BCGAME - Free 5BTC Daily Bonus!- A vulnerability in Zcash allowed for unlimited issuance of ZEC.
- The flaw in the Orchard was corrected after a researcher's discovery.
- ZEC price plummets more than 30% in 24 hours.
A serious vulnerability in the Zcash protocol put significant pressure on the cryptocurrency market on Thursday. The discovery revealed that a flaw in the protected Orchard pool could allow the creation of virtually unlimited amounts of counterfeit ZEC, raising concerns about the integrity of the network and contributing to a drop of over 30% in the asset's price.
The flaw was identified by security engineer Taylor Hornby during an audit conducted by Shielded Labs, an independent organization that supports the development of Zcash. According to the organization, the researcher was hired in April to conduct an in-depth review of the protocol in search of potential security vulnerabilities.
According to the information released, Hornby used traditional research methods combined with artificial intelligence tools to analyze the system. On May 29, he identified a vulnerability in the Orchard circuit, a mechanism responsible for validating private transactions on the network.
Orchard is Zcash's primary secure pool, allowing users to send and receive ZEC using zero-knowledge proofs. This system is designed to ensure privacy without compromising transaction validation.
“The vulnerability was real and exploitable,” Shielded Labs wrote. “Taylor, with the help of Opus 4.8, wrote a complete exploit that, when tested in a local regtest environment, generated unlimited and undetectable fake ZEC.”
🚨Confirmation of a massive potential ZEC exploit
TLDR:
– ZCASH hired a security researcher to try to find exploit vectors
– The researcher (Taylor Hornby) found one that would let him create unlimited counterfeit ZEC in a shielded pool
– The exploit is now fixed as of June 1
- ... https://t.co/qTERdbGUhF— TylerD 🧙♂️ (@Tyler_Did_It) June 4, 2026
According to the organization, the failure was related to an undersized component within the Orchard circuit. This problem allowed false inputs to be entered into critical mathematical operations without the system detecting any irregularities.
The fix was implemented on June 1st, but the vulnerability existed since May 2022, when Orchard was activated on the network. Despite this, the developers claim there is no concrete evidence that the vulnerability was exploited in a real-world environment.
Shielded Labs highlighted that Orchard's privacy features make it difficult to verify whether there was any unauthorized coin creation before the fix. Still, the team stated they are not overly concerned about that possibility.
“The discovery was no accident — it was the result of a deliberate effort to identify vulnerabilities of this type before malicious actors could exploit them,” the publication said. “[Hornby] used the latest AI tools, available only to ethical security researchers, along with a sophisticated custom AI framework and instructions, and worked hard to outwit the attackers. We believe he likely succeeded.”
In response to the incident, developers are studying an update that would allow public audits of the total Zcash supply. The proposal also includes the creation of a new protected pool and additional verification mechanisms to confirm that no counterfeit coins are circulating in the system.
“This was a serious vulnerability, and we believe it’s important to be transparent about what this means for Zcash users,” the post said. “While no one wants to discover a vulnerability like this, we are confident that Zcash is well prepared to recover.”
