"Unlimited Money Printing" Bug Lurked for Four Years, Privacy Coin ZEC Plummets 50% in One Day

Odaily星球日报Pubblicato 2026-06-05Pubblicato ultima volta 2026-06-05

Introduzione

A critical "unlimited, undetectable counterfeit" vulnerability existed for nearly four years in the Orchard privacy pool of Zcash (ZEC), a privacy-focused cryptocurrency. The bug, which could theoretically allow attackers to create unlimited fake ZEC, was disclosed by founder Zooko Wilcox on June 5th. While officially patched and deemed low-probability for exploitation, the news triggered a market panic. ZEC's price plummeted over 50% in a single day. The core crisis stems from the inability to prove whether any counterfeit ZEC was created during the vulnerability's active period, as Orchard's design inherently hides transaction details. This casts severe doubt on ZEC's total supply integrity. The sell-off accelerated after prominent investor and ZEC narrative supporter Arthur Hayes announced he had sold his entire position, citing the inability to cryptographically prove the impossibility of extra minting. Community trust eroded further upon learning the bug was discovered with AI-assisted auditing, raising questions about Zcash's development and security review processes. The incident has evolved from a price correction into a fundamental crisis of confidence regarding the network's core security promises.

Original | Odaily Planet Daily (@OdailyChina)

Author | Asher (@Asher_0210)

In the early hours of June 5th, Zcash founder Zooko Wilcox published a statement confirming that Orchard, Zcash's next-generation privacy pool enabled in 2022, once contained a critical counterfeiting vulnerability. Although Zcash officials emphasized that the bug has been fixed and believe the probability of its exploitation is low, it still couldn't stop the spread of market panic.

After the news broke, the Zcash token ZEC quickly nosedived, plummeting over 30% in a short time; by the afternoon, the sell-off didn't stop, panic continued to spread, and the price once fell to around $250, with the intraday loss widening to over 50%.

Security researcher Taylor Hornby discovered the issue on May 29th and has completed vulnerability verification in a local environment, generating test counterfeit ZEC, further validating that the vulnerability is an executable attack path. Currently, the two biggest controversies surrounding Zcash are: First, whether counterfeit ZEC has ever appeared in the privacy pool over the past four years; Second, how can officials prove that no counterfeit ZEC has flowed into the privacy pool, an extremely difficult task to disprove.

Where Did the "Unlimited Minting" ZEC Come From?

The security of Orchard (Zcash's privacy-protecting "shielded pool") relies on zero-knowledge proof circuits, with the core rule being asset conservation: the spend of each transaction must come from legitimate inputs, and ZEC cannot be created out of thin air. Users can hide balances and transaction amounts, but the system must verify the transaction's legitimacy.

Security researcher Taylor Hornby discovered that a constraint in the Orchard circuit was incomplete (under-constrained), allowing attackers to input data that should not have passed, yet verification could still return as successful. In other words, without needing administrator privileges or controlling nodes, and not being a backdoor, as long as the system mistakenly deems a transaction legitimate, originally non-existent ZEC could be recorded as legitimate assets within Orchard.

Shielded Labs called it "unlimited, undetectable counterfeit ZEC".

The Bug is Fixed, but Historical Issues Remain Unresolved

For ordinary security incidents, the biggest fear is large losses, but the most troublesome aspect of Zcash's current crisis is that the losses cannot be directly quantified.

If an attack occurred on the transparent chain, the market could at least see the attack address, fund flows, and affected assets. However, Orchard's transaction amounts, balances, and fund paths are inherently hidden. Once counterfeit ZEC might have appeared in the pool, it's difficult for outsiders to judge whether it's still lingering in Orchard or has gradually flowed out through normal transactions.

More critically, Orchard is not a completely isolated black box. Users can migrate assets between different fund pools, and both real ZEC and potential counterfeit ZEC could mix within the pool.

The Zcash ecosystem can emphasize that there is currently no evidence of the vulnerability being exploited and can explain that the probability of malicious exploitation is low. But for traders, "no anomalies have been found" and "it has been proven that nothing happened" are not the same thing.

This is the core reason for ZEC's expanding decline. Until the question of whether counterfeit ZEC ever appeared in Orchard is proven, ZEC's supply credibility will remain under a shadow.

Arthur Hayes Liquidates Position, Igniting Market Confidence Crisis

After the ZEC vulnerability was exposed, BitMEX co-founder Arthur Hayes's public liquidation further amplified market panic.

Arthur Hayes stated on platform X that he has sold his entire ZEC holdings. Hayes said he learned about the attack yesterday but did not realize its conflict with his narrative framework. ZEC's 30% drop prompted him to reconsider and decide to take full profits on that position. He added that while he believes the possibility of additional minting is extremely low, he cannot formally prove its impossibility at the cryptographic level; he will continuously reassess his judgment and, if his assumption is disproven, will repurchase, hoping to build a position at a lower price; privacy is priceless, and he wouldn't mind repurchasing at a higher price.

This was quite damaging for ZEC. Over the past period, Arthur Hayes has been one of the key narrative drivers for ZEC. His bullish view was based on the long-term logic of privacy assets regaining pricing power in the context of AI, government surveillance, and big tech expansion. Therefore, his liquidation wasn't just a major holder taking profits; it resembled a public downgrade of ZEC's current narrative.

When a top narrative supporter chooses to exit first, long positions originally supported by belief and expectations are more likely to turn into collective profit-taking and risk aversion.

Community Sentiment Spiral, ZEC Transforms from Price Correction to Trust Crisis

Perhaps influenced by Arthur Hayes's liquidation, community discussions about ZEC quickly shifted from "whether to buy the dip" to "whether it can still be trusted."

On one hand, the community repeatedly emphasized the severity of the vulnerability itself. Compared to short-term price drops, many users were more concerned that a vulnerability theoretically capable of creating unlimited counterfeit coins had lurked in Orchard for nearly four years. For them, the price drop was just the surface; what truly shook confidence was the question mark placed on Zcash's core security assumptions.

On the other hand, the process of AI-assisted vulnerability discovery further exacerbated distrust. Taylor Hornby, with the aid of AI tools, conducted a targeted review of the Orchard circuit, ultimately discovered the vulnerability, wrote an exploit program, and generated counterfeit ZEC in a local environment. Although AI did not perform the audit independently, what the community more easily remembered was the narrative that "a key vulnerability existing for years was assisted in being found by AI in a short time," which quickly gained traction.

This turned public criticism towards Zcash's development and audit systems. The community questioned why a vulnerability existing since 2022 could go undetected on the mainnet for years? If even the core privacy pool could have constraint omissions, how can users trust Zcash's promises on supply and privacy security again?

Therefore, this decline is no longer just profit-taking. Before Zcash provides more convincing proof, no one is really willing to hold ZEC long-term.

Letture associate

Near Returns to the AI Stage: Transformation into a Public Chain Due to 'Payroll Difficulties,' Agent and Privacy Emerge as New Growth Narratives

NEAR Returns to AI Origins: From Payroll Struggles to Blockchain, Now Focusing on AI Agents and Privacy NEAR Protocol's journey began not with grand blockchain ambitions, but from a practical hurdle: its AI startup founders, including Transformer paper co-author Illia Polosukhin, couldn't efficiently pay international developers in 2017. This led them to pivot and build a high-performance, scalable blockchain. After years navigating various crypto narratives like sharding and cross-chain interoperability, NEAR is now leveraging its AI roots to re-enter the AI arena. A key driver is its "NEAR Intents" layer, which abstracts complex cross-chain transactions. Users simply state their goal (e.g., swap BTC for ETH), and a solver network finds the optimal route. This system has processed over $20B in cross-chain volume, generating significant fee revenue. A major growth area is private transactions via "Confidential Intents/Swaps," which hide trade details until settlement to protect against MEV and front-running. Remarkably, private swaps recently accounted for over 40% of NEAR's transaction volume, highlighting strong demand but also potential regulatory scrutiny. With its AI-founder pedigree, NEAR is positioning itself at the intersection of blockchain, AI agents, and privacy, aiming to become infrastructure for the emerging agent economy while navigating the challenges of its rapid adoption.

marsbit34 min fa

Near Returns to the AI Stage: Transformation into a Public Chain Due to 'Payroll Difficulties,' Agent and Privacy Emerge as New Growth Narratives

marsbit34 min fa

From Ethereum to AI's 'CROPS': What Exactly is This Set of 'Slow Variables' That Vitalik Repeatedly Emphasizes?

In recent discussions, Vitalik Buterin has frequently emphasized the concept of "CROPS," a framework defining core values for Ethereum's development. CROPS stands for Censorship Resistance, Capture Resistance, Open Source, Privacy, and Security. Initially outlined in the Ethereum Foundation's "EF Mandate," it represents a commitment to user sovereignty, ensuring that the network resists external control, remains open, protects privacy, and prioritizes security. The relevance of CROPS extends beyond Ethereum's foundational principles, becoming crucial in the context of AI integration. As AI agents begin handling wallet operations and automated transactions, the risk increases that users may cede control over their digital assets, privacy, and intentions to centralized AI service providers. A "CROPS AI" would therefore emphasize local execution where possible, privacy-preserving remote model calls (e.g., using zero-knowledge proofs), and transparent, verifiable processes to maintain user agency. Vitalik highlights a significant convergence between "CROPS Ethereum access layer" and "CROPS AI." Both address the same fundamental challenge: how users can access powerful services—be it blockchain data via RPCs or AI models—without exposing sensitive information or relinquishing ultimate control. This intersection points toward a future digital entry point that is more private, secure, and user-controlled. Ultimately, CROPS is not merely an abstract ideal but a practical guidepost. It steers development—from protocol resilience and wallet design to AI agent safety—towards a future where users retain self-sovereignty even as digital systems grow more complex and powerful. In an era of accelerating AI adoption, these "slow variables" of censorship resistance, openness, privacy, and security may define Ethereum's enduring value.

marsbit44 min fa

From Ethereum to AI's 'CROPS': What Exactly is This Set of 'Slow Variables' That Vitalik Repeatedly Emphasizes?

marsbit44 min fa

Zcash Bug Could Have Minted Unlimited ZEC Undetected

A critical vulnerability in Zcash's Orchard shielded pool, discovered by researcher Taylor Hornby on May 29, 2026, could have allowed an attacker to create an unlimited amount of undetectable counterfeit ZEC. The flaw, involving an under-constrained element in the Orchard circuit, existed from the pool's 2022 activation until an emergency fix was deployed by June 2, 2026. Hornby identified the bug using AI-assisted auditing tools and confirmed its exploitability in a test environment. Due to Orchard's privacy features, which hide transaction amounts and history, there is no cryptographic way to prove whether the vulnerability was exploited before the fix. While Shielded Labs assesses prior exploitation as unlikely, this uncertainty has sparked a debate on proving supply integrity in privacy-preserving systems. In response, Shielded Labs and other developers are exploring a network upgrade, potentially involving a new shielded pool and formal verification of the circuit rules to prevent future vulnerabilities and allow verification of the ZEC supply's integrity. ZEC's price fell nearly 45% following the disclosure.

bitcoinist53 min fa

Zcash Bug Could Have Minted Unlimited ZEC Undetected

bitcoinist53 min fa

Silicon Valley 'Startup Guru' Steve Hoffman: Web3 + AI Could Be a Trap

Silicon Valley investor and "Godfather of Startups" Steve Hoffman warns that combining Web3 with AI is likely a trap, not a promising venture. In an interview, Hoffman argues that while AI is a foundational technology touching all industries, Web3 adds complexity, friction, and regulatory risk without solving mainstream consumer or business needs. He advises founders to focus on deep, specialized applications where startups can out-iterate giants, rather than on generic features easily replicated by large tech companies. Hoffman observes that Silicon Valley will lead foundational AI research, while China excels at rapid, large-scale application and commercialization, particularly in robotics. He stresses that AI-driven autonomous agents capable of collaborative, multi-step tasks are 2-4 years away, which will cause significant job displacement. The solution is not to slow AI but to redesign business models around human-AI collaboration and reform social systems like education and retraining. For startups, Hoffman recommends focusing on vertical, expertise-heavy domains to build defensibility. He sees major opportunities in AI fraud detection and cybersecurity. Key founder mindsets include systemic thinking over feature-focus, relentless customer centricity, building adaptive teams, and deeply understanding AI's capabilities and limits. Hoffman is also leading a non-profit initiative to establish university centers aimed at training future leaders in responsible, human-value-aligned AI innovation.

marsbit2 h fa

Silicon Valley 'Startup Guru' Steve Hoffman: Web3 + AI Could Be a Trap

marsbit2 h fa

Token Inefficient, Economy Tokenless

The article "Tokens Aren't Economical, Economics Aren't Tokenized" analyzes a pivotal shift in the AI industry from a technology-driven narrative to one dominated by capital efficiency. It highlights two concurrent trends: a severe capital shortage due to the exorbitant and recurring costs of compute (e.g., OpenAI's high burn rate) and a wave of corporate spin-offs where major tech companies are separating their AI units (like Kuaishou's Kling and Baidu's Kunlunxin). The core argument is that AI's "anti-internet" business model, where user growth increases costs rather than profits, has created a disconnect between high valuations and actual cash flow. Spin-offs address this by allowing AI assets to be valued independently. Within a parent company, they are seen as cost centers, but as standalone entities, they are priced based on their growth potential and scarcity in the primary market, leading to massive valuation premiums (e.g., Kling's estimated value tripling post-spin-off). The industry is at an inflection point, moving from "model worship" to "value realization." The competition is evolving from a pure compute (GPU) race to a broader focus on systemic efficiency and full-stack engineering (involving CPUs and orchestration) to achieve viable commercialization. The year 2026 is framed as a critical moment where the industry must definitively answer how to economically translate AI capability into tangible business value, reshaping the sector's future power structure.

marsbit2 h fa

marsbit2 h fa

Trading

Spot

Futures

Articoli Popolari

Come comprare ZEC

Benvenuto in HTX.com! Abbiamo reso l'acquisto di Zcash (ZEC) semplice e conveniente. Segui la nostra guida passo passo per intraprendere il tuo viaggio nel mondo delle criptovalute.Step 1: Crea il tuo Account HTXUsa la tua email o numero di telefono per registrarti il tuo account gratuito su HTX. Vivi un'esperienza facile e sblocca tutte le funzionalità,Crea il mio accountStep 2: Vai in Acquista crypto e seleziona il tuo metodo di pagamentoCarta di credito/debito: utilizza la tua Visa o Mastercard per acquistare immediatamente ZcashZEC.Bilancio: Usa i fondi dal bilancio del tuo account HTX per fare trading senza problemi.Terze parti: abbiamo aggiunto metodi di pagamento molto utilizzati come Google Pay e Apple Pay per maggiore comodità.P2P: Fai trading direttamente con altri utenti HTX.Over-the-Counter (OTC): Offriamo servizi su misura e tassi di cambio competitivi per i trader.Step 3: Conserva Zcash (ZEC)Dopo aver acquistato Zcash (ZEC), conserva nel tuo account HTX. In alternativa, puoi inviare tramite trasferimento blockchain o scambiare per altre criptovalute.Step 4: Scambia Zcash (ZEC)Scambia facilmente Zcash (ZEC) nel mercato spot di HTX. Accedi al tuo account, seleziona la tua coppia di trading, esegui le tue operazioni e monitora in tempo reale. Offriamo un'esperienza user-friendly sia per chi ha appena iniziato che per i trader più esperti.

256 Totale visualizzazioniPubblicato il 2024.12.12Aggiornato il 2026.06.02

Discussioni

Benvenuto nella Community HTX. Qui puoi rimanere informato sugli ultimi sviluppi della piattaforma e accedere ad approfondimenti esperti sul mercato. Le opinioni degli utenti sul prezzo di ZEC ZEC sono presentate come di seguito.