ZEC price drops over 31% following critical infinite minting vulnerability in Orchard pool

Martian Finance reports that on June 5, Zcash founder Zooko Wilcox disclosed a critical forgery vulnerability in the Zcash Orchard pool, which could be exploited to generate an unlimited number of undetectable forged ZEC within the Orchard pool. The vulnerability was discovered on May 29 by security researcher Taylor Hornby during a targeted audit using the Anthropic Opus 4.8 model and was reported to the Zcash Open Development Lab (ZODL). ZODL subsequently coordinated an emergency response across the Zcash ecosystem, with the fix completed on June 2. Taylor Hornby developed a complete exploit program in a local regtest environment using Opus 4.8, capable of generating unlimited, undetectable forged ZEC during testing. If deployed on the Zcash mainnet, this tool could have generated unlimited, undetectable forged ZEC in mainnet Zcash wallets. The vulnerability stemmed from an insufficiently constrained element in the Orchard circuit, allowing attackers to input arbitrary false values into elliptic curve multiplication while still passing the multiplication verification check. This flaw had existed since the Orchard protocol was activated in May 2022 until its emergency patch was deployed on June 1, 2026. Due to Orchard’s privacy properties and the nature of the vulnerability, it is currently impossible to determine through cryptographic means alone whether the flaw was exploited prior to the fix. However, Shielded Labs believes the likelihood of prior exploitation was low and is exploring a network upgrade to deploy a new privacy pool and implement turnstile accounting for all tokens in the Orchard pool, enabling anyone to verify the integrity of Zcash’s supply and prove the absence of forged ZEC within the Orchard pool. Affected by the Orchard pool vulnerability, ZEC dropped over 31% in 24 hours according to market data, trading at $410.50.