Zcash Orchard Counterfeiting Vulnerability
Summary
On June 5, 2026, Shielded Labs publicly disclosed a critical soundness bug in the Zcash Orchard shielded pool's zero-knowledge proof circuit that had existed undetected since Orchard's activation in May 2022. The flaw — an under-constrained element in the halo2_gadgets elliptic-curve multiplication gadget — could have allowed an attacker to mint unlimited counterfeit ZEC inside the shielded pool with no on-chain trace. An emergency hard fork (NU6.2) was deployed on June 3, 2026, patching the circuit before public disclosure, though Zcash's privacy architecture structurally prevents retrospective confirmation that no exploitation occurred during the four-year exposure window.
Connected Entities
1 entities · 10 linked investigations- + 2 more
Timeline(12 events)
2018-03-01
Zcash cryptographer Ariel Gabizon discovers CVE-2019-7167 counterfeiting flaw in the Sprout shielded pool's BCTV14 zk-SNARK construction.
Electric Coin Company2018-10-28
Sapling network upgrade activates, silently patching the Sprout counterfeiting vulnerability by replacing the proving system.
Electric Coin Company2019-02-05
Electric Coin Company publicly discloses the 2018 Sprout counterfeiting vulnerability (CVE-2019-7167) months after the silent fix.
Zcash Foundation2022-05-01
Zcash activates the Orchard shielded pool, introducing the halo2_gadgets-based zero-knowledge proof circuit containing the as-yet-undiscovered soundness vulnerability.
Zcash Community Forum2026-04-01
Shielded Labs contracts Taylor Hornby to conduct proactive protocol vulnerability research on Orchard.
CoinDesk2026-05-28
Anthropic releases Claude Opus 4.8. Taylor Hornby begins deploying the model in a custom AI-assisted security auditing framework.
Zcash Community Forum2026-05-29
Taylor Hornby discovers the Orchard counterfeiting vulnerability and privately discloses it to ZODL at 11:53 PM. Hornby confirms severity via a working exploit on local regtest generating unlimited counterfeit ZEC.
CoinDesk / Zcash Community Forum2026-05-31
ZODL engineers confirm the vulnerability and begin coordinating privately with miners and exchanges.
crypto.news2026-06-02
Zebra 4.5.3 activates emergency soft fork at block height 3,363,426 (~02:00 UTC), temporarily rejecting all Orchard-containing transactions.
Zcash Foundation2026-06-03
NU6.2 hard fork activates at block height 3,364,600 (00:05 EDT) via Zebra 5.0.0, re-enabling Orchard with a corrected zero-knowledge proof circuit and new pinned verifying key.
Zcash Foundation2026-06-05
Shielded Labs publicly discloses the Orchard counterfeiting vulnerability. ZEC falls 37.8–38% intraday from approximately $635 to lows of $309–$442, losing over $3 billion in market cap. Arthur Hayes publicly discloses liquidating his entire ZEC position.
CoinDesk / Decrypt / CryptoBriefingDecision Log
- hash: 6DqMSA2cVq575scYLix5Mf7qTyFhTAYH3t2qdLDKJ2AV
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 6/14/2026, 2:29:23 PM
last updated: 6/14/2026, 2:29:33 PM
avoid.net — verified advice for a post-truth world