Zcash plunges 38% after critical counterfeiting vulnerability disclosure
A four-year-old flaw in Zcash's Orchard shielded pool could have allowed unlimited undetectable counterfeiting, and the privacy coin's design means no one can prove it wasn't exploited.
Share
Add us on Google by Editorial Team Jun. 6, 2026Zcash disclosed a critical vulnerability in its Orchard shielded pool on June 5, 2026, sending the privacy coin into freefall. ZEC dropped as much as 38%, hitting lows of $442.60 as traders rushed for the exits.
The flaw, discovered on May 29 by security researcher Taylor Hornby during a Shielded Labs audit, had been sitting undetected in Zcash’s code for roughly four years. It could have allowed an attacker to mint unlimited ZEC inside the Orchard pool without anyone noticing. In English: someone could have been running an invisible money printer since May 2022, and there’s no way to definitively prove they didn’t.
The vulnerability and the emergency patch
The Orchard shielded pool launched in May 2022 as part of Zcash’s ongoing effort to strengthen transaction privacy. It was supposed to be a more secure successor to earlier shielded pools. Instead, it carried a bug that undermined the very foundation of any monetary system: the guarantee that supply is finite and verifiable.
AdvertisementThe Zcash team moved quickly once Hornby flagged the issue. Emergency measures were completed between June 2 and June 3, involving a hard fork and temporarily disabling the Orchard functionality entirely. The patch was in place before the public disclosure on June 5.
That timeline matters. The team had roughly a week between discovery and public announcement, during which they scrambled to close the hole before anyone else could find and exploit it. Whether anyone had already exploited it during the preceding four years remains an open question, one that Zcash’s privacy architecture makes essentially unanswerable.
Market reaction and notable exits
The market’s response was swift and brutal. ZEC shed 38% of its value, with trading volumes declining by as much as 57% as liquidity dried up.
Among those selling: Arthur Hayes, the prominent trader and BitMEX co-founder, who liquidated his entire ZEC position in response to the news.
What this means for investors
For investors still holding ZEC, the immediate concern is whether the supply was actually inflated during the four-year window. If counterfeit coins were minted, every existing ZEC holder has been diluted without knowing it. The Zcash team has stated there’s no on-chain proof of exploitation, but the absence of evidence isn’t the same as evidence of absence, especially when the system is designed to make evidence invisible.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.
