Zcash Orchard Pool Counterfeiting Vulnerability 2026

2022-05-01

Zcash Orchard shielded pool activated on mainnet, beginning the period during which the counterfeiting vulnerability was present and undetected.

2026-04-01

Shielded Labs engages Taylor Hornby as an independent security engineer to conduct a targeted protocol security audit of Zcash.

2026-05-28

Anthropic releases Claude Opus 4.8 model.

2026-05-29

Taylor Hornby discovers the soundness flaw in the Orchard zero-knowledge proof circuit using Claude Opus 4.8 in an AI-assisted audit. He discloses the vulnerability to Zcash Open Development Lab (ZODL) and creates a working exploit in a local test environment.

2026-06-01

Emergency soft fork coordination begins; Zebra 4.5.3 release prepared to disable Orchard transactions at a specific block height.

2026-06-02

Emergency soft fork activates at mainnet block height 3,363,426 at approximately 02:00 UTC, temporarily disabling all Orchard transactions. A 25-block fork and 37 orphaned blocks result from nodes running outdated software.

2026-06-03

NU6.2 hard fork activates at block height 3,364,600 via Zebra 5.0.0, re-enabling the Orchard pool with a corrected circuit that introduces a copy_advice() equality constraint. ZEC briefly rallies from approximately $544 to $624.

2026-06-04

ZEC reaches a local high of approximately $624 in the aftermath of the confirmed patch. Arthur Hayes holds ZEC as his second-largest fund position at this point.

2026-06-05

Shielded Labs publishes the public disclosure of the Orchard counterfeiting vulnerability, authored by Jason McGee. ZEC crashes approximately 38-50% within 24-48 hours, falling to a low of $309. Arthur Hayes publicly announces he has liquidated his entire Zcash position, citing that the exploit's occurrence cannot be cryptographically ruled out.

2026-06-15

Shielded Labs updates the original disclosure post, per page metadata on the official article.