Zcash, the cryptocurrency built around privacy, has a critical bug that lets someone counterfeit coins without the network detecting it. The vulnerability targets the shielded-transaction system, which is supposed to hide sender, receiver, and amount.
What the bug does
Counterfeiting in a cryptocurrency means creating new coins that appear legitimate but have no backing. In Zcash's case, the bug makes that process undetectable. Normally the network's consensus rules prevent double-spending and fake coins. This flaw bypasses those checks entirely.
Why it's a problem for privacy coins
Zcash's value rests on its privacy guarantees. Shielded transactions rely on zero-knowledge proofs to verify correctness without revealing details. If an attacker can mint fake coins, the entire supply becomes suspect. Trust in the system depends on nobody being able to create coins out of thin air. This bug breaks that.
What we know and don't know
The project's developers have acknowledged the bug but have not released a detailed technical description. It's not clear how long the flaw existed or whether it was ever exploited. A patch is presumably being developed, but no timeline has been shared.
The episode raises a question the community will need answered quickly: was the bug ever used, and if so, how many fake coins entered circulation?
