A critical vulnerability in Zcash's Orchard shielded pool could have let an attacker mint unlimited counterfeit ZEC without detection. Security researcher Taylor Hornby discovered the flaw on May 29 using Anthropic's Opus 4.8 model, and an emergency fix was deployed on June 1. The bug — an under-constrained element in the Orchard circuit — existed since the pool's activation in May 2022.
How the bug was found
Hornby, a well-known privacy and cryptography researcher, found the issue using AI-assisted methods. He wrote a complete exploit and tested it in a local regtest environment, generating counterfeit ZEC that the shielded pool couldn't flag. The ecosystem responded fast: the fix was deployed June 1 and remediation was completed by June 2.
What the flaw actually was
The problem wasn't in Zcash's underlying cryptography or its proof engine. It was in the handwritten rules of the Orchard circuit — specifically an under-constrained element that allowed false inputs into an elliptic curve multiplication while still passing the check. That's the kind of bug that's hard to spot manually but a model like Opus 4.8 can help surface.
Can we know if it was exploited?
Orchard's privacy properties make it impossible to cryptographically prove whether anyone abused the flaw before the patch was applied. The researchers think prior exploitation is unlikely: the bug was difficult to find, and the window between discovery and fix was tight. But they can't prove it didn't happen. That ambiguity is uncomfortable for a project built on the promise of sound money and auditability.
A proposed fix for supply integrity
Shielded Labs is now exploring a network upgrade with other Zcash developers. The goal: deploy a mechanism that can prove the total supply of ZEC remains valid even after a vulnerability like this. No timeline has been set, but it's the next concrete step. For now, users can at least know that the Orchard hole is closed.
