AI · CryptoSlate
AI-assisted Zcash flaw exposes the supply integrity gap an emergency fork could not fully close
Compiled by KHAO Editorial — aggregated from 1 source. See llms.txt for citation guidance.
◌ Single Source
The exploit that nearly broke Zcash originated inside the zero-knowledge proof circuit that powers Orchard, Zcash's newest shielded pool, and the cryptographic core of its private transaction system.
Key facts
- TRM Labs' 2026 Crypto Crime Report counted $2.87 billion stolen across nearly 150 hacks in 2025, with adversaries concentrating attacks on keys, wallets, and control planes
- ZEC traded as high as $611 intraday before the disclosure and fell sharply, settling around $421 as the market priced the difference between “patched” and “proven clean
- The emergency soft fork was activated at 02:00 UTC on June 2 at block 3,363,426, temporarily disabling Orchard actions
- The NU6.2 hard fork followed on June 3 at 00:05 EDT at block 3,364,600, replacing the circuit and restoring full Orchard functionality
Summary
01 A Shielded Labs researcher found a critical Orchard proof-circuit flaw, prompting Zcash to emergency-fork and hard-fork within days. 02 The bug could have let an attacker mint unlimited counterfeit ZEC inside Orchard without detection, despite Zcash's 21 million cap. 03 Because Orchard hides balances, Zcash cannot easily prove no supply tampering occurred, leaving a patch-versus-proof gap until a follow-up upgrade. Taylor Hornby, a security researcher at Shielded Labs, found it on May 29 during a targeted protocol security review.