Zcash crashes 38% after critical Orchard shielding vulnerability disclosed
In brief
- Zcash dropped 37.8% to $309 on Thursday following critical Orchard vulnerability disclosure.
- Orchard shielded pool bug could have enabled undetectable ZEC counterfeiting since May 2022.
- Two-line code flaw left no on-chain signature of exploitation.
- Shielded Labs proposes network upgrade with turnstile accounting for supply verification.
The Vulnerability
Zcash dropped from $635 on Wednesday to an intraday low of $309 on Thursday, representing a 37.8% decline on the day. The crash followed the disclosure of a critical vulnerability in the protocol's Orchard shielded pool that could have allowed undetectable counterfeiting for over four years.
The flaw resided in two lines of code within the Orchard circuit, the cryptographic component governing Zcash's shielded transactions. The bug allowed a malicious actor to create counterfeit ZEC without any on-chain signature—a distinction that proved devastating for a privacy coin.
Unlike Bitcoin or Ethereum, where on-chain exploitation is immediately visible, privacy coins like Zcash create conditions where a successful attack may never be detected. Due to Orchard's privacy properties and the nature of the bug, there is no definitive way to determine using only cryptography whether the vulnerability was exploited.
What Experts Say
Joe Andrews, CEO of Aztec Labs, stated that under-constrained elliptic curve checks are among the most common weaknesses in production ZK circuits. Joe Andrews proposed that the long-term fix involves formal circuit verification combined with a second proof system, an approach Ethereum is already planning.
Craig Salm, chief legal officer at Grayscale, argued that exploitation before the patch was unlikely. Others weren't as sanguine. Arthur Hayes, former CEO of BitMEX, disclosed that he had liquidated his entire Zcash position following the disclosure.
"Zcash enables a unique class of bugs where if they're exploited, no one would know. This unique class still exists. The fact that they fixed this specific bug is immaterial." — Udi Wertheimer, crypto commentator
The Path Forward
The immediate risk for holders is not chain-wide inflation but potential insolvency of the Orchard pool itself, meaning shielded ZEC holders could be diluted if counterfeit claims competed for a finite pool balance.
Shielded Labs has proposed a network upgrade deploying a new shielded pool with turnstile accounting, which would allow verification of Zcash supply integrity. The structure of that upgrade requires all coins to unshield before entering the new pool, effectively capping the risk from any prior exploitation to the current amount of shielded assets.
Frequently asked questions
What was the Orchard vulnerability and how did it work?
The vulnerability resided in two lines of code within Zcash's Orchard shielded pool circuit. It allowed a malicious actor to create counterfeit ZEC with no on-chain signature, making any exploitation undetectable due to Orchard's privacy properties.
How long was the vulnerability present before being fixed?
The flaw existed from Orchard's activation in May 2022 until an emergency patch was deployed on June 1, 2026 — over four years. Security researcher Taylor Hornby discovered it on May 29 using AI-assisted auditing tools.
Why can't we know if the vulnerability was exploited?
Unlike Bitcoin or Ethereum, where on-chain exploitation is immediately visible, privacy coins create conditions where successful attacks may never be detected. Orchard's privacy properties combined with the bug's nature make cryptographic verification of exploitation impossible.
What's the proposed fix?
Shielded Labs proposed a network upgrade deploying a new shielded pool with turnstile accounting to verify supply integrity. The upgrade requires all coins to unshield before entering the new pool, capping risk from prior exploitation to the current amount of shielded assets.
