A security researcher discovered a bug in Zcash’s Orchard pool that would have allowed the creation of unlimited quantities of counterfeit tokens.
A security researcher identified a critical vulnerability in the Zcash protocol that could have allowed an attacker to mint “unlimited” counterfeit ZEC within the Orchard pool. The news, made public on Thursday by Shielded Labs – an independent organization supporting Zcash – triggered an immediate collapse in the token’s price.
The price of ZEC plummeted 31% in the 24 hours following the publication of the post, falling to $409.64 at 11:00 PM ET on Thursday. The bulk of the decline was concentrated in the five hours immediately following the announcement. Shielded Labs stated that it had commissioned security engineer Taylor Hornby to conduct a protocol review in April.
Hornby discovered the vulnerability on May 29 using Anthropic’s newly released Opus 4.8 model, combining traditional security research techniques with AI-assisted tools. The findings were immediately shared with engineers at the Zcash Open Development Lab (ZODL). The bug affected the Orchard circuit, the zero-knowledge proof system that guarantees the validity of transactions in Zcash’s shielded pool – the one that allows users to send and receive ZEC with full privacy.
According to the Shielded Labs post, the vulnerability stemmed from an “under-constrained” element of the Orchard circuit, which made it possible to insert arbitrary false inputs into an elliptic curve multiplication while still obtaining transaction approval. “The vulnerability was real and exploitable,” wrote Shielded Labs. “Taylor, with the help of Opus 4.8, wrote a complete exploit that, when tested in a local regtest environment, generated unlimited and undetectable counterfeit ZEC.” The bug had been present since the activation of Orchard in May 2022 and was patched on June 1.
Despite the severity of the discovery, Shielded Labs stated it was not “overly concerned” that actual exploitation had taken place before the fix. The team emphasized that the vulnerability had gone unnoticed for years, even under the scrutiny of the world’s top cryptographers. However, the privacy properties of the Orchard pool make it impossible to definitively rule out a prior exploit. “The discovery was not accidental – it was the result of a deliberate effort to identify vulnerabilities of this type before malicious actors could,” the post reads.
Shielded Labs is currently exploring a network upgrade that would allow anyone to verify the integrity of Zcash’s supply and demonstrate the absence of counterfeit tokens in the Orchard pool. The proposal would also include the deployment of a new shielded pool and the enforcement of turnstile accounting on all coins held in the Orchard pool. “This was a serious bug, and we believe it is important to be transparent about what it means for Zcash users,” the team concluded.
