Shielded Labs explicitly stated that it cannot cryptographically prove that counterfeit ZEC never existed in Orchard's history.

These two statements seem contradictory, but they actually focus on two different levels of the problem.

Zcash's existing Turnstile Accounting can be understood as a "gate" between different pools. The system can tally how many legitimate assets entered Orchard and limit the scale of assets that can flow out of Orchard.

Assuming Orchard originally only had 1 million legitimate ZEC, even if an attacker forged more assets internally, the system would not allow all assets exceeding the legitimate scale to flow out. This prevents the total supply cap of the entire Zcash network from being easily breached.

However, this mechanism cannot directly prove that counterfeit coins never existed within Orchard.

If the forged assets remain within Orchard, or gradually replace real assets within the legitimate outflow limit, the existing accounting mechanism may not be able to provide a definitive historical conclusion.

Regarding this, arguably one of the oldest crypto privacy projects, all we know is that no evidence of abnormal minting has been found, but the community still cannot directly prove that forged assets never existed inside Orchard.

This is precisely the hardest type of risk for the market to handle.

The problem is not how many counterfeit coins have been found, but that no one can definitively confirm that counterfeit coins never existed.

How Can Zcash Re-prove There Are No Counterfeit Coins in Orchard?

Fixing the vulnerability is just the first step.

Shielded Labs has stated that it is working with other Zcash developers on a new network upgrade proposal. The plan includes deploying a new privacy pool and enforcing Turnstile Accounting for all assets migrating out of Orchard.

This is equivalent to setting up a new migration gate for Orchard.

If assets in the old Orchard wish to enter the new privacy pool, they need to complete the migration according to verifiable rules. The system can re-tally the scale of legitimate assets that flowed out and determine if there is any additional ZEC that cannot be properly migrated.

If the upgrade is successfully completed, anyone can verify the integrity of Zcash's supply and further prove that no counterfeit assets exist in Orchard.

The significance of this plan is not just about fixing the code, but about rebuilding market trust in Orchard.

Because in a privacy system, trust does not come from "we believe the attack didn't happen," but from "anyone can verify the attack didn't happen."

Shielded Labs itself admits that the probability of malicious exploitation before was low. The vulnerability was hidden for years and extremely difficult to discover; Taylor was actively looking for such issues in a dedicated security research project; and after the disclosure, the ecosystem quickly closed the attack window within days.

However, Shielded Labs also emphasizes that users should not rely solely on the subjective judgment of the development team.

What the market needs is proof.

Why Was a Vulnerability Hidden for Four Years Discovered Now?

There is another detail in the Orchard incident that the market might easily overlook.

On May 28, Anthropic released Claude Opus 4.8.

One day later, Taylor discovered the Orchard vulnerability.

According to the post-mortem by Zooko and Shielded Labs, shortly after Opus 4.8 was released, Taylor used it for a highly targeted review of the Orchard circuit and found the problem on May 29. Subsequently, with the assistance of Opus 4.8, he wrote the full exploit program and generated unlimited, undetectable counterfeit ZEC in a local environment.

This detail is noteworthy, not because AI can independently conduct cryptographic audits.

Public information does not support such an exaggerated conclusion.

Taylor himself is an experienced security researcher. Shielded Labs also mentioned that he used traditional security research methods, a customized AI tool framework, and specially designed prompts. Opus 4.8 was an important tool in the review process, but not the only factor.

What is truly noteworthy is that Taylor did not use Anthropic's restricted Claude Mythos Preview, which is specifically designed for cybersecurity scenarios, but rather the just-released general-purpose model Opus 4.8.

Anthropic positions Mythos Preview as a frontier model with significant vulnerability discovery and exploitation capabilities. Due to potential abuse risks, Anthropic didn't open it directly to the public, but instead provides access to selected partners through Project Glasswing.

In contrast, Opus 4.8 is a general-purpose model accessible to ordinary developers. Anthropic highlighted in its release notes that it has improved in code analysis, complex task execution, and identifying code flaws.

This makes the Orchard incident send an even more significant signal:

The ability to discover high-value vulnerabilities is spreading from a few specialized security models to general-purpose models.

A general-purpose model, released for only one day, guided by a professional researcher, could already participate in reviewing complex zero-knowledge proof circuits and help discover a critical vulnerability hidden for nearly four years.

This does not mean cryptography experts are no longer important.

On the contrary, Taylor's experience, selection of the review target, and ability to verify the model's output remain central to the entire process.

But the combination of an expert and AI is significantly lowering the cost of discovering complex vulnerabilities.

The Vulnerability Is Closed, But the Market Awaits an Answer

For Zcash, the most urgent attack window has been closed.

Orchard functionality has been restored, the verification circuit has been updated, and currently, there is no evidence the vulnerability was ever maliciously exploited.

However, ZEC's drop of over 30% indicates that the market cares about more than just whether the code has been fixed.

The market is still waiting for a more definitive answer:

Over the past nearly four years, did counterfeit ZEC ever actually appear inside Orchard?

If the new privacy pool and Turnstile Accounting upgrade can be successfully implemented, the community will eventually have the opportunity to prove supply integrity and rebuild market trust.

But until that proof is complete, the Orchard incident will still hold a suspense that cannot be easily dismissed:

Did those theoretically infinitely creatable counterfeit ZEC never exist, or were they once hidden where no one could directly see them?