The Zcash security organization Shielded Labs has disclosed a serious vulnerability, and the market reacted with a crash of more than 40%. The Zcash Orchard bug had previously gone undetected for around four years and theoretically allowed the unlimited counterfeiting of ZEC.
Shielded Labs is a nonprofit, independent grant organization within the Zcash ecosystem. Originally, the organization engaged security engineer Taylor Hornby in April 2026 to hunt for protocol vulnerabilities before malicious actors could find them. The affected component was the Orchard pool, Zcash's most advanced privacy pool. Notably, it went live in May 2022, builds on Halo2 ZK proofs without a trusted setup, and replaced the older Sapling and Sprout pools. Hornby discovered the flaw one day after the release of Anthropic's Claude Opus 4.8. Specifically, he used this frontier model alongside his own AI audit framework. Afterwards, he wrote a complete exploit in a local test environment. Subsequently, he reported the finding immediately to the Zcash Open Development Lab.
Previously, ZEC had traded above 600 USD. Now the price fell below 350 USD. Meanwhile, the entire crypto market was under pressure, with Bitcoin trading at 62,000 USD and therefore 2.8% lower than the previous day.
Soundness flaw in the Orchard circuit: what the Orchard bug enabled
At its core, this was a soundness bug in an underconstrained part of the zero-knowledge proof system, specifically in the cryptographic Orchard circuit. An attacker could feed arbitrary false inputs into an elliptic-curve multiplication and still pass the associated multiplication check. As a result, a valid proof could be generated for an invalid transaction. Consequently, exactly this gap opened the path to manipulating the supply.
The consequences would have been serious. Within the Orchard pool, an unlimited number of counterfeit ZEC could be created, entirely undetectable. The very privacy properties of the pool hide balances and transactions. Therefore, such counterfeiting would have stayed invisible on the blockchain. Moreover, the flaw had existed since the activation of the Orchard pool in May 2022. Thus it went unnoticed for around four years, even though world-leading cryptographers reviewed the system. Nevertheless, a few days with Claude Opus 4.8 and his audit framework were enough for Hornby to uncover the vulnerability.
This contrast shifts the threat landscape for ZK protocols. A single auditor with a frontier model found in days what years of manual cryptographer reviews had survived. As a result, pressure rises on every team that relies on shielded pools, ZK rollups, or proof-soundness-dependent systems. Furthermore, Shielded Labs confirmed in the disclosure that the verified exploit was not a theoretical construct.
"The vulnerability was real and exploitable. Taylor used Opus 4.8 to write a complete exploit that produced unlimited, undetectable counterfeit ZEC in a local regtest environment." - Shielded Labs, official disclosure
Subscribe to our newsletter
The best articles of the week, directly delivered into your mailbox.
Exploitation unprovable: the structural dilemma of privacy coins
Shielded Labs and the Zcash Foundation report no evidence of any exploitation of the bug. However, the organization concedes that abuse before the fix cannot be ruled out cryptographically. For its assessment that exploitation was unlikely, it cites three reasons. First, the bug evaded world-class cryptographers for years. Furthermore, the discovery succeeded only through the latest AI tools and highly skilled research. Finally, the fix followed immediately after the finding. Nevertheless, the central statement remains uncomfortable.
The organization names this uncertainty clearly. Because of the privacy properties of Orchard and the nature of the bug, no clear cryptographic way exists to determine whether exploitation occurred earlier. Equally important to the organization is transparency about this uncertainty.
Thus, a structural core problem moves to the center, one that is not specific to Zcash. The same cryptography that hides balances makes it impossible to prove bug abuse from the chain alone. For example, Monero experienced a comparable inflation bug in 2017, which allowed double spends through manipulated key images. There too, a retroactive verification of the supply remained out of reach. Consequently, privacy coins face a conflict between anonymity and verifiable scarcity that the Orchard affair makes visible once again. Critics also point out that a small group of developers, miners, and exchanges coordinated the confidential emergency fix. As a result, the response exposes a centralization risk.
Shielded Labs plans an upgrade for supply verification
In response to the loss of trust, Shielded Labs proposes another network upgrade. The plan includes a new shielded pool as well as turnstile accounting for all coins flowing out of the Orchard pool. Turnstile accounting is a Zcash concept established since the Sapling upgrade of 2018. Specifically, when coins must migrate from an old pool into a new one, the total sum can be verified without disclosing individual transactions. As a result, anyone could independently check the ZEC supply.
The organization plans to publish details of the proposal in the following week. First, however, the upgrade must gain community support and pass through the Zcash governance process. At the same time, Shielded Labs announces further collaboration with Hornby. In addition, the team launches a formal-verification project intended to prove the Orchard circuit's correctness mathematically, along with new positions for a Head of Security and a Cryptographer.
Technically, the bug is already fixed. An emergency soft fork disabled the Orchard pool, and the later NU6.2 hard fork reactivated it with a corrected circuit. However, the retroactive trust problem remains, and the proposed upgrade addresses exactly this gap.
