Zcash Orchard Bug Crashes ZEC 50%, XMR Next
A critical counterfeiting flaw in Zcash’s Orchard shielded pool sent ZEC down nearly 50% from its recent high after public disclosure on June 5, 2026. Security engineer Taylor Hornby, commissioned by nonprofit developer Shielded Labs, found the bug on May 29 using Anthropic’s Claude Opus 4.8 — released just one day earlier. The flaw had gone undetected since Orchard launched in May 2022, a four-year window during which unlimited, undetectable counterfeit ZEC could theoretically have been minted.
The bug was an under-constrained elliptic curve check in the Orchard zero-knowledge circuit. Engineers pushed an emergency soft fork that disabled Orchard at block 3,363,426 on June 2, followed by the NU6.2 hard fork via Zebra 5.0.0, which re-enabled a patched Orchard at block 3,364,600 on June 3. The patch closed the hole. What it could not close was the epistemic gap: Zcash co-founder Zooko Wilcox confirmed that, because of Orchard’s privacy architecture, users currently cannot independently verify whether the vulnerability was exploited before the fix. Shielded Labs believes exploitation is unlikely. Wilcox was direct about the limits of that position — users should not have to trust the team’s word on supply integrity.
Ironwood, Turnstiles, and the Supply Question
Wilcox, alongside Hornby and Jason McGee, published a proposal for the Ironwood network upgrade. It would create a new shielded pool using the corrected circuit, reject all outputs into the old Orchard pool, and use Zcash’s existing turnstile accounting to block any excess ZEC from crossing over. If a counterfeiter tries to move inflated coins, the protocol destroys them and leaves on-chain proof. If nothing anomalous appears during migration, that silence becomes the evidence of a clean pool. No deployment timeline has been announced. The transition from zcashd to the Zebra client may affect timing further.
Despite the severity, the market’s structural response was quieter than the price action suggested. Dragonfly partner Haseeb Qureshi noted that over the 48 hours after disclosure, the shielded pool’s share of total ZEC supply dropped only one percentage point, from 31% to 30%. Almost all ZEC liquidity sits in transparent pools on exchanges, meaning counterfeit shielded coins would face serious friction reaching a sell order. Qureshi disclosed that Dragonfly holds ZEC and that he personally invests in ZODL, a Zcash community token. Context that matters when weighing his bullish read. Tyler and Cameron Winklevoss also endorsed formal verification as the long-term fix, with Cameron arguing that formally verified cryptography makes “print money” bugs structurally impossible.
Bitcoin BTC$62,212.00▼0.27%
Ethereum ETH$1,657.90▼0.91%
Tether USDT$0.9992▼0.03%
BNB BNB$593.88▼0.31%
USDC USDC$1.0000▲0.04%
XRP XRP$1.13▼2.49%
Solana SOL$65.19▼1.20%
TRON TRX$0.3229▲0.11%
Figure Heloc FIGR_HELOC$1.03▲0.49%
Dogecoin DOGE$0.0848▼1.06%Monero in the Crosshairs
Hornby confirmed on X that Monero is next in his audit queue. “Absolutely! I’ll add Monero to my queue of things to audit,” he told BeInCrypto. XMR dropped 10% on the announcement alone, trading at $298.76 at time of writing. ZEC, meanwhile, had partially recovered to $373.27 after bottoming below $265. The market is not waiting for a finding. It is pricing the possibility of one, which is a different and more volatile animal. Monero’s ring signatures and stealth addressing differ fundamentally from Zcash’s shielded pool model, so a direct analog to the Orchard flaw is not guaranteed. But after what AI-assisted review just surfaced in a four-year-old codebase, “not guaranteed” is doing a lot of work. The audit that finds nothing will be almost as consequential as the one that does — and regulatory pressure on privacy coins ensures any new finding lands in a hostile policy environment regardless of technical severity. Privacy coins built their narratives on opacity. Right now, that opacity is the problem.
