A prediction market launched on Polymarket on June 5 is asking whether the recently disclosed vulnerability in Zcash's Orchard pool was actually exploited on mainnet. The market shows a 10% chance of confirmation, with $14,306 in volume as of press time. The question follows a June 4 disclosure about the Orchard pool, a privacy feature of Zcash, and has drawn attention from crypto legal and analytics figures.
The Polymarket bet
The market specifies that confirmation must come from Shielded Labs, the Zcash Foundation, or the Zcash Open Development Lab (ZODL), or from overwhelming consensus of credible reporting. New or separate exploits that occur after the fix are excluded. With ZEC trading at $425, the market gives a low probability that the vulnerability was exploited before it was patched.
What the on-chain data shows
On-chain analytics account CipherScan reported that 380,000 ZEC was deshielded — moved out of shielded addresses — after the disclosure. But only half of that actually moved; 45% remained parked at transparent addresses, and only 21% (82,000 ZEC) actually left the Zcash network entirely. That represents 1.6% of the shielded pool and 0.5% of total supply. Of that, 47,000 ZEC went to exchanges, described by CipherScan as 'the total sell pressure from Orchard holders,' equal to 0.28% of supply against a reported $6.7 billion market capitalization.
Interestingly, roughly 118,000 ZEC was shielded during the same period — meaning some users moved into shielded balances despite the vulnerability concern. That suggests not everyone panicked.
Why the Orchard pool is like a prediction market
Grayscale Chief Legal Officer Craig Salm suggested that the Orchard pool itself acts as a better 'prediction market' than Polymarket's because its users have a direct financial incentive to assess exploit risk. He noted that Orchard pool balances declined by only about 5% since the vulnerability was disclosed. 'It's not proof,' Salm said, 'but it's an interesting signal from economically motivated users.'
The idea: if holders truly believed the pool was compromised, they'd pull their funds faster. Instead, the modest outflow — along with the 118,000 ZEC that went back in — hints at a split verdict among actual users.
What's at stake
For Polymarket bettors, the question comes down to whether any of the three designated entities will explicitly say the exploit happened on mainnet. Crypto observer CipherScan's data doesn't prove it either way. Meanwhile, the market implies the crowd sees only a 1-in-10 chance of a confirmed exploit. As of now, no official confirmation has come from Shielded Labs, the Zcash Foundation, or ZODL — leaving the bet unresolved.
