Author: Zhou, ChainCatcher
On June 5, the leading privacy coin ZEC experienced a single-day peak decline of over 56%, erasing nearly two months of gains and temporarily losing approximately $5 billion in market capitalization.
Datashows,the total 24-hour liquidation volume for ZEC contracts across the network reached approximately $100 million, with long positions accounting for over $760 million in liquidations, ranking second only to BTC and ETH.
Image source: RootData
The crash was triggered by a zero-knowledge proof vulnerability that had lain dormant for four years in Zcash's latest privacy transaction pool, theoretically allowing attackers to infinitely forge ZEC while remaining undetected under privacy protections.
The good news is that the vulnerability was permanently patched via a hard fork on June 3. The bad news is that, due to the privacy features of the Orchard pool, no one can use cryptography to prove that the vulnerability was never exploited over the past four years, leading to doubts in the market about the integrity of ZEC’s supply over the last four years.
BitMEX co-founder Arthur Hayes announced the liquidation of his entire ZEC position, with on-chain whale short positions realizing substantial profits, significantly undermining market confidence.
How do vulnerabilities arise, and how are they discovered?
The Orchard pool is the third-generation privacy layer launched by Zcash in May 2022. Due to insufficient constraint conditions for one element in the circuit, an attacker could inject false inputs into elliptic curve multiplication operations while still passing circuit verification, enabling the infinite creation of forged ZEC within the pool. Because of Orchard’s inherent privacy design, this forgery leaves no on-chain traces detectable by external observers.
According to reports, independent security researcher Taylor Hornby discovered the vulnerability on May 29. In April, the independent security organization Shielded Labs commissioned him to conduct a specialized security audit of the Zcash protocol, aiming to identify potential vulnerabilities before attackers could exploit them.
On May 28, Anthropic released the Claude Opus 4.8 model. The following day, Hornby integrated it into a customized AI audit framework to conduct targeted analysis of the Orchard circuit, identifying the vulnerability on the same day and developing a complete exploit program in a local test environment to verify the technical feasibility of infinite minting. That evening, he responsibly disclosed the finding to the Zcash Open Development Laboratory (ZODL).
Within hours of being notified, ZODL engineers confirmed the vulnerability and immediately initiated emergency protocols. On the morning of June 2, Zcash deployed an emergency soft fork via Zebra 4.5.3, temporarily disabling all Orchard transactions. At 12:05 PM Beijing time on June 3, the mainnet completed the NU6.2 hard fork at block height 3,364,600, officially activating the patched circuit and permanently closing the vulnerability.
From discovery to the completion of the hard fork, approximately five days passed.Zcash Foundation officially stated,this is the second time since Zcash’s launch in 2016 that a protocol upgrade has been triggered due to a security issue; no known exploits occurred, the network’s total supply safeguard confirmed the integrity of the total supply, and user privacy, as well as Sapling and transparent transactions, remained unaffected.
Image source: Claude
After the fix, concerns remain
Due to Orchard's privacy design, if an attacker never transfers forged tokens to the transparent pool, no existing mechanism can detect anomalies on-chain. That is, the conclusion of "total integrity" is based on observable data rather than a cryptographic proof. This vulnerability has existed since May 2022, and it cannot be ruled out that it was exploited at any point over the past four years.
Shielded Labs believes the likelihood of exploitation is low, citing three reasons: the vulnerability remained undiscovered for four years, indicating an extremely high barrier to entry; this was the result of a targeted, proactive audit rather than passive exposure; and the window for patching was extremely short, leaving attackers with very limited time to exploit it. However, this very statement implies that the issue cannot be entirely disproven.
To address this gap, Shielded Labs is collaborating with multiple developers to explore new network upgrade proposals, including the deployment of new privacy pools and mandatory turnstile accounting reviews for all tokens migrated out of Orchard, enabling anyone to publicly verify supply integrity. The specific proposal is expected to be announced next week and will still require community governance approval.
Crypto investor Simon Dedic noted that this incident reveals two simultaneous shifts in perception: privacy is not always an advantage—it can also represent a risk in protocol design; and the involvement of AI tools means that vulnerabilities of similar scale can now be discovered with lower barriers, increasing the pressure for security audits across the entire crypto industry.
On-chain analyst Haotian has identified the core issue of this event as "unclear explanations.",Even though Shielded Labs has introduced a new round-trip audit solution, it can only prove that the current supply is less than the total amount entered into the pool, still failing to account for potential historical implicit losses.Healso pointed out that there is an inherent contradiction between verifiable supply and privacy black boxes—a structural dilemma ZEC cannot easily overcome.
Market panic is concentratedly released
Although the technical crisis has passed, the market has not fully absorbed the true nature of the vulnerability.
This morning, Zcash founder Zooko Wilcox, Shielded Labs, and Taylor Hornby jointly published a detailed article fully disclosing the exploitability of the vulnerability, the technical feasibility of infinitely forging ZEC, and the "inability to cryptographically prove that history was not exploited" due to Orchard's privacy features, which truly ignited market panic.
On the same day, Arthur Hayes announced he had liquidated his entire ZEC position, noting that the probability of malicious minting is extremely low but cannot be formally ruled out at the cryptographic level. The value proposition of privacy requires "perfect security," not just "probabilistic security." Hayes also indicated that if subsequent assumptions are proven false, he would not rule out repurchasing at lower prices.
Hayes was previously one of the most prominent public advocates for ZEC, even listing it as his second-largest personal holding,and he once stated that ZEC should reach 10% of BTC's price, noting that the current rally "has significant upside potential." Now,however,he has publicly announced his exit, a move that clearly impacts market sentiment.
Two factors combined caused ZEC’s price to plummet rapidly. According to on-chain analysts, when ZEC dropped below $400, Garrett Jin’s 3x leveraged ZEC short position, opened at $626.47, had accumulated a paper profit of tens of millions of dollars.
However, some argue that this price plunge was not entirely driven by the vulnerability. Crypto KOL DaShiBro pointed out that ZEC’s prior rally was already accompanied by signs of large capital inflows; the vulnerability news may have merely provided an opportunity to exit, with the massive influx of spot sell orders that day being the more direct price driver. He remarked that a “strong consensus blue-chip” with a $12 billion market cap losing $6 billion in a single day shows how difficult it is to build consensus in crypto, yet how easy it is to break it—and how much longer the recovery will take.则更漫长。