Shielded Labs has proposed a new upgrade to the Zcash network that would allow anyone to verify that the privacy coin supply has not been secretly inflated. The proposal follows the disclosure of a recently fixed bug in the network’s main shielded pool, which could have allowed undetectable counterfeiting of $ZEC.
Shielded Labs, a nonprofit that funds Zcash development, said in a blog post that the vulnerability had not been discovered in the Orchard pool since its launch in May 2022 until engineers shut it down this week. Zcash is roughly the 11th largest cryptocurrency by market value. According to CoinGecko data, $ZEC reversed gains for the week, down 16% over the past seven days and 25% over the past 24 hours as news of the bug emerged.
Orchard, Zcash’s newest and largest protected pool, holds over $4 million ZEC. This is the bulk of the roughly 30% of supply that is in private pools, according to protected supply trackers. The episode highlights a tradeoff at the heart of privacy coins: the same cryptography that hides balances also makes it impossible to prove from the chain alone whether a bug has been abused. Shielded Labs said there was no way to cryptographically determine whether anyone had exploited the flaw before the patch, although it deemed prior exploitation unlikely.
How the bug was found
Independent security researcher Taylor Hornby discovered the flaw on May 29 during an audit commissioned by Shielded Labs. He disclosed it that evening to engineers at the Zcash Open Development Lab (ZODL), the group that runs the protocol. Shielded Labs said Hornby used Anthropic’s Opus 4.8 model, released May 28, as well as a custom AI tool. He wrote a working exploit that generated unlimited counterfeit $ZEC in a local test environment. Running on mainnet, Shielded Labs said, the same tool would have produced unlimited, undetectable counterfeit $ZEC.
The problem was a robustness bug, which meant the network could be tricked into accepting a transaction that it should have rejected. This came from an under-constrained part of the Orchard circuit that allowed an attacker to pass false inputs through elliptic curve control and still pass the control. Shielded Labs described the impact as the ability to create unlimited, undetectable counterfeit $ZEC within Orchard.
Total supply remains intact
The Zcash Foundation, which develops the Zebra software used to manage the network, described the risk in a post published Wednesday. He said the operation could have allowed for double spending within Orchard but could not have inflated the total supply of $ZEC, which is capped by the network’s “round-robin” accounting. The turnstile limits the value that can leave each pool to the amount that entered it. The Foundation said the turnstile confirmed that the total supply remained intact and that there was no evidence of unauthorized value creation. Both groups agree that the bug was detected before any known exploitation and that user privacy was not affected.
How the fix was deployed
After private coordination with miners and exchanges that began on May 31, engineers shipped an emergency soft fork that disabled Orchard transactions. It was activated on June 2 at block 3,363,426. A hard-fork upgrade called NU6.2 then reactivated Orchard with a patched circuit on June 3 at block 3,364,600, the Foundation said. He called this response the second security-focused upgrade in Zcash’s history since the network launched in 2016. The fix is followed in a security advisory from Zebra. Orchard transfers were frozen during the window while Transparent Transactions and Sapling continued to operate. Some block explorers briefly showed no new blocks afterward, fueling confusion that the network was down.
The proposed upgrade
Shielded Labs said that NU6.2 fixes the bug but does not prove that Orchard’s supply was never tampered with. His proposal would deploy a new shielded pool and route all coins leaving Orchard through turnstile accounting, allowing anyone to verify that no counterfeit $ZEC exists. Like any major upgrade, it would require community support and would have to pass Zcash’s governance process before being activated. Shielded Labs said it plans to release details next week. The coordinated response has drawn criticism. Some developers and commentators argued that the confidential patch, which relied on a small group of engineers, miners and exchanges, showed how centralized the network’s emergency response could be. They also questioned whether protected pools could ever be fully audited.
![]()



