Author: Ma He, Foresight News
On June 5th, Zcash founder Zooko Wilcox, along with Jason McGee and Taylor Hornby, published a detailed article disclosing a critical soundness vulnerability in the project's latest privacy layer, the Orchard pool, which could be exploited to create an unlimited amount of counterfeit ZEC in a covert environment.
Although the Zcash ecosystem had already urgently completed a network upgrade to fix the issue, after the detailed impact was disclosed, ZEC's price experienced severe volatility, with a single-day drop exceeding 30% at one point, touching lows around $411.
Zcash has been the absolute star in the privacy coin track over the past six months, surging from around $200 in March this year to a peak of $688. Figures including AllianceDAO co-founder Wang Qiao, Bankless founder David Hoffman, and the "shilling king" Arthur Hayes have all expressed high optimism about its performance.
However, after the vulnerability was discovered, Arthur Hayes tweeted that he had sold his entire ZEC holdings. He stated that after reading the vulnerability details and observing ZEC's 30% pullback, he decided to completely close his position for profit. He mentioned he would continuously re-evaluate and, if subsequent evidence proved his assumptions wrong, would consider buying back at lower prices.
So, what exactly happened with Zcash?
In simple terms, Orchard is a privacy vault within Zcash that is "completely opaque" to the outside; after people deposit funds, neither the outside world nor the blockchain itself knows how much money is inside or who owns it. The vulnerability this time lies in the vault's "verification lock"—this lock was supposed to be extremely rigorous, allowing only legitimate transactions to pass verification. However, due to a loosely written mathematical constraint (akin to a loose gear in the lock), an attacker could forge a key that appears completely legitimate, trick the system, and create new ZEC out of thin air within the vault.
This incident directly challenges the narrative of the privacy coin track that "technological trust is core value."
As the earliest public chain to scale the application of zk-SNARKs for private transactions, Zcash's Orchard pool, activated with the NU5 upgrade in May 2022, has been regarded as a more efficient evolution of the Sapling pool, hosting a large amount of private funds. Now, vulnerabilities discovered by security researchers using the latest AI models are forcing the entire industry to re-examine the gap between privacy technology theory and practice.
Vulnerability Discovery Originated from AI-Assisted Audit
The discovery process of the vulnerability was dramatic.
In April 2026, Shielded Labs hired senior security engineer Taylor Hornby to conduct ongoing security research targeting the Zcash protocol, aiming to discover issues before malicious actors.
On May 28th, Anthropic released the Opus 4.8 model. The next day, Taylor used this model combined with traditional methods to conduct a highly targeted review of the Orchard circuit, discovering the issue: an insufficient constraint in elliptic curve multiplication within the halo2_gadgets crate, allowing attackers to input arbitrary false values into the multiplication operation while verification would still pass. This meant it was possible to construct seemingly fully valid Orchard actions—that is, generate counterfeit ZEC within the Orchard pool, and due to privacy features, on-chain differentiation between real and fake was impossible.
Taylor immediately disclosed the issue to ZODL core engineers, who confirmed the severity of the vulnerability within hours and initiated an emergency response.
The foundation's initial security announcement tried to downplay the severity, describing it as a "double-spend risk," and assured that the "rotation mechanism protected the total supply from inflation," attempting to use "total supply security" to stabilize market sentiment and conceal the harsh reality that the Orchard pool might have already been flooded with counterfeit coins, diluting honest users' assets.
By June 4th, founder Zooko's statement supplemented the fatal details. He candidly admitted that "cryptographically, it is impossible to prove whether the vulnerability had been exploited before the fix," and publicly disclosed the "possibility of infinite ZEC forgery." It was this frank admission by the founder that directly punctured the "safety illusion" maintained by the foundation earlier, triggering the market's panic sell-off.
Zooko
Because if an attacker had, over the past few years, already used the vulnerability to mint 1 million fake ZEC inside the Orchard pool and cashed out by withdrawing to the transparent pool via the rotation mechanism before the fix, the total supply indeed didn't inflate, but the real assets of users within the Orchard pool had already been evaporated and harvested in a targeted manner. Once the rotation limits are announced next week, the Orchard pool will face the largest "bank run" in the history of privacy blockchains, with the assets of users who retreat later being permanently locked.
In the AI Era, "Unfound Vulnerability Equals Security" No Longer Holds True
Orchard, since its activation in 2022, underwent years of security audits by top cryptographers yet still contained bugs, only discovered through targeted research combined with the latest AI tools. This serves as a warning for many privacy solutions (including other ZK privacy projects): theoretically "perfect" mathematical constructs may still have omissions in engineering implementation.
Taylor Hornby's use of Anthropic Opus 4.8 to pinpoint the Orchard flaw in an extremely short time proves that AI can be a powerful aid for white-hat researchers, but also implies that attackers can similarly use similar tools to mine high-value targets faster.
If project teams fail to establish continuous, proactive security review mechanisms, the window from vulnerability discovery to malicious exploitation will shrink dramatically. While Zcash gained the upper hand this time by proactively investing in security research,
for the entire crypto industry, this is more like a collective warning: in the AI-driven security offense and defense race, any reliance on the侥幸心理 of "safe because undiscovered for years" is no longer valid. Only by internalizing AI auditing, formal verification, and rapid response capabilities as standard practices can privacy protocols truly withstand the pressure tests of the new era.
