CryptoSlate
A soundness bug inside Zcash's Orchard zero-knowledge proof circuit — found by Shielded Labs researcher Taylor Hornby using Anthropic's Opus 4.8 alongside a custom AI harness — could have allowed unlimited counterfeit ZEC to be minted inside the shielded pool without detection. Hornby discovered the flaw on May 29; ZODL engineers confirmed it within hours. Zcash executed an emergency soft fork at block 3,363,426 on June 2, then the NU6.2 hard fork at block 3,364,600 on June 3, restoring full Orchard functionality in under five days. ZEC fell from an intraday high of $611 to around $421 after disclosure.
Why it matters
The incident sits at the intersection of two accelerating trends: AI-assisted exploit generation reaching the proof and money layer, and the structural impossibility of auditing a privacy coin's shielded history after a soundness bug. Zcash's official position is that the 21 million ZEC supply cap remains intact, protected by the turnstile mechanism that tracks aggregate value flows between pools. Shielded Labs holds a harder line — Orchard's privacy properties make it cryptographically impossible to prove the supply was never tampered with during the exposure window. A proposed follow-on upgrade would route existing Orchard coins back through turnstile accounting, converting a probabilistic assurance into a cryptographic one. Until that upgrade ships, the gap between "no detected exploitation" and "provably clean supply" remains open.
Market impact
ZEC's sharp intraday drop reflects the market pricing a residual confidence discount that a patch alone cannot close — the assurance a privacy coin must provide is precisely the hardest one for a privacy system to give.
CoinDesk
Lookonchain
TheBlock
Crypto News
WuBlockchain
Glassnode