Zcash Fixes Four-Year-Old Vulnerability in Orchard Shielded Pool

A critical vulnerability in Zcash's Orchard shielded pool has been discovered and fixed through an emergency network upgrade. The flaw, identified by security researcher Taylor Hornby on May 29, 2026, could have allowed unlimited counterfeit ZEC creation if exploited.

The bug was found during a protocol audit commissioned by Shielded Labs, using Anthropic's Claude Opus 4.8 AI model and a custom analysis suite. The researchers developed a working proof-of-concept that generated unlimited, undetectable counterfeit ZEC in a local test environment.

However, the organization acknowledged that due to the privacy properties of Orchard, there is no definitive cryptographic way to determine whether exploitation occurred. Despite this limitation, the developers' swift response and transparent disclosure appear to have provided confidence for the market recovery.