Update: this post is about the problem. See also Ironwood which is about the solution.

By Zooko Wilcox, Jason McGee, and Taylor Hornby

Summary

On May 29, 2026, Taylor Hornby discovered a critical counterfeiting vulnerability in Zcash’s Orchard pool.

Taylor disclosed the vulnerability to Zcash Open Development Lab (ZODL), who coordinated an ecosystem-wide emergency response to fix the vulnerability, which was completed on June 2.

After reviewing Taylor’s report and discussing the implications of the vulnerability internally, Shielded Labs believes it is important to provide additional context.

The vulnerability could have been exploited to undetectably create an unlimited amount of counterfeit ZEC within Orchard. Because of the privacy properties of Orchard, there is no way to cryptographically prove whether the vulnerability was exploited before it was remediated. However, an upgrade can be deployed to protect users and prove the integrity of the Zcash supply.

Background

In April 2026, Shielded Labs engaged Taylor Hornby to conduct ongoing security research focused on the Zcash protocol. Taylor is an experienced security engineer with a deep understanding of Zcash.

The goal of this work was simple: identify vulnerabilities before malicious actors do. Taylor immediately began evaluating Zcash using the latest AI-assisted security auditing techniques alongside traditional security research methods.

Shortly after the release of Anthropic’s Opus 4.8 model on May 28, Taylor used it as part of a highly targeted review of the Orchard circuit. On May 29, Taylor discovered the vulnerability in the Orchard circuit and immediately disclosed it to ZODL engineers. ZODL engineers and others from the Zcash ecosystem acted quickly and skillfully to close the window of vulnerability within days.

What We Know and What We Don’t Know

The vulnerability was real and exploitable. Taylor, with the help of Opus 4.8, wrote a complete exploit which, when he tested it in a local regtest environment, generated unlimited, undetectable counterfeit ZEC. If he had run the same tool on Zcash mainnet it would have generated unlimited, undetectable counterfeit ZEC in his mainnet Zcash wallet.

The vulnerability has to do with an under-constrained element of the Orchard circuit, because of which it was possible to put arbitrary false inputs into an elliptic curve multiplication and still have the multiplication check pass. See Taylor’s full report and work log for details.

The vulnerability was present from Orchard’s activation in May 2022 until the emergency fix was deployed on June 1, 2026.

What makes this particularly challenging is that, due to the privacy properties of Orchard and the nature of the bug, there is no definitive way to determine using only cryptography whether such exploitation occurred before the vulnerability was discovered and fixed. We believe it is important to be transparent about that uncertainty.

Assessment: Prior Exploitation Of This Orchard Vulnerability Seems Unlikely

There are several reasons we are not overly concerned that counterfeiting occurred before this vulnerability was remediated.

First, the vulnerability had evaded years of scrutiny by many of the world’s best cryptographers.

Second, Shielded Labs specifically engaged Taylor Hornby for this purpose. The discovery was not accidental—it was the result of a deliberate effort to identify vulnerabilities of this kind before malicious actors could. Taylor is one of the most skilled people in the world at this. He used the most recent AI tools, available only to white-hat security researchers, along with a sophisticated custom-built AI harness and prompts, and worked hard to outrace the attackers. We think he probably succeeded.

Once the vulnerability was discovered, the window of opportunity for attack was sharply limited by the speed with which ZODL and the Zcash ecosystem executed the remediation.

Taken together, these factors suggest to us that there were few people who had the capability and opportunity to discover and exploit this vulnerability prior to it being fixed.

Proving the Integrity of the Zcash Supply

Our assessment is that exploitation of this vulnerability was unlikely. However, we do not believe that users should rely on our assessment, or anyone else’s. Shielded Labs is exploring —with the help of other Zcash developers—a proposed Network Upgrade to allow anyone to verify the integrity of the Zcash supply and to prove the non-existence of counterfeit Zcash in the Orchard pool. The proposal involves deploying a new shielded pool and enforcing turnstile accounting on all coins from the Orchard pool.

We plan to publish a follow-up post next week that explains the proposal in greater detail, including how it would work and the tradeoffs involved. Like all major network upgrades, it would require support from Zcash users and need to go through the standard governance process before it could be activated.

Accelerating Our Security Research

At the same time, we are doubling down on proactive security research, including using state-of-the-art AI tools, to find problems before the bad guys do. We have already begun the next stage of that, with the help of Taylor Hornby and Anthropic, and we’ll keep you updated.

In addition, Shielded Labs is initiating a project to formally verify the Orchard circuit—an attempt to write a mathematical proof that there are no more undiscovered bugs in it.

Shielded Labs is opening a search for a Head of Security and a Cryptographer to help deepen our security efforts. If you’re interested, or know someone who may be a good fit, please reach out.

Conclusion

This was a serious vulnerability, and we believe it’s important to be transparent about what it means for Zcash users.

We hired Taylor to find any vulnerabilities before the attackers, and that’s exactly what he did. We’re grateful for his work, the quick response from ZODL and the Zcash Foundation, as well as the many ecosystem participants who helped remediate the issue.

While no one wants to discover a vulnerability like this, we’re confident that Zcash is well positioned to recover. We stand ready to continue to help the other Zcash development groups and the Zcash community as a whole in how they want to move forward.

Acknowledgements

Thanks to Sean Bowe, Dev Ohja, David Campbell, Alex Bornstein, Nate Wilcox, Kris Nuttycombe, and Vitalik Buterin for review and feedback.

Appendix A: Taylor’s work log PDF – the dramatic story of the discovery of the vuln!

So it’s even worse than I previously thought.

1. Noone can prove the integrity of Orchard pool.
2. Implementing a new shielded pool and applying turnstile on Orchard moving to the new shield pool will take a lot of time + if exploit had happened and the hacker is fast enough, they will be able to move their fake coins to the new shielded pool BEFORE real coins are moved.
3. Codes are made by humans and non-perfect AI. NOONE can be 100% sure that the any shielded pools are 100% bug-free all the time. This time maybe we are lucky that our guy with Opus 4.8 found it before a North Korean hacker with Opus 4.8, but next year what if the North Korean hacker finds another bug first with Opus 4.9 / Mythos / whatever smartest AI out there? In the age of AI, anything can happen. Unless we achieve AGI with 100% accuracy and uses that AGI to build 100% bullet-proof codes, no way ZEC or XMR or any other cryptos can become private store of value.

Thanks for the transparency.

This must happen swiftly…

Isn’t it not possible without violating privacy of coinholders or effectively proving that the “shielded” supply is actually not that shielded (i.e., there is a backdoor)?

Not sure why Zooko would claim otherwise, this sounds like something new (or maybe he had it up his sleeve for a moment like this )

It sure does matter, because right now no one can say with certainty whether counterfeit ZEC was ever minted or not. If none were created great. But if counterfeits do exist, then several serious questions need real answers:

• Who makes the affected people whole?

• Do innocent holders lose their money?

• Should the counterfeit coins be identified and burned?

These are honest questions. They’re not meant to be rude, and no one is blaming ECC or the developers. Mistakes and exploits can happen in any complex system.The issue is that, at this point, there’s no way for the public to know for sure whether ZEC was exploited. Anyone claiming with absolute confidence that it hasn’t been is not being truthful. There needs to be a full, transparent, and verifiable count of all existing ZEC. Anything short of that will continue to erode trust and could ultimately kill the project.

I don’t think it matters. I believe there is no counterfeit ZEC. The problem is much more nuance: The THEORETICAL RISK of MORE exploitable bugs (thanks to AI) is non-zero and is now well understood by the market / zodlers. Remember when ZEC wanted to be 10% of private offshore wealth? No private offshore wealth will adopt ZK technology without 100% guarantee of no bugs.

In TradFi, if there’s a bug and the whales lose money, they can always claim the middlemen (banks / insurance / whatever). In cryptos, if you lose money because of a bug, you lose it forever.

The idea of a second Orchard pool seems like a reasonable solution to the problem.

One reason we can be somewhat less concerned about exploitation of older pools is that:

1. Not much ZEC remains in them that could be withdrawn before the turnstile hits.
2. People generally do not accept ZEC directly from within those pools; it has to be withdrawn into the transparent pool first.
3. Everyone has had ample opportunity to withdraw from the old pools.

Because previous inflation bugs were only made public once the community had already upgraded to a new shielded pool, we effectively got these benefits for free in the past.

I also like the idea of coupling the new pool with formal verification. We do not know how the AI arms race between attackers and defenders will develop, and we certainly do not want to split liquidity by having multiple new Orchard pools in succession. If Orchard could be formally verified within a reasonable amount of time, that would be a neat defense-in-depth measure.

Are you saying we always need middleman, then? Friend, why are you in crypto in the first place?

I’m saying that in the age of AI, you CAN’T BE TRUSTLESS. 2026 is very different than 2017.
So yeah, I think crypto is doomed in 2026 (look at every other coins dropping like flies). The only use case for blockchain now is tokenization of RWAs.

Are you saying that with the lights out it’s less dangerous?

Offensive AI and formal verification can be used to provide otherwise. You can say the same about Bitcoin and other crypto too.

(Not speaking on behalf of ZF. As always)

The risk will always be non-zero. There never will be 100% guarantee of no bugs.

For example, there is no proof that the elliptic curve logarithm is not breakable in regular computers. We only trust that because no one was able to break it so far. But there is no mathematical proof that that can’t be done, and if that happened it would break basically all of cryptocurrency.

Sure, formal verification can help… but it still will not be a 100% guarantee of no bugs

About the proposal of a new shielded pool… I think it will be useless. You can’t force people to migrate (just look at Sprout) so you will never be able to prove the vulnerability was not exploited by using it.

Zcash is one of the few projects that actually have a lot of transparency and integrity. Tremendous effort to build and maintain this ZK tech, especially over the past month. Big kudos to devs and contributors.

A new shielded pool makes the most sense to me. Sounds better to leave it in withdraw-only and have only flow out. Than leaving both side enter/exit continuously.

As a user and holder watching from the outside, first of all, thank you to everyone who worked on the Orchard response — researchers, engineers, wallet teams, miners, exchanges and infrastructure operators.

This is clearly a serious incident, but I appreciate the speed of the response and the transparency so far. The honest distinction between “the vulnerability has been remediated” and “past exploitation cannot be cryptographically ruled out from Orchard alone” is uncomfortable, but important for a serious financial protocol.

I think a few things could help rebuild confidence:

1. A clear official FAQ for normal users, holders, exchanges and infrastructure providers: what happened, what is known, what is not known, what was fixed, what risks remain, and what users should do now.

2. A credible independent review or audit of the remediation, the proposed new shielded pool and the turnstile accounting migration design.

3. Clear communication about the migration path, possible withdraw-only behavior for Orchard, and how turnstile accounting can restore verifiable supply integrity.

4. A serious post-quantum roadmap. Not rushed or marketing-driven, but visible research and planning.

Bitcoin deserves respect, but Zcash has a rare opportunity to combine privacy, sound money, supply integrity and long-term cryptographic preparedness. This crisis could become a chance to strengthen the project’s foundations.

Thanks again to everyone working on this.

The problem is, if you lose money due to a bug, it’s gone forever. We’ll only find out if counterfeit ZEC was created once the new pool launches. If people lose money because of it, the internet will spread the news loud and clear. For now, no one knows for sure. We just have to wait and see the sooner we get clarity, the better for everyone.

I’ll preface this reply by stating that my general partnership actively mines ZEC, and that we have no intention of stopping as a result of either AI-assisted vulnerability detection or the long-term implications it has relating to AI progress in general.

It’s important to frame this in the context that LLMs and the autonomous agents they spawn are, at this point and hopefully for years to come, tools. AGI notwithstanding (because there is no way form reliable expectations for how it will behave), I believe that what we have witnessed here makes an excellent case for adopting and permanently integrating continuous AI-assisted vulnerability testing and AI-assisted protocol development. Not unlike quantum computing, AI isn’t actually a threat unless we fail to use it to secure blockchains and networks against the threats it poses. Implementing policies that prioritize the use of LLMs and autonomous agents to make currencies like ZEC even more reliable should be mandatory at this point.

Arthur Hayes may be gone, but the need for ZEC isn’t. Financial privacy remains a prerequisite for individual autonomy. Censorship and overreliance on centralized institutions are still a thing. Rome isn’t burning, but someone has discovered that everyone’s basement might have been on fire without them knowing, and the damage could theoretically be extensive. We’re glad that the vulnerability was found, and while the pool solution presented isn’t a definitive one, it does seem like a perfectly reasonable step to take.