Zcash’s Orchard Pool Had Four-Year Counterfeiting Flaw With No Way to Prove Supply Intact

Published by James Harris on June 6, 2026June 6, 2026

A four-year-old flaw in Zcash’s Orchard shielded pool allowed unlimited counterfeit ZEC to be minted without detection, and while an emergency patch shipped by June 2 with no confirmed exploit, the protocol’s privacy design makes it mathematically impossible to prove no fake coins entered circulation before the fix.

The vulnerability sits in the zero-knowledge proof circuit that powers Orchard, the most advanced of Zcash’s shielded pools. ZK proof systems are supposed to guarantee that a prover cannot construct a valid statement from false inputs, so a soundness flaw here is not a peripheral bug but a failure of the core cryptographic guarantee. Security researcher Taylor Hornby found it using an AI model during a targeted audit on May 29, built a working exploit in a controlled environment, and reported it immediately. The response was fast by any standard: patch deployed in four days, no confirmed on-chain exploit. The problem is that Zcash’s shielded pool is private by design, which means the same property that protects users also prevents anyone from auditing whether the total supply remained intact during the four years the flaw existed.

That unresolvable uncertainty is the actual damage, and a price collapse is the rational response to it, not panic.

This is the first time a ZK circuit soundness flaw of this severity has surfaced in a live privacy coin with meaningful liquidity, but the supply-integrity problem has a precedent. Zcash’s own Sprout pool had a counterfeiting vulnerability disclosed in 2019 that had gone undetected for two years. The Electric Coin Company handled that disclosure similarly: coordinated patch, no confirmed exploit, and the same epistemic caveat about shielded supply. ZEC recovered from that event, but Sprout was already being deprecated and held a fraction of total shielded value. Orchard is Zcash’s current flagship pool, which makes the stakes meaningfully higher this time. The 50% price drop, from above $600 to near $300, reflects that distinction.

What This Signals for Privacy Coin Infrastructure

The broader implication is less about Zcash specifically and more about the maturity of ZK proof auditing across the sector. Projects like Aztec, Penumbra, and various ZK-rollup implementations on Ethereum all rely on circuit soundness as a foundational assumption, and most have not had their circuits subjected to adversarial AI-assisted review at scale. Hornby’s use of an AI model to locate the flaw is the detail that should concentrate attention among protocol developers, because it suggests the attack surface for ZK systems may be more accessible than previously assumed. Regulators who have long treated privacy coins as compliance liabilities now have a concrete technical failure to cite, which accelerates the already-narrow path for ZEC and similar assets on regulated exchanges.

The Electric Coin Company has not yet published a full post-mortem on the circuit flaw itself. When that disclosure arrives, the specific nature of the soundness break will determine whether this is an isolated implementation error or a class of vulnerability that demands re-auditing across other ZK systems.