Did 'Unlimited Minting' Actually Happen? Zcash Founder Responds to Four Major Market Concerns

marsbitPubblicato 2026-06-15Pubblicato ultima volta 2026-06-15

Introduzione

The Orchard shielding pool in the privacy cryptocurrency Zcash was recently found to have contained a critical counterfeiting vulnerability that existed for four years. This discovery caused significant market panic and a sharp drop in the price of ZEC, though it has since recovered partially. Zcash founder Zooko Wilcox addressed four key questions raised by the vulnerability. First, while it's unknown if the bug was exploited, he believes it likely was not, citing advanced, targeted discovery methods, a rapid response to freeze the pool, and the typical "smash-and-grab" nature of past crypto exploits. Second, he states that if no exploitation occurred, all legitimate user funds in Orchard are recoverable. However, cautious users moving funds should be aware of privacy trade-offs and other risks involved in transferring to transparent or Sapling pools. Third, users currently cannot independently verify that the total ZEC supply hasn't been inflated due to this bug. However, the proposed "Ironwood" network upgrade will restore this ability by permanently sealing the Orchard pool. This will prevent any counterfeit funds from circulating and allow anyone running a node to cryptographically verify that the supply cap has not been breached. Finally, regarding other undiscovered vulnerabilities, Wilcox notes that intensive ongoing audits by multiple teams, including using advanced AI-assisted tools, have so far found no other counterfeiting bugs. This provides increased, though ...

Editor's Note: On June 5th Beijing time, privacy project Zcash was exposed to have had a critical forgery vulnerability in its new-generation privacy pool Orchard. The price of Zcash's token ZEC plunged, at one point halving to a low near $250.

After about 10 days of development, market panic has somewhat subsided, and the price of ZEC has also recovered somewhat, climbing back to $500 today. (Recommended reading: "'Unlimited Money Printing' Vulnerability Lay Dormant for Four Years, Privacy Coin ZEC Halved in a Day")

This morning, Zcash founder Zooko Wilcox released another lengthy article in response to the market's key concerns.

He stated that it is likely the Orchard vulnerability was not previously exploited, and legitimate Orchard funds can be recovered. Currently, users cannot independently verify whether the Zcash supply exceeds the limit, but the Ironwood upgrade will seal the Orchard pool, restoring this verification capability. Ongoing audits have not revealed other forgery vulnerabilities, but complete certainty requires more work.

The recent Orchard vulnerability has raised important questions about Zcash's supply and user fund security. The discussion has mixed several different issues, making it difficult to understand the actual impact of this vulnerability on users. This article attempts to separate these issues and explain what they each mean for users.

The Orchard vulnerability raises four important questions:

1. Was the Orchard vulnerability ever exploited?

2. Can legitimate Orchard funds be recovered?

3. Can users verify that the Zcash supply has not been inflated?

4. How do we know there are no other forgery vulnerabilities?

Was the Orchard Vulnerability Ever Exploited?

Unknown. We believe it's unlikely to have been exploited previously, though it cannot be completely ruled out. We think the vulnerability likely remained unexploited for three reasons:

Despite continuous review over the years by many of the world's top cryptographers and security researchers, this vulnerability was not previously discovered. Its final discovery was not accidental; it was found by Taylor Hornby of Shielded Labs, whose goal was to proactively identify such security vulnerabilities before malicious attackers could.

Taylor used advanced AI-assisted security research techniques and custom-built tools specifically designed to find subtle flaws others missed. Doing this would be more difficult for someone not deeply familiar with the Zcash codebase.

Once discovered, Zcash developers (led by the Zcash Open Development Labs team) quickly coordinated with mining pools to temporarily freeze the Orchard pool and deploy a fix, thereby limiting any attacker's window of opportunity.

Cryptocurrency exploits are common, and attackers typically try to cash out as quickly as possible, especially after a vulnerability is made public. To profit from this vulnerability, an attacker would need to exchange forged ZEC for valuable assets, which typically requires the ZEC to leave the Orchard pool via the turnstile mechanism.

If the vulnerability had been exploited before the fix, we would expect evidence to have surfaced by now. Historically, cryptocurrency exploits are typically "smash-and-grab" operations, not strategies like "4D chess" hidden for months or even years.

Can Legitimate Orchard Funds Be Recovered?

We believe so, because we believe the vulnerability was never exploited. If this assessment is correct, all legitimate Orchard funds remain fully recoverable.

On the other hand, if forgery did occur in Orchard, the existing turnstile mechanism would limit the total migrated amount to the number of ZEC that legitimately entered the pool.

Therefore, if forged funds were migrated ahead of legitimate funds, users would be unable to recover some or all of their legitimate Orchard funds.

We consider this scenario unlikely. However, for more cautious users, it is still recommended to move their ZEC out of Orchard.

But before doing this, they should understand the following:

· Moving funds to a transparent pool (i.e., to a t-address) will reveal both the transfer amount and time, and these funds will also become publicly linked to that t-address.

· Moving funds from the Orchard pool to the Sapling pool reveals the transfer amount and time, but unlike moving to a t-address, it does not link these funds to a specific address or transaction history.

· The Sapling pool relies on a trusted setup ceremony performed in 2018. Relying on the security of that trusted setup is an additional risk users should be aware of.

· To our knowledge, YWallet and Zkool are currently the only widely used self-custody Zcash wallets that support the Sapling pool.

· Moving funds to a new wallet or custodian service introduces additional risks, including user error, software bugs, custodian risk, or other unforeseen problems.

Overall, we consider the above risks moderate.

If your funds are currently in a shielded self-custody wallet, leaving them there is a reasonable choice, given our assessment that previous forgery is unlikely. If you have a safe way to move them elsewhere, that might also be reasonable. Users may reach different conclusions based on their own circumstances.

Can Users Verify That the Zcash Supply Has Not Been Inflated?

Currently, no. The previous existence of this vulnerability meant that users cannot independently verify whether the ZEC currently circulating in the shielded pools does not exceed the correct amount.

However, as we noted in a previous post, the Ironwood upgrade restores this ability. The following diagram illustrates why.

The proposed network upgrade addresses this by adding the guarantee that "no more unknown forgery vulnerabilities exist" and by sealing the Orchard pool. New funds cannot enter, and funds within the pool can no longer circulate.

The only remaining path out is via the existing turnstile mechanism, which ensures that no more ZEC can leave the Orchard pool than legitimately entered it.

This change restores the ability to verify the soundness of the Zcash supply.

Currently, if forged funds exist in the Orchard pool, they can continue circulating within it. After the upgrade, this is no longer possible. Regardless of whether forgery occurred, anyone running a node can verify that the circulating ZEC does not exceed the correct amount.

Users do not need to wait for funds to migrate out of Orchard or infer the behavior of attackers or other users. The protocol itself provides a verifiable guarantee: excess ZEC cannot continue circulating within Orchard and inflating the supply.

This is important because Zcash's long-term credibility depends on users' ability to verify the soundness of its supply themselves. Ironwood restores users' ability to independently verify that the protocol's supply limits are being enforced.

How Do We Know There Are No Other Forgery Vulnerabilities?

We cannot be completely certain yet, but we have reasons to believe there are none. Shielded Labs and several other teams have been carefully reviewing the Zcash protocol for other forgery vulnerabilities.

This includes using a not-yet-released Mythos AI model, with help from Anthropic, to search for additional vulnerabilities shortly before Mythos was paused. We plan to share more details about this review and its findings in a follow-up blog post.

So far, no other forgery vulnerabilities have been found. The high level of expertise, effort, and advanced AI-assisted analysis involved in this search gives us greater confidence that no similar vulnerabilities remain undiscovered.

Furthermore, we are working with projects like the Tachyon Project to provide additional assurances that no more forgery vulnerabilities exist in Zcash. We will elaborate on this further in future blog posts as well.

Conclusion

The Orchard vulnerability presents four important questions: Was the vulnerability exploited? Can legitimate Orchard funds be recovered? Can users verify the Zcash supply hasn't been inflated? And are there other undiscovered forgery vulnerabilities?

We believe it's unlikely to have been exploited, so legitimate Orchard funds are recoverable, and the current Zcash supply is safe. Based on ongoing reviews by multiple independent researchers and teams, we are also growing more confident that no other undiscovered forgery vulnerabilities exist.

However, users currently cannot verify the security of the Zcash supply, and they should not have to rely on our assessment—or anyone else's.

The proposed network upgrade solves this problem. By sealing the Orchard pool, it restores users' ability to independently verify the security of the Zcash supply. Users no longer need to judge whether forgery occurred to verify that the protocol's supply limits are being honored.

Letture associate

Backpack Surges Over 150% in Half a Month

BP, the token of the Backpack exchange, has surged over 150% since early June, driven by the platform's expansion into regulated US stock brokerage and asset tokenization services. On June 2nd, Backpack announced Backpack Securities, offering traditional stock trading and tokenization, causing BP's price to jump over 80%. Momentum continued on June 12th with the launch of SPCX, a tokenized product for SpaceX stock on Solana, facilitating seamless conversion between traditional securities and on-chain assets. This aligns with the RWA (Real World Assets) narrative, creating a bridge between traditional finance and Solana DeFi. The token's unique economics also support its growth. All 2.5 billion initially circulating tokens were airdropped to the community, with zero allocation to the team or investors at launch. A key feature allows users who stake BP for at least one year to gain the right to convert tokens into company equity upon an IPO or acquisition. Despite some initial community controversy over airdrop distribution, focus is shifting to BP's long-term utility and value alignment as real products launch.

marsbit13 min fa

Backpack Surges Over 150% in Half a Month

marsbit13 min fa

Following US Ban on Fable 5, Zhipu AI's Stock Soars 47%

On June 15th, shares of Zhipu AI surged dramatically on the Hong Kong stock market, peaking at a 47.6% gain before closing 32.82% higher. This sharp increase was directly triggered by two recent industry events. On June 12th, Anthropic announced it was suspending global access to its latest flagship models, Claude Fable 5 and Claude Mythos 5, to comply with a U.S. government export control order. The next day, Zhipu AI announced it would open access to its latest open-source flagship model, GLM-5.2, under the permissive MIT license. The Anthropic incident highlighted a critical issue beyond raw model capability: the risk of sudden, unpredictable loss of access to advanced AI models, especially for developers and enterprises deeply integrated with them. This has shifted industry and market focus toward factors like stability, sustainable access, and controllability. Zhipu's move, promoting "frontier intelligence for all," positions its openly available model as a reliable and accessible alternative. The GLM-5.2 model emphasizes "Long Horizon Task" capabilities with a 1M context window, targeting complex, multi-step coding and engineering workflows where maintaining context is crucial. Analysts note this event exposes the risk of dependency on closed-source models subject to single jurisdictional controls, potentially accelerating a shift toward domestic base models and localized deployments. The market's reaction signals a new valuation dimension in AI: providers who can offer stable, long-term, and sustainably accessible AI capabilities are gaining strategic importance.

marsbit23 min fa

Following US Ban on Fable 5, Zhipu AI's Stock Soars 47%

marsbit23 min fa

Fully Entering the AI Era: Alipay Bets on Conversation, WeChat Holds Fast to Social

In May 2026, Alipay announced over 300 million AI payment transactions. Shortly after, WeChat opened its mini-programs for AI integration, sparking controversy by requiring developer source code access. This highlights their diverging approaches to AI integration. Alipay is testing "Project Treasure," an optional AI-native interface replacing traditional app grids with a conversational window. Users can command complex tasks (e.g., "book a ride and order coffee") handled end-to-end by AI. This shift follows an abandoned standalone AI app, focusing instead on enhancing its existing user base. For unmodified mini-programs, Alipay's AI uses "screen-reading" to simulate user interactions, bypassing the need for developer overhaul. It also introduced "Token Pay" for micro-transactions and "AI Wallets" for autonomous agent spending. WeChat, prioritizing its core social function, is taking an embedded approach. Its AI agent will operate within existing contexts like group chats and official accounts, assisting without a separate interface. To enable this, WeChat offers developers two paths: granting source code access for direct AI control ("Automatic Mode") or manually encapsulating services into standardized "Skills." Both place significant burden on developers. Key differences emerge in handling legacy services: WeChat demands developer cooperation (code or labor), while Alipay's screen-reading offers immediate, if potentially less stable, compatibility. Alipay's 3 billion AI transactions demonstrate user acceptance of AI-driven commercial actions. The divergent strategies may reshape mini-program ecosystems—Alipay passively "AI-fying" services, WeChat potentially favoring resource-rich developers—and set competing technical standards. Ultimately, the competition centers on where users entrust the command to "help me get things done."

marsbit23 min fa

Fully Entering the AI Era: Alipay Bets on Conversation, WeChat Holds Fast to Social

marsbit23 min fa

Supply Chain, Energy, and Bloc Formation: Untangling the Core Threads of 2026 AI Investment

The core thesis for 2026 investment is a shift from traditional growth-inflation analysis towards a geopolitical framework of strategic blocs, supply chain reconfiguration, and capital expenditure (capex) direction. The US is moving from a global guarantor role towards a more bounded "camp system," reshaping trade, security, and technology flows. Key investment themes emerge from this realignment: production-capable US-aligned economies (e.g., Japan, South Korea), regional security focusing on Latin America, and the hard constraint of energy/grid capacity enabling reshoring. Europe's strength lies not in macro growth but in its high-quality "pick-and-shovel" industrial, electrical, and automation exporters serving the global capex cycle. AI remains the central US-China strategic battleground, driving massive investment in compute, power, and manufacturing stacks, with robotics gaining prominence. The investment implication is a rotation away from crowded US mega-cap tech momentum toward global beneficiaries of this restructuring: electrification equipment, industrial automation, energy storage, grid infrastructure, and select non-US markets. 2026 will be defined by investment intensity driven by geopolitical repositioning, not near-term commercial maturity.

marsbit1 h fa

Supply Chain, Energy, and Bloc Formation: Untangling the Core Threads of 2026 AI Investment

marsbit1 h fa

Appeals Court Rejects Sam Bankman-Fried Bid For New FTX Trial

A federal appeals court has rejected Sam Bankman-Fried's bid for a new trial, upholding his convictions in the FTX fraud case. The Second Circuit Court of Appeals denied defense claims of an unfair trial, sharply narrowing his legal options. His team could still petition the US Supreme Court. The ruling reinforces the legal precedent from one of crypto's most consequential cases, keeping focus on FTX's collapse, customer losses, and ongoing bankruptcy proceedings. For the market, the decision underscores the lasting impact of FTX on regulatory debates concerning exchange oversight, custody rules, and asset segregation as the industry works to rebuild trust.

bitcoinist1 h fa

Appeals Court Rejects Sam Bankman-Fried Bid For New FTX Trial

bitcoinist1 h fa

Trading

Spot

Futures