ZEC Falls After Disclosure of Patched Zcash Orchard Vulnerability

ZEC plunged more than 30% in 24 hours to $410 after details emerged of a critical counterfeiting vulnerability in Zcash’s Orchard shielded pool. The bug, which could theoretically allow unlimited minting of ZEC, has existed since May 2022; it was discovered on May 29 and prompted an emergency hard fork that activated on June 3.

Security engineer Taylor Hornby, engaged by Shielded Labs, used Claude Opus 4.8 to assist a targeted review of the Orchard circuit and found that false inputs could be fed into an elliptic curve multiplication check, allowing the cryptographic verification to be fooled.

Taylor built and tested a working exploit that generated unlimited counterfeit ZEC — “If he had run the same tool on Zcash mainnet it would have generated unlimited, undetectable counterfeit ZEC in his mainnet Zcash wallet.” No cryptographic method currently exists to prove whether the flaw was exploited before it was patched because of Orchard’s privacy properties.

zec, zcash, orchard, shielded pool, counterfeiting vulnerability, hard fork, taylor hornby, shielded labs, elliptic curve, unlimited minting