Zcash's flagship privacy pool harbored a critical vulnerability for nearly four years — one that an AI-assisted audit found in a single day. On June 4, Shielded Labs disclosed that independent security engineer Taylor Hornby, working with Anthropic's newly released Opus 4.8 model, discovered a soundness bug in Zcash's Orchard shielded pool on May 29. The flaw, present since Orchard launched in May 2022, could have allowed an attacker to forge an unlimited number of undetectable counterfeit ZEC within the pool. ZEC fell 31% in the 24 hours following the public disclosure, trading at roughly $409.64 as of late Thursday — and the price continued to decline into Friday morning.
The market's alarm is not simply about what did happen. It is about what cannot be ruled out. By Shielded Labs' own admission, Zcash's privacy architecture makes it cryptographically impossible to determine whether the vulnerability was exploited during its four-year window. "What makes this particularly challenging is that, due to the privacy properties of Orchard and the nature of the bug, there is no definitive way to determine using only cryptography whether such exploitation occurred," the organization stated in its disclosure. Investor Arthur Hayes announced he had sold his entire ZEC position, writing that the privacy thesis for Zcash "demands perfection" and that unresolvable supply doubt was disqualifying.
The Zcash Foundation issued a clarifying note worth holding alongside Shielded Labs' account: the vulnerability enabled double-spending within the Orchard pool but could not have inflated Zcash's total supply. Zcash's "turnstile" mechanism — an accounting layer that tracks value across all pools — confirmed no unauthorized value creation occurred during the period the bug was live. That finding provides a partial floor under the supply-integrity question, though it does not eliminate the within-Orchard forging uncertainty that Shielded Labs' forthcoming supply verification proposal is designed to address.
What "Soundness" Means in Zero-Knowledge Proof Circuits
Zcash's Orchard pool is built on the Halo2 proving system, introduced with Network Upgrade 5 in May 2022. Halo2 is a zk-SNARK — a zero-knowledge proof construction — notable for having eliminated the "trusted setup" that earlier Zcash pools required. Sprout and Sapling, the predecessor pools, needed multi-party key-generation ceremonies in which participants destroyed their private contributions; if any participant had colluded, counterfeit ZEC could have been created. Halo2 removed that ceremony entirely, using recursive proof composition instead — a significant architectural milestone.
In any zk-SNARK, "soundness" is the property that prevents the proof system from accepting invalid state transitions. It means: if a transaction is not legitimate, the circuit should reject it. A soundness bug inverts that guarantee, creating a condition in which an invalid transaction can produce a proof that passes verification. The circuit responsible for Orchard transactions is implemented in the halo2_gadgets Rust crate — as the Zcash Foundation's technical disclosure confirms. The specific flaw was an under-constrained element in the circuit's elliptic-curve multiplication gadget — a constraint that was supposed to ensure an arithmetic check on transaction inputs but contained a gap that allowed arbitrary false values to pass.
Security researchers who specialize in zero-knowledge circuits have documented under-constrained circuits as among the most common failure classes in ZK audit findings. A Kudelski Security analysis of the Halo2 proof system noted that over 80% of findings in ZK audit reports trace to the circuit layer — the exact layer where this vulnerability resided.
Claude Opus 4.8 Targeted the Halo2 Circuit in One Day
Shielded Labs had engaged Hornby in April 2026 specifically to hunt for protocol-level vulnerabilities before malicious actors could find them. The stated goal was direct: identify flaws first. On May 28, Anthropic released Opus 4.8. The following day, Hornby used Opus 4.8 alongside a custom AI auditing framework to conduct a highly targeted review of the Orchard circuit. By the end of May 29, he had located the vulnerability, written a complete working exploit, and verified that it generated unlimited counterfeit ZEC in a local test environment. Shielded Labs confirmed that the same tool would have worked on Zcash's mainnet before the patch.
The disclosure represents a meaningful counterpoint to the argument — articulated last week by former OpenZeppelin CTO Manuel Aráoz — that AI gives attackers an asymmetric advantage because defenders must patch every bug while attackers need only one. Helius CEO Mert Mumtaz argued on X that the episode should be read as a signal of protocol health: a proactive AI-assisted audit found a serious flaw and coordinated a fix before any known exploitation. The relevant comparison is not "AI found a bug" versus "no AI, no bug" — it is "AI found it first" versus the alternative.
Four Years, Multiple Audits, Zero Detections
The most unsettling element of the disclosure is its timeline: the flaw survived from Orchard's activation in May 2022 through at least four rounds of review by some of the world's leading zero-knowledge cryptographers. Shielded Labs cited this as evidence that the vulnerability was both subtle and genuinely difficult to detect — conditions that simultaneously argue against the likelihood of prior exploitation (it takes extraordinary skill to find) and in favor of sustained concern (it was there, undetected, for four years).
This is not Zcash's first encounter with a counterfeiting-class vulnerability. In 2019, the team disclosed a flaw in the older Sprout shielded pool — present since 2018 — that also theoretically allowed unlimited counterfeiting and had gone undetected by expert review. That bug was also never known to have been exploited, and the market responded with relative calm at the time. The current episode differs in scale: the Orchard pool holds roughly 4 million ZEC, representing the bulk of the approximately 30% of circulating supply sitting in shielded pools.
Vitalik Buterin was among the named reviewers who provided feedback on the Shielded Labs disclosure before it was published, according to the forum post's acknowledgements. Bitcoin developer Peter Todd cited the incident to argue against integrating Zcash-style privacy into Bitcoin's consensus layer, writing that the cryptographic risk profile is too high for Bitcoin's base protocol. "Bitcoin has never had an inflation exploit that could destroy the value of the currency," Todd wrote. "The privacy of Zcash makes inflation exploits far more dangerous."
Why ZEC Supply Integrity Cannot Be Proven by Cryptography Alone
The hardest part of the Orchard vulnerability for markets to process is structural rather than situational. Zcash's privacy model — specifically, the fact that Orchard hides transaction amounts and balances using zero-knowledge proofs — is the same property that makes the pool valuable to privacy users and the same property that prevents external verification of whether forged transactions occurred. No on-chain evidence trail exists for within-Orchard forging because the proof system was designed to produce valid-looking proofs without revealing the underlying values.
Shielded Labs' proposed solution is a network upgrade that would deploy a new shielded pool and enforce "turnstile accounting" on all coins migrating from the Orchard pool. Under this scheme, every ZEC exiting Orchard would need to pass through a publicly auditable accounting mechanism, making it possible to verify that no counterfeiting occurred during the vulnerable period. A detailed proposal is expected in the coming week, though any such change requires community approval through Zcash's governance process.
Emergency Two-Phase Patch: Soft Fork, Then NU6.2 Hard Fork
After Hornby disclosed the vulnerability to ZODL engineers on the evening of May 29, private coordination began with miners, exchanges, and infrastructure operators. On June 1 at approximately 10:30 p.m. ET, an emergency soft fork activated via Zebra 4.5.3 at block 3,363,426, temporarily disabling all Orchard transactions. Two days later, at 12:05 a.m. ET on June 3, NU6.2 activated at block 3,364,600 — a corrected circuit that permanently closed the vulnerability. The entire sequence from discovery to resolution took five days and marks only the second security-driven protocol upgrade in Zcash's history since the network launched in 2016.
ZODL engineers Daira-Emma Hopwood, Kris Nuttycombe, and Jack Grigg led the technical response. The Zcash Foundation confirmed that user privacy was unaffected and that Sapling and transparent transactions operated normally throughout. All versions of halo2_gadgets prior to v0.5.0, all versions of orchard prior to v0.14.0, and several versions of zcashd and zebrad were affected; node operators were instructed to upgrade immediately to Zebra 5.0.0.
Turnstile Accounting: Proposed Supply Verification Path
The Orchard vulnerability underscores a fundamental tension in privacy-coin design: the more effective the privacy, the harder supply audits become. Shielded Labs is betting that a new pool architecture with mandatory turnstile accounting can resolve this, allowing users to prove ZEC supply integrity without sacrificing the transaction privacy that gives ZEC its purpose.
Whether that proposal passes Zcash governance will depend in part on whether the community reads this episode the way Helius CEO Mert Mumtaz does — as evidence of a security culture capable of finding and fixing serious bugs before they are exploited — or the way Arthur Hayes did: as an unacceptable gap in monetary integrity. The answer will likely determine whether ZEC's price trajectory before the disclosure, which had topped $640 earlier this year, proves durable.
Shielded Labs has also announced it is initiating a formal verification project for the Orchard circuit — an attempt to write a mathematical proof that no additional undiscovered bugs remain — and is hiring a Head of Security and a Cryptographer to anchor the next stage of proactive security research.
Frequently Asked Questions
Was the Zcash Orchard vulnerability exploited before it was fixed?
Shielded Labs and the Zcash Foundation both assessed prior exploitation as unlikely. ZODL's response was coordinated privately before any public disclosure, minimizing the window. The Zcash Foundation confirmed that its turnstile mechanism detected no unauthorized value creation while the bug was active. However, because Orchard's privacy architecture conceals transaction amounts and balances by design, a definitive cryptographic proof of non-exploitation within the pool cannot be produced.
What is a soundness bug in zero-knowledge proof circuits?
In a zero-knowledge proof system, "soundness" means the circuit will only accept transactions that are genuinely valid. A soundness bug creates a condition in which an invalid transaction — one that should be rejected — can nonetheless generate a proof that the network accepts. In the Zcash case, an under-constrained elliptic-curve multiplication gadget in the halo2_gadgets crate allowed false inputs to pass the multiplication check, meaning an attacker could construct a transaction spending ZEC that did not legitimately exist within the Orchard pool.
Is ZEC safe to hold after the Orchard vulnerability?
The technical vulnerability has been patched via the NU6.2 hard fork, which activated June 3. The Zcash Foundation confirmed that total supply integrity was protected throughout by the turnstile mechanism, and no evidence of exploitation was found. The outstanding question — which Shielded Labs' proposed network upgrade aims to resolve — is whether a within-Orchard supply audit can be independently verified by any user without relying solely on the absence of observable harm.
How did AI help find the Zcash bug?
Security engineer Taylor Hornby used Anthropic's Opus 4.8 model alongside a custom AI auditing framework to conduct a targeted review of the Orchard zk-SNARK circuit. Opus 4.8 was released on May 28; Hornby found the vulnerability on May 29. The AI-assisted approach allowed a highly focused examination of specific circuit constraints at a depth and speed that previous manual reviews had not reached, despite multiple audits by expert cryptographers over the prior four years.
ⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.
