The price of ZEC dropped 30% in 24 hours, falling to $410, after details emerged of a critical counterfeiting vulnerability in Zcash's Orchard pool. The bug, discovered on May 29 by security engineer Taylor Hornby, could theoretically let a bad actor mint unlimited ZEC.
Hornby, engaged by Shielded Labs, used Anthropic's Claude Opus 4.8-released just a day earlier-to find the flaw in the Orchard circuit, a cryptographic component that verifies transactions. The bug allowed fake inputs into an elliptic curve multiplication check, enabling the creation of undetectable counterfeit tokens.
After discovery, the Zcash Open Development Lab deployed an emergency hard fork on June 3 to patch the vulnerability. However, the privacy properties of Orchard mean there is no cryptographic way to prove whether the exploit was used previously.
BitMEX co-founder Arthur Hayes said he sold his entire ZEC position, declaring the "Holy Trinity" dead after also dumping Hyperliquid and Near Protocol. Despite the sell-off, Shielded Labs noted the bug was subtle and evaded years of expert review, suggesting exploitation was unlikely.
This is not the first such vulnerability for Zcash. In 2018, a similar flaw was discovered and remediated by the Electric Coin Company with no losses.