ZEC Crashes 30% Amid Vulnerability Concerns
BITmarkets Team
Jun 05, 2026
According to information shared on X, security engineer Taylor Hornby identified the flaw on May 29 while working with Shielded Labs and promptly reported it to the Zcash Open Development Lab (ZODL). In response, developers implemented an emergency fix through a hard fork that was activated on June 3. Although the vulnerability has now been patched, concerns remain because the flaw reportedly existed since May 2022. As a result, investors have questioned whether the issue may have been exploited before being discovered.
The market reacted sharply to the news, with ZEC falling more than 30% over the past 24 hours to around $410. The decline wiped more than $3 billion from the cryptocurrency’s market capitalization.
BitMEX co-founder Arthur Hayes commented on the situation on Friday, stating that while he believes it is unlikely counterfeit ZEC was actually created through the exploit, he acknowledged that “it cannot be formally cryptographically proved impossible.” “Sadly, due to the Orchard Pool exploit, I had to dump our entire ZEC bag,” he said. “The Holy Trinity is dead,” he added, referring to Zcash alongside Hyperliquid (HYPE) and Near Protocol (NEAR), which he also sold this week.
AI-assisted discovery raises new questions
Hornby reportedly used Anthropic’s Claude Opus 4.8 model to assist in a highly focused review of the Orchard circuit, the cryptographic system that powers Zcash’s Orchard shielded pool. The vulnerability involved an elliptic curve multiplication verification process, allowing invalid transaction inputs to pass cryptographic checks that should normally prevent unauthorized token creation.
Researchers successfully developed and tested a proof-of-concept exploit capable of generating unlimited counterfeit ZEC. “If he had run the same tool on Zcash mainnet it would have generated unlimited, undetectable counterfeit ZEC in his mainnet Zcash wallet,” the researchers stated on Friday.
One of the biggest concerns surrounding the incident is that Orchard’s privacy-focused design makes it impossible to cryptographically verify whether the vulnerability had already been exploited before the patch was deployed. Despite this uncertainty, Shielded Labs said it remains relatively confident that the flaw was unlikely to have been abused. The company noted that the vulnerability was highly complex, survived years of expert review, and required a deliberate investigation using advanced tools and AI-assisted analysis to uncover.
Efforts underway to verify ZEC supply
In response to the incident, Shielded Labs said it is collaborating with Zcash developers on a potential network upgrade that would allow the community to verify the integrity of the ZEC supply and prove that no counterfeit coins exist within the Orchard pool.
The event has also sparked broader discussions about security risks within privacy-focused blockchain systems. Helius co-founder and CEO Mert Mumtaz argued that similar theoretical vulnerabilities exist across many privacy protocols. “This same FUD comes back every five months as new people learn how privacy pools work,” he said. According to Mumtaz, zero-knowledge privacy systems often carry theoretical risks stemming from complex circuit bugs that can be difficult both to exploit and to detect.
Not the first security incident for Zcash
This is not the first time Zcash has faced concerns over a potential counterfeiting vulnerability. In 2018, the Electric Coin Company discovered a flaw within the cryptographic system underpinning Zcash’s zero-knowledge proofs. The issue was successfully addressed and remediated in 2019 without any reported losses or counterfeit token creation.
While the latest vulnerability has been patched, the inability to definitively prove whether it was previously exploited continues to weigh on investor confidence and remains a key topic of discussion within the Zcash community.
Sources:
https://electriccoin.co/blog/zcash-counterfeiting-vulnerability-successfully-remediated/
https://www.tradingview.com/symbols/ZECUSD/?exchange=COINBASE
