Zcash Orchard Counterfeit Vulnerability
Summary
On June 5, 2026, Shielded Labs publicly disclosed a critical four-year-old soundness bug in Zcash's Orchard shielded pool that, if exploited, could have allowed unlimited undetectable counterfeit ZEC minting. The vulnerability was discovered on May 29, 2026 by security researcher Taylor Hornby using AI-assisted auditing tools, silently patched via emergency hard fork on June 2, and cannot be definitively ruled out as having been exploited due to Orchard's inherent privacy architecture. ZEC fell approximately 38–50% in the 48 hours following public disclosure.
Connected Entities
1 entities · 10 linked investigations- + 2 more
Timeline(12 events)
2022-05-01
Zcash Orchard shielded pool activates on mainnet. The soundness vulnerability in the halo2_gadgets elliptic curve multiplication circuit is present from launch.
Shielded Labs disclosure2026-01-01
SEC closes investigation into Zcash Foundation without enforcement action, removing a significant regulatory overhang.
CryptoTimes2026-04-01
Shielded Labs engages security engineer Taylor Hornby for a targeted protocol security review of Zcash.
CoinDesk2026-05-28
Anthropic releases Claude Opus 4.8, the AI model that Hornby would use the following day to identify the Orchard vulnerability.
BeInCrypto2026-05-29
Taylor Hornby discovers the critical soundness vulnerability in the Orchard ZK proof circuit using AI-assisted auditing tools. He develops a working proof-of-concept exploit generating unlimited undetectable counterfeit ZEC in a test environment. Hornby immediately discloses to ZODL.
CoinDesk2026-06-01
Emergency protocol patch activates at 22:30 EDT, disabling all Orchard-containing transactions at mainnet block height 3,363,426. ZODL releases zcashd v6.12.5.
CryptoTimes2026-06-03
Hard fork network upgrade NU6.2 completes, re-enabling Orchard with the corrected circuit. Network experiences brief instability including a 25-block fork and 37 orphaned blocks during the switchover.
Crypto Economy2026-06-05
Shielded Labs publicly discloses the vulnerability. ZEC falls approximately 38% in 24 hours to approximately $309, a decline of approximately 51% from the June 4 high. Arthur Hayes publicly liquidates his entire ZEC position.
CoinDesk2026-06-08
Zcash developers propose the Ironwood network upgrade as a structural solution to supply integrity uncertainty. ZEC rebounds approximately 45% from post-disclosure lows.
CoinDesk2026-06-14
Bloomberg publishes analysis characterizing the incident as illustrating the broad 'scale of AI-hacking threat' to cryptographic systems.
Bloomberg2026-06-15
Zcash founder Zooko publishes explanation of how Ironwood's turnstile mechanism will function as a live supply audit during pool migration.
CryptoTimesDecision Log
- hash: 6dAzdpFQiXDNhpGmsW2HD9Vazh6epDVPVicQxKactgd7
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 6/17/2026, 11:04:36 PM
last updated: 6/17/2026, 11:04:46 PM
avoid.net — verified advice for a post-truth world