The discovery of the vulnerability was dramatic. In April 2026, Shielded Labs hired senior security engineer Taylor Hornby to conduct ongoing security research on the Zcash protocol, aiming to identify issues before malicious actors could exploit them. On May 28, Anthropic released the Opus 4.8 model. The following day, Taylor combined this model with traditional methods to perform a highly targeted review of the Orchard circuit, uncovering a critical flaw: insufficient constraints in the halo2_gadgets crate allowed attackers to inject arbitrary falsified values into elliptic curve multiplication operations while still passing verification. This meant it was possible to construct seemingly fully valid Orchard transactions—generating counterfeit ZEC within the Orchard pool—undetectable on-chain due to the protocol’s privacy features. Taylor immediately disclosed the issue to ZODL’s core engineers, who confirmed the severity of the vulnerability within hours and initiated an emergency response. The foundation’s early security announcement downplayed the incident, vaguely characterizing it as a “double-spend risk” and assuring the public that the “revolving door mechanism” preserved total supply integrity, claiming there was “no inflation of total supply.” This attempt to calm market sentiment masked the harsh reality: the Orchard pool may have already been artificially inflated, effectively diluting the assets of honest users. It wasn’t until June 4 that founder @zooko and others revealed the致命 details. He admitted, “Cryptographically, it is impossible to prove whether the vulnerability had been exploited prior to the fix,” and publicly acknowledged the possibility of “unlimited counterfeit ZEC creation.” It was this candid admission by the founder that shattered the foundation’s earlier illusion of security, triggering a panic-driven market crash.