Zcash price drops 38% after critical counterfeiting flaw disclosure

Key facts Zcash price dropped 38% following disclosure of a critical counterfeiting vulnerability. The vulnerability was located in the Orchard pool and was active from May 2022. A hard fork on June 3, 2026, patched the vulnerability. Security researcher Taylor Hornby discovered the bug using AI-assisted methods. Zcash developers are considering a network upgrade with a new shielded pool and turnstile accounting. Numbers 38% — Zcash price drop May 2022 — Vulnerability active start date May 29, 2026 — Vulnerability discovery date June 3, 2026 — Hard fork date for patch 4 years — Exposure period of the bug $9 billion — Zcash market cap at time of report Who Zcash developers — considering new shielded pool and turnstile accounting Orchard pool — location of critical counterfeiting vulnerability Shielded Labs — exploring proposed network upgrade and leading security research Taylor Hornby — security researcher who found the Orchard pool bug Anthropic's Opus 4.8 — AI model used in bug discovery Context Zcash experienced a 38% price crash after developers disclosed a critical counterfeiting vulnerability in its Orchard pool. The flaw, which allowed for the potential minting of unlimited, undetectable ZEC, was active from May 2022 until it was patched via an emergency hard fork on June 3, 2026. Security researcher Taylor Hornby, using AI-assisted audit methods including Anthropic's Opus 4.8 model, identified the bug. While the vulnerability was real, Shielded Labs cannot cryptographically prove if it was exploited before the fix, though they deem prior exploitation unlikely. In response, Zcash developers are considering a network upgrade with a new shielded pool and 'turnstile accounting' to enhance supply verification and restore confidence. What's next Shielded Labs to publish a follow-up post with more details on the proposed network upgrade. Community review and governance process for the proposed shielded pool and turnstile accounting. Expansion of security work, including formal verification for the Orchard circuit. Caveats The exact extent to which the vulnerability was exploited cannot be cryptographically proven. Prior exploitation of the Zcash bug is considered unlikely by Shielded Labs, despite its four-year existence. Similar theoretical risks may exist in other privacy protocols. FAQ Q: What was the critical vulnerability found in Zcash? A: A counterfeiting vulnerability in the Orchard pool could have allowed for the minting of unlimited, undetectable ZEC. The flaw existed from May 2022 until it was patched on June 3, 2026. Q: Who discovered the Zcash vulnerability and how? A: Security researcher Taylor Hornby discovered the bug using AI-assisted audit methods, including Anthropic's Opus 4.8 model, during a review commissioned by Shielded Labs. Q: What is being considered to address the Zcash vulnerability? A: Zcash developers are considering a network upgrade that includes a new shielded pool and turnstile accounting to help users verify the integrity of the Zcash supply. Q: Can it be proven if the Zcash vulnerability was exploited? A: No, due to Zcash's privacy features, it cannot be cryptographically proven whether the bug was exploited before the fix was implemented.

Zcash price drops 38% after critical counterfeiting flaw disclosure

PiQ Daily

Key facts

Zcash price drops 38% after critical counterfeiting flaw disclosure

PiQ Daily

Key facts

Get the newsletter.