CoinDesk
Zcash (ZEC) crashed roughly 30% to $400 in the past 24 hours after Shielded Labs, a nonprofit Zcash developer, disclosed a critical vulnerability in the blockchain's Orchard privacy pool that could have allowed an attacker to mint unlimited counterfeit ZEC tokens — completely undetected. The bug had been present since Orchard's activation in May 2022, sitting dormant for four years before being caught.
Why it matters
The vulnerability was discovered on May 29 by security engineer Taylor Hornby, who was specifically engaged by Shielded Labs in April 2026 to hunt for protocol-level flaws. Working with Anthropic's Opus 4.8 AI model, Hornby conducted a targeted review of the Orchard circuit — the cryptographic backbone of Zcash's most advanced privacy pool — and wrote a complete working exploit that, when tested locally, generated unlimited undetectable counterfeit ZEC. An emergency patch was coordinated through the Zcash Open Development Lab (ZODL) and deployed by June 1.
The deeper problem for markets is what Shielded Labs openly admitted: due to Orchard's privacy properties, there is no cryptographic way to determine whether the bug was exploited before the fix. The firm believes exploitation likely did not occur — the flaw evaded years of expert scrutiny and was only surfaced through cutting-edge AI tooling — but it cannot offer certainty.
Market impact
That uncertainty is what the 30% drawdown is pricing in. Supply integrity is the foundational promise of any fixed-supply asset; a four-year window of unverifiable exposure cracks that promise regardless of whether exploitation actually happened.
TheBlock
WuBlockchain
CoinTelegraph
Crypto News