Did 'Unlimited Minting' Actually Happen? Zcash Founder Responds to Four Major Market Concerns

marsbit2026-06-15 tarihinde yayınlandı2026-06-15 tarihinde güncellendi

Özet

The Orchard shielding pool in the privacy cryptocurrency Zcash was recently found to have contained a critical counterfeiting vulnerability that existed for four years. This discovery caused significant market panic and a sharp drop in the price of ZEC, though it has since recovered partially. Zcash founder Zooko Wilcox addressed four key questions raised by the vulnerability. First, while it's unknown if the bug was exploited, he believes it likely was not, citing advanced, targeted discovery methods, a rapid response to freeze the pool, and the typical "smash-and-grab" nature of past crypto exploits. Second, he states that if no exploitation occurred, all legitimate user funds in Orchard are recoverable. However, cautious users moving funds should be aware of privacy trade-offs and other risks involved in transferring to transparent or Sapling pools. Third, users currently cannot independently verify that the total ZEC supply hasn't been inflated due to this bug. However, the proposed "Ironwood" network upgrade will restore this ability by permanently sealing the Orchard pool. This will prevent any counterfeit funds from circulating and allow anyone running a node to cryptographically verify that the supply cap has not been breached. Finally, regarding other undiscovered vulnerabilities, Wilcox notes that intensive ongoing audits by multiple teams, including using advanced AI-assisted tools, have so far found no other counterfeiting bugs. This provides increased, though ...

Editor's Note: On June 5th Beijing time, privacy project Zcash was exposed to have had a critical forgery vulnerability in its new-generation privacy pool Orchard. The price of Zcash's token ZEC plunged, at one point halving to a low near $250.

After about 10 days of development, market panic has somewhat subsided, and the price of ZEC has also recovered somewhat, climbing back to $500 today. (Recommended reading: "'Unlimited Money Printing' Vulnerability Lay Dormant for Four Years, Privacy Coin ZEC Halved in a Day")

This morning, Zcash founder Zooko Wilcox released another lengthy article in response to the market's key concerns.

He stated that it is likely the Orchard vulnerability was not previously exploited, and legitimate Orchard funds can be recovered. Currently, users cannot independently verify whether the Zcash supply exceeds the limit, but the Ironwood upgrade will seal the Orchard pool, restoring this verification capability. Ongoing audits have not revealed other forgery vulnerabilities, but complete certainty requires more work.

The recent Orchard vulnerability has raised important questions about Zcash's supply and user fund security. The discussion has mixed several different issues, making it difficult to understand the actual impact of this vulnerability on users. This article attempts to separate these issues and explain what they each mean for users.

The Orchard vulnerability raises four important questions:

1. Was the Orchard vulnerability ever exploited?

2. Can legitimate Orchard funds be recovered?

3. Can users verify that the Zcash supply has not been inflated?

4. How do we know there are no other forgery vulnerabilities?

Was the Orchard Vulnerability Ever Exploited?

Unknown. We believe it's unlikely to have been exploited previously, though it cannot be completely ruled out. We think the vulnerability likely remained unexploited for three reasons:

Despite continuous review over the years by many of the world's top cryptographers and security researchers, this vulnerability was not previously discovered. Its final discovery was not accidental; it was found by Taylor Hornby of Shielded Labs, whose goal was to proactively identify such security vulnerabilities before malicious attackers could.

Taylor used advanced AI-assisted security research techniques and custom-built tools specifically designed to find subtle flaws others missed. Doing this would be more difficult for someone not deeply familiar with the Zcash codebase.

Once discovered, Zcash developers (led by the Zcash Open Development Labs team) quickly coordinated with mining pools to temporarily freeze the Orchard pool and deploy a fix, thereby limiting any attacker's window of opportunity.

Cryptocurrency exploits are common, and attackers typically try to cash out as quickly as possible, especially after a vulnerability is made public. To profit from this vulnerability, an attacker would need to exchange forged ZEC for valuable assets, which typically requires the ZEC to leave the Orchard pool via the turnstile mechanism.

If the vulnerability had been exploited before the fix, we would expect evidence to have surfaced by now. Historically, cryptocurrency exploits are typically "smash-and-grab" operations, not strategies like "4D chess" hidden for months or even years.

Can Legitimate Orchard Funds Be Recovered?

We believe so, because we believe the vulnerability was never exploited. If this assessment is correct, all legitimate Orchard funds remain fully recoverable.

On the other hand, if forgery did occur in Orchard, the existing turnstile mechanism would limit the total migrated amount to the number of ZEC that legitimately entered the pool.

Therefore, if forged funds were migrated ahead of legitimate funds, users would be unable to recover some or all of their legitimate Orchard funds.

We consider this scenario unlikely. However, for more cautious users, it is still recommended to move their ZEC out of Orchard.

But before doing this, they should understand the following:

· Moving funds to a transparent pool (i.e., to a t-address) will reveal both the transfer amount and time, and these funds will also become publicly linked to that t-address.

· Moving funds from the Orchard pool to the Sapling pool reveals the transfer amount and time, but unlike moving to a t-address, it does not link these funds to a specific address or transaction history.

· The Sapling pool relies on a trusted setup ceremony performed in 2018. Relying on the security of that trusted setup is an additional risk users should be aware of.

· To our knowledge, YWallet and Zkool are currently the only widely used self-custody Zcash wallets that support the Sapling pool.

· Moving funds to a new wallet or custodian service introduces additional risks, including user error, software bugs, custodian risk, or other unforeseen problems.

Overall, we consider the above risks moderate.

If your funds are currently in a shielded self-custody wallet, leaving them there is a reasonable choice, given our assessment that previous forgery is unlikely. If you have a safe way to move them elsewhere, that might also be reasonable. Users may reach different conclusions based on their own circumstances.

Can Users Verify That the Zcash Supply Has Not Been Inflated?

Currently, no. The previous existence of this vulnerability meant that users cannot independently verify whether the ZEC currently circulating in the shielded pools does not exceed the correct amount.

However, as we noted in a previous post, the Ironwood upgrade restores this ability. The following diagram illustrates why.

The proposed network upgrade addresses this by adding the guarantee that "no more unknown forgery vulnerabilities exist" and by sealing the Orchard pool. New funds cannot enter, and funds within the pool can no longer circulate.

The only remaining path out is via the existing turnstile mechanism, which ensures that no more ZEC can leave the Orchard pool than legitimately entered it.

This change restores the ability to verify the soundness of the Zcash supply.

Currently, if forged funds exist in the Orchard pool, they can continue circulating within it. After the upgrade, this is no longer possible. Regardless of whether forgery occurred, anyone running a node can verify that the circulating ZEC does not exceed the correct amount.

Users do not need to wait for funds to migrate out of Orchard or infer the behavior of attackers or other users. The protocol itself provides a verifiable guarantee: excess ZEC cannot continue circulating within Orchard and inflating the supply.

This is important because Zcash's long-term credibility depends on users' ability to verify the soundness of its supply themselves. Ironwood restores users' ability to independently verify that the protocol's supply limits are being enforced.

How Do We Know There Are No Other Forgery Vulnerabilities?

We cannot be completely certain yet, but we have reasons to believe there are none. Shielded Labs and several other teams have been carefully reviewing the Zcash protocol for other forgery vulnerabilities.

This includes using a not-yet-released Mythos AI model, with help from Anthropic, to search for additional vulnerabilities shortly before Mythos was paused. We plan to share more details about this review and its findings in a follow-up blog post.

So far, no other forgery vulnerabilities have been found. The high level of expertise, effort, and advanced AI-assisted analysis involved in this search gives us greater confidence that no similar vulnerabilities remain undiscovered.

Furthermore, we are working with projects like the Tachyon Project to provide additional assurances that no more forgery vulnerabilities exist in Zcash. We will elaborate on this further in future blog posts as well.

Conclusion

The Orchard vulnerability presents four important questions: Was the vulnerability exploited? Can legitimate Orchard funds be recovered? Can users verify the Zcash supply hasn't been inflated? And are there other undiscovered forgery vulnerabilities?

We believe it's unlikely to have been exploited, so legitimate Orchard funds are recoverable, and the current Zcash supply is safe. Based on ongoing reviews by multiple independent researchers and teams, we are also growing more confident that no other undiscovered forgery vulnerabilities exist.

However, users currently cannot verify the security of the Zcash supply, and they should not have to rely on our assessment—or anyone else's.

The proposed network upgrade solves this problem. By sealing the Orchard pool, it restores users' ability to independently verify the security of the Zcash supply. Users no longer need to judge whether forgery occurred to verify that the protocol's supply limits are being honored.

İlgili Okumalar

Kraken Adds Solana On-Chain Token Trading Directly Inside Its App

Kraken has integrated on-chain Solana token trading directly into its main app, eliminating the need for users to use a separate wallet or manage seed phrases. Eligible customers in the U.S. and over 100 countries can now trade approximately 2,500 verified Solana-based tokens within the familiar Kraken interface. This move aims to simplify decentralized trading by using embedded wallet technology from Privy and Solana DEX protocols to handle transactions in the background, while displaying on-chain holdings alongside centralized exchange balances. The exchange chose Solana due to its fast-moving token markets and retail trader familiarity, offering access to assets that often appear on-chain before centralized listings. However, Kraken clarifies that these on-chain tokens have not undergone the same review process as centralized listings, meaning market risks remain. This integration reflects a broader trend of major exchanges incorporating DeFi features to retain users who seek early access to new tokens. While not replacing advanced DeFi wallets, Kraken's solution seeks to make on-chain trading more accessible to a mainstream retail audience.

bitcoinist44 dk önce

Kraken Adds Solana On-Chain Token Trading Directly Inside Its App

bitcoinist44 dk önce

Litecoin ETF’s Slow Start Shows Altcoin Funds Still Face A Demand Test

The Canary Capital spot Litecoin ETF (LTCC) has had a slow start, with reported inflows of around $9.3 million since launch and assets under management at a lower level. This highlights the significant gap in institutional demand compared to Bitcoin and Ethereum ETFs. While Litecoin has an established history, its more modest narrative around payments and longevity hasn't yet made it a must-own institutional product. The case demonstrates that regulatory approval alone does not guarantee strong investor allocation. For the broader altcoin ETF thesis, future products may see different demand, but Bitcoin and Ethereum are likely to remain the primary institutional channels for the foreseeable future.

bitcoinist1 saat önce

Litecoin ETF’s Slow Start Shows Altcoin Funds Still Face A Demand Test

bitcoinist1 saat önce

The Entire Internet Hails Noam's Joining, But OpenAI's Loss Bill Just Got Thicker

While the AI community celebrates Noam Shazeer, co-author of the "Attention Is All You Need" paper, joining OpenAI as Head of Architectural Research, the company's audited financials reveal a starkly different reality. In 2025, OpenAI reported $13.07 billion in revenue but a massive $20.92 billion operating loss. Even excluding a one-time accounting charge, the cash burn is severe, with $3.7 billion consumed in Q1 2026 alone. This high-profile hiring occurs against a backdrop of significant internal research talent drain, with key founders and researchers departing as the company's focus shifts from exploratory research to product iteration. Meanwhile, OpenAI's fundamental business model faces a deep crisis. It paid Microsoft $10.59 billion for compute in 2025, while its vast user base of 9 billion weekly actives includes only 50 million paying customers, making growth a direct driver of escalating costs. The article argues Shazeer's recruitment is less about technical necessity and more about crafting a compelling narrative for OpenAI's upcoming IPO, aiming to justify a rumored $1 trillion valuation to future public market investors. It contrasts OpenAI's strategy with Anthropic's reported path to profitability, which relies on a strong enterprise customer base and cost control, rather than star-powered narratives. Ultimately, the piece concludes that while Shazeer's architectural work may take 1-2 years to materialize, OpenAI's financial clock is ticking much faster, with its massive losses undercutting the celebratory headlines.

marsbit1 saat önce

The Entire Internet Hails Noam's Joining, But OpenAI's Loss Bill Just Got Thicker

marsbit1 saat önce

To 'Own' or 'Rent' Intelligence? The New Question for AI Startups

The shutdown of Mythos has prompted a fundamental question for AI startups: is your intelligence "rented" or "owned"? While using frontier model APIs allows for rapid prototyping, it cedes control over your core capabilities to external providers, whose decisions on pricing, rules, or even shutdowns can jeopardize your business. The critical issue isn't just cost, but control and ownership. The lesson isn't to abandon frontier models, but to build upon them. "Owning" intelligence means starting with a powerful open-source model and systematically shaping it with your unique assets: your proprietary data, workflows, domain expertise, edge cases, and evaluation standards. Over time, this creates a company-specific asset that reflects your real work. The future of AI isn't a single, dominant model. There will be multiple "frontiers": general-purpose frontier models, company-specific models fine-tuned on proprietary knowledge, specialized vertical models, and routing systems that orchestrate multiple models. The winning companies will be those that transform intelligence into their own unique, controlled asset, ensuring no one can pull the floor from under their product.

marsbit2 saat önce

To 'Own' or 'Rent' Intelligence? The New Question for AI Startups

marsbit2 saat önce

Market Trend (June 19): US-Iran Deal Drives Out Geopolitical Premium; Chip Stocks Soar to New Highs; Energy Sector Leads Declines

U.S. Market Trends (June 19): U.S.-Iran Deal Eases Tensions, Chip Stocks Soar, Energy Sector Leads Declines. U.S. stocks rallied on Thursday as the signing of a temporary U.S.-Iran deal in Geneva de-escalated Middle East tensions, with Saudi oil tankers transiting the Strait of Hormuz. This geopolitical relief helped markets recover from recent Fed-driven volatility. The S&P 500 rose over 1%, the Nasdaq gained nearly 2%, and the Dow Jones Industrial Average closed at another record high. The Philadelphia Semiconductor Index surged over 6% to a historic peak. Chip stocks were the standout performers. Reports of an Apple-Intel design and foundry deal for certain products, alongside mentions of potential Nvidia and SpaceX collaborations with Intel, propelled the sector. Intel surged ~10.5%, while memory chip makers like Micron also saw significant gains, highlighting sustained confidence in long-term AI capital expenditure. In contrast, the energy sector was the day's sole loser, with the S&P 500 energy sub-index declining as WTI crude fell ~2% to around $74.29/barrel. The reopening of key shipping routes erased prior geopolitical risk premiums. SpaceX extended losses for a second day on news of a potential large bond offering. Market volatility (VIX) dropped sharply, indicating a swift reversal of post-Fed jitters. Treasury yields dipped slightly but remained elevated. The focus now shifts to upcoming economic data, including next week's PCE inflation report and Micron's earnings, which will serve as a key test for the AI trade's durability.

marsbit2 saat önce

Market Trend (June 19): US-Iran Deal Drives Out Geopolitical Premium; Chip Stocks Soar to New Highs; Energy Sector Leads Declines

marsbit2 saat önce

İşlemler

Spot

Futures