Zcash Bug Could Have Minted Unlimited Fake Coins

Zcash founder Zooko Wilcox has disclosed a critical security flaw in the network's Orchard shielded pool that could have allowed an attacker to mint an unlimited number of counterfeit ZEC without detection.

How the Bug Was Found

The vulnerability was discovered on May 29 by Taylor Hornby, an independent security researcher conducting a protocol audit for Shielded Labs. The issue was a soundness bug in the Orchard zero-knowledge proof circuit, meaning the network could be made to accept a transaction it should have rejected. Shielded Labs said Hornby used Anthropic's Opus 4 model, alongside a custom AI tool, to write a working exploit that generated unlimited counterfeit ZEC in a local test environment. The vulnerability had sat undiscovered in the Orchard pool from its May 2022 launch until engineers closed it this week.

The Zcash Foundation said exploitation could have allowed double-spending within Orchard but could not have inflated the total ZEC supply, which is capped by the network's "turnstile" accounting. The turnstile limits how much value can leave each pool to the amount that entered it, and the Foundation confirmed the total supply stayed intact with no evidence of unauthorized value creation.

Emergency Response and What Comes Next

What followed was a coordinated emergency response involving the Zcash Open Development Lab and the Zcash Foundation. Private coordination with miners and exchanges began on the evening of May 31. A soft-fork activation targeting block height 3,363,426 activated successfully at around 02:00 UTC on June 2, temporarily disabling Orchard actions while developers prepared the corrective code. Phase two followed on June 3, when the NU6.2 hard fork activated at block 3,364,600 at approximately 00:05 EDT, re-enabling Orchard with a corrected circuit.

Due to Orchard's privacy-oriented nature, it is cryptographically impossible to prove whether the vulnerability had already been exploited before it was patched. Shielded Labs noted that NU6.2 closes the bug but does not prove the Orchard supply was never tampered with. Its proposal would deploy a new shielded pool and route all coins leaving Orchard through turnstile accounting, letting anyone verify that no counterfeit ZEC exists. Like any major upgrade, it would need community support and would have to pass Zcash's governance process before activation.

This is not the first time Zcash has faced a critical cryptographic flaw. In 2019, the team disclosed a counterfeiting vulnerability in the older Sprout shielded pool that had gone undetected for years. That bug was also never known to have been exploited.

Sources
Zcash Community Forum: The Orchard Counterfeiting Vulnerability and Next Steps
The Defiant: Shielded Labs Proposes New Zcash Upgrade to Prove ZEC Supply
Crypto Briefing: Zcash Fixes Critical Orchard Bug After Emergency Network Upgrade