Since Zcash is a privacy coin, how can we obtain the exact supply data? If a hacker produces millions of coins by an unknown bug, we can find it?
Since Sapling release, Zcash has what’s called a Turnstile Audit: https://zcash.readthedocs.io/en/latest/rtd_pages/sapling_turnstile.html
Which will be part of the consensus code as of the 2.0.5 release:
See also this github issue for some more clarification of the question: https://github.com/zcash/zcash/issues/2289
I had the same question that was previously asked, thanks for the information!