Did 'Unlimited Minting' Actually Happen? Zcash Founder Responds to Four Major Market Concerns

marsbitPubblicato 2026-06-15Pubblicato ultima volta 2026-06-15

Introduzione

The Orchard shielding pool in the privacy cryptocurrency Zcash was recently found to have contained a critical counterfeiting vulnerability that existed for four years. This discovery caused significant market panic and a sharp drop in the price of ZEC, though it has since recovered partially. Zcash founder Zooko Wilcox addressed four key questions raised by the vulnerability. First, while it's unknown if the bug was exploited, he believes it likely was not, citing advanced, targeted discovery methods, a rapid response to freeze the pool, and the typical "smash-and-grab" nature of past crypto exploits. Second, he states that if no exploitation occurred, all legitimate user funds in Orchard are recoverable. However, cautious users moving funds should be aware of privacy trade-offs and other risks involved in transferring to transparent or Sapling pools. Third, users currently cannot independently verify that the total ZEC supply hasn't been inflated due to this bug. However, the proposed "Ironwood" network upgrade will restore this ability by permanently sealing the Orchard pool. This will prevent any counterfeit funds from circulating and allow anyone running a node to cryptographically verify that the supply cap has not been breached. Finally, regarding other undiscovered vulnerabilities, Wilcox notes that intensive ongoing audits by multiple teams, including using advanced AI-assisted tools, have so far found no other counterfeiting bugs. This provides increased, though ...

Editor's Note: On June 5th Beijing time, privacy project Zcash was exposed to have had a critical forgery vulnerability in its new-generation privacy pool Orchard. The price of Zcash's token ZEC plunged, at one point halving to a low near $250.

After about 10 days of development, market panic has somewhat subsided, and the price of ZEC has also recovered somewhat, climbing back to $500 today. (Recommended reading: "'Unlimited Money Printing' Vulnerability Lay Dormant for Four Years, Privacy Coin ZEC Halved in a Day")

This morning, Zcash founder Zooko Wilcox released another lengthy article in response to the market's key concerns.

He stated that it is likely the Orchard vulnerability was not previously exploited, and legitimate Orchard funds can be recovered. Currently, users cannot independently verify whether the Zcash supply exceeds the limit, but the Ironwood upgrade will seal the Orchard pool, restoring this verification capability. Ongoing audits have not revealed other forgery vulnerabilities, but complete certainty requires more work.

The recent Orchard vulnerability has raised important questions about Zcash's supply and user fund security. The discussion has mixed several different issues, making it difficult to understand the actual impact of this vulnerability on users. This article attempts to separate these issues and explain what they each mean for users.

The Orchard vulnerability raises four important questions:

1. Was the Orchard vulnerability ever exploited?

2. Can legitimate Orchard funds be recovered?

3. Can users verify that the Zcash supply has not been inflated?

4. How do we know there are no other forgery vulnerabilities?

Was the Orchard Vulnerability Ever Exploited?

Unknown. We believe it's unlikely to have been exploited previously, though it cannot be completely ruled out. We think the vulnerability likely remained unexploited for three reasons:

Despite continuous review over the years by many of the world's top cryptographers and security researchers, this vulnerability was not previously discovered. Its final discovery was not accidental; it was found by Taylor Hornby of Shielded Labs, whose goal was to proactively identify such security vulnerabilities before malicious attackers could.

Taylor used advanced AI-assisted security research techniques and custom-built tools specifically designed to find subtle flaws others missed. Doing this would be more difficult for someone not deeply familiar with the Zcash codebase.

Once discovered, Zcash developers (led by the Zcash Open Development Labs team) quickly coordinated with mining pools to temporarily freeze the Orchard pool and deploy a fix, thereby limiting any attacker's window of opportunity.

Cryptocurrency exploits are common, and attackers typically try to cash out as quickly as possible, especially after a vulnerability is made public. To profit from this vulnerability, an attacker would need to exchange forged ZEC for valuable assets, which typically requires the ZEC to leave the Orchard pool via the turnstile mechanism.

If the vulnerability had been exploited before the fix, we would expect evidence to have surfaced by now. Historically, cryptocurrency exploits are typically "smash-and-grab" operations, not strategies like "4D chess" hidden for months or even years.

Can Legitimate Orchard Funds Be Recovered?

We believe so, because we believe the vulnerability was never exploited. If this assessment is correct, all legitimate Orchard funds remain fully recoverable.

On the other hand, if forgery did occur in Orchard, the existing turnstile mechanism would limit the total migrated amount to the number of ZEC that legitimately entered the pool.

Therefore, if forged funds were migrated ahead of legitimate funds, users would be unable to recover some or all of their legitimate Orchard funds.

We consider this scenario unlikely. However, for more cautious users, it is still recommended to move their ZEC out of Orchard.

But before doing this, they should understand the following:

· Moving funds to a transparent pool (i.e., to a t-address) will reveal both the transfer amount and time, and these funds will also become publicly linked to that t-address.

· Moving funds from the Orchard pool to the Sapling pool reveals the transfer amount and time, but unlike moving to a t-address, it does not link these funds to a specific address or transaction history.

· The Sapling pool relies on a trusted setup ceremony performed in 2018. Relying on the security of that trusted setup is an additional risk users should be aware of.

· To our knowledge, YWallet and Zkool are currently the only widely used self-custody Zcash wallets that support the Sapling pool.

· Moving funds to a new wallet or custodian service introduces additional risks, including user error, software bugs, custodian risk, or other unforeseen problems.

Overall, we consider the above risks moderate.

If your funds are currently in a shielded self-custody wallet, leaving them there is a reasonable choice, given our assessment that previous forgery is unlikely. If you have a safe way to move them elsewhere, that might also be reasonable. Users may reach different conclusions based on their own circumstances.

Can Users Verify That the Zcash Supply Has Not Been Inflated?

Currently, no. The previous existence of this vulnerability meant that users cannot independently verify whether the ZEC currently circulating in the shielded pools does not exceed the correct amount.

However, as we noted in a previous post, the Ironwood upgrade restores this ability. The following diagram illustrates why.

The proposed network upgrade addresses this by adding the guarantee that "no more unknown forgery vulnerabilities exist" and by sealing the Orchard pool. New funds cannot enter, and funds within the pool can no longer circulate.

The only remaining path out is via the existing turnstile mechanism, which ensures that no more ZEC can leave the Orchard pool than legitimately entered it.

This change restores the ability to verify the soundness of the Zcash supply.

Currently, if forged funds exist in the Orchard pool, they can continue circulating within it. After the upgrade, this is no longer possible. Regardless of whether forgery occurred, anyone running a node can verify that the circulating ZEC does not exceed the correct amount.

Users do not need to wait for funds to migrate out of Orchard or infer the behavior of attackers or other users. The protocol itself provides a verifiable guarantee: excess ZEC cannot continue circulating within Orchard and inflating the supply.

This is important because Zcash's long-term credibility depends on users' ability to verify the soundness of its supply themselves. Ironwood restores users' ability to independently verify that the protocol's supply limits are being enforced.

How Do We Know There Are No Other Forgery Vulnerabilities?

We cannot be completely certain yet, but we have reasons to believe there are none. Shielded Labs and several other teams have been carefully reviewing the Zcash protocol for other forgery vulnerabilities.

This includes using a not-yet-released Mythos AI model, with help from Anthropic, to search for additional vulnerabilities shortly before Mythos was paused. We plan to share more details about this review and its findings in a follow-up blog post.

So far, no other forgery vulnerabilities have been found. The high level of expertise, effort, and advanced AI-assisted analysis involved in this search gives us greater confidence that no similar vulnerabilities remain undiscovered.

Furthermore, we are working with projects like the Tachyon Project to provide additional assurances that no more forgery vulnerabilities exist in Zcash. We will elaborate on this further in future blog posts as well.

Conclusion

The Orchard vulnerability presents four important questions: Was the vulnerability exploited? Can legitimate Orchard funds be recovered? Can users verify the Zcash supply hasn't been inflated? And are there other undiscovered forgery vulnerabilities?

We believe it's unlikely to have been exploited, so legitimate Orchard funds are recoverable, and the current Zcash supply is safe. Based on ongoing reviews by multiple independent researchers and teams, we are also growing more confident that no other undiscovered forgery vulnerabilities exist.

However, users currently cannot verify the security of the Zcash supply, and they should not have to rely on our assessment—or anyone else's.

The proposed network upgrade solves this problem. By sealing the Orchard pool, it restores users' ability to independently verify the security of the Zcash supply. Users no longer need to judge whether forgery occurred to verify that the protocol's supply limits are being honored.

Letture associate

2026 Altcoin Season Guide: Current Values & Market Signals, Is It Time to Prepare for Altcoin Season?

Altcoin Season Guide 2026: Signals & Timing Analysis This guide explores the dynamics of an "altcoin season," defined as a 90-day period where at least 75% of the top 50 cryptocurrencies outperform Bitcoin (BTC). Historically signaling capital rotation from BTC to alternative assets ("alts"), these periods have evolved. Key differences for the 2026 market cycle include the "ETF Wall," where institutional capital via spot Bitcoin ETFs may remain concentrated in BTC, potentially slowing a broad altseason. A genuine, sustainable altseason now likely requires BTC profit-taking combined with new retail and on-chain liquidity entering the wider market. Analysts use tools like the Altseason Index (values >75 indicate an altseason) but also monitor key pairs like ETH/BTC and SOL/BTC for confirmation. Additional signals include a declining Bitcoin Dominance rate (ideally below 40-50%), accelerating altcoin total market cap growth, and surges in trading volume and social sentiment for alts. Modern altseasons are increasingly narrative-driven and selective, not uniform across all coins. Capital typically rotates in stages: from BTC to major altcoins (like ETH), then into leading narratives (e.g., AI, RWA, DePIN), and finally into mid/small-cap projects and meme coins. The peak phase is often marked by extreme greed, parabolic rises, and high leverage, serving as a cautionary signal. For preparation, investors are advised to build a quality watchlist based on fundamentals, product traction, and team strength. Strategies should include portfolio diversification, disciplined risk management (position sizing, stop-losses, stablecoin reserves), and capitalizing on sector rotations rather than chasing past winners. While precise timing is uncertain, historical patterns suggest strong altcoin rallies often follow Bitcoin halvings by 12-30 months. For the 2024 halving cycle, 2026-2027 could present favorable conditions if supported by macro liquidity, technological narratives, and a sustained drop in Bitcoin Dominance. A true, broad altseason is unlikely if Bitcoin experiences a sharp crash (>20%), as capital tends to flee the entire crypto market.

Foresight News52 min fa

2026 Altcoin Season Guide: Current Values & Market Signals, Is It Time to Prepare for Altcoin Season?

Foresight News52 min fa

This Might Be the Most Stunning Image at This Year's WAIC!

This article introduces Shangtang's newly released multimodal AI model, **SenseNova U1 Pro**, unveiled at WAIC 2026. The model is highlighted for its ability to generate **native 8K-resolution images** with exceptional detail and coherence, even in extremely wide-format compositions. It goes beyond simple image generation by employing a **"图文交错思维" (interleaved image-text reasoning)** workflow, where it can plan, sketch, refine, check, and correct its outputs to achieve a final, deliverable result. Key capabilities demonstrated include generating a long 8K scroll depicting the 9-year history of WAIC, a detailed 24 solar terms illustration, a complex academic poster, a琉璃 (colored glaze)-style landscape, and a ready-to-use movie poster. The model handles intricate prompts involving layout, text clarity, material textures, and stylistic consistency. The article draws a parallel between this evolution in image generation and the progression seen in AI coding—from simple code completion to autonomous project delivery. U1 Pro represents a shift from generating single images to providing **complete content delivery systems** for professional scenarios like infographics, urban planning, and commercial design. While challenges like generation time and professional workflow integration remain, the model signifies a move towards multimodal AI agents that are accountable for producing usable, high-quality outputs.

marsbit2 h fa

This Might Be the Most Stunning Image at This Year's WAIC!

marsbit2 h fa

How Did This Round of Deleveraging in the Korean Stock Market Occur?

This article details the timeline and mechanisms behind the deleveraging event in the South Korean stock market, focusing on the KOSPI index from late June to mid-July. The core trigger was the market's structure, heavily concentrated in Samsung Electronics and SK Hynix, which comprised over half of the KOSPI. The situation was amplified by the May 27th launch of single-stock double-leveraged ETFs on these two companies, which attracted massive retail investment and concentrated risk. The process unfolded in eight stages: 1. Initial price collapse on June 23rd after regulatory warnings, but without significant debt reduction. 2. A rebound from June 24-25 fueled by retail buying and ETF rebalancing, which actually increased leverage. 3. Foreign and institutional investors selling from June 26-30, with domestic retail investors becoming the marginal buyers, transferring risk to household balance sheets. 4. A shift in global semiconductor sentiment from July 1-3, causing leveraged ETFs to systematically sell during declines. 5. The market failing to rally on strong earnings (July 6-8), signaling a turn from technical correction to concerns over peak profitability. 6. A rise in forced liquidations and the cross-listing of SK Hynix ADRs, spreading leverage risks to US and Hong Kong markets (July 9-10). 7. A cascade of synchronized selling from various players on July 13th, followed by a mechanical, ETF-driven rebound. 8. Institutionalization of deleveraging on July 16th, marked by an interest rate hike and new regulatory restrictions on single-stock leveraged products. The author concludes this was not a simple semiconductor correction but a negative feedback loop involving foreign capital rebalancing, retail margin trading, daily ETF rebalancing, forced liquidations, shifting industry expectations, and tightening monetary and regulatory policy. Leveraged ETFs acted as a critical amplifier, not the initial spark. The price decline (-25%) far exceeded the reduction in margin debt (-11%), indicating the deleveraging was primarily expressed through asset prices rather than immediate balance sheet repair.

marsbit2 h fa

How Did This Round of Deleveraging in the Korean Stock Market Occur?

marsbit2 h fa

Trading

Spot
活动图片