Researcher finds Zcash bug that could mint unlimited ZEC

A security engineer discovered a vulnerability in Zcash’s Orchard shielded transaction pool that could be used to create unlimited counterfeit ZEC. Shielded Labs published the finding Thursday, and developers patched the code on June 1. ZEC’s price fell 31% over 24 hours to $409.64 as of 11:00 p.m. ET Thursday, with most of the decline occurring in the five hours after the disclosure.

Shielded Labs hired security engineer Taylor Hornby in April to review the protocol. On May 29, Hornby uncovered the flaw while using Anthropic’s Opus 4.8 AI model alongside standard testing techniques. Hornby reported the issue to engineers at the Zcash Open Development Lab and reproduced a full exploit in a local regtest environment that generated “unlimited, undetectable counterfeit ZEC,” according to the post.

The defect was in an under-constrained element of the Orchard circuit, the zero-knowledge proof system that validates shielded transactions. The weakness allowed arbitrary false inputs to be accepted into an elliptic curve multiplication and still pass validation, which could let the pool accept counterfeit coins as valid.

Orchard is Zcash’s most recent shielded pool, activated in May 2022. Zero-knowledge circuits let validators confirm a transaction’s validity without revealing amounts or participants; the flaw affected one circuit’s constraints used for that validation.

Shielded Labs wrote, “The vulnerability was real and exploitable,” and noted the issue had existed since Orchard’s activation but had not been detected earlier. The organization described Hornby’s work as a white-hat review that combined modern AI tools and custom tooling to find vulnerabilities before attackers could.

The privacy design of Orchard makes it difficult to determine whether the flaw had been exploited in the wild. Shielded Labs indicated it is not overly concerned that counterfeiting occurred before the fix, given the bug had gone undetected for years under expert scrutiny.

After the discovery, developers applied a patch to the Orchard circuit on June 1. Zcash maintainers and community members are considering a network upgrade that would allow public verification of the Zcash supply, deploy a new shielded pool and enforce turnstile accounting to track coins entering and leaving Orchard.

Shielded Labs said it will continue to share information about the finding and work on measures to reduce the risk of future supply manipulation.