A vulnerability in Zcash’s Orchard pool could have allowed undetectable counterfeiting of ZEC tokens before being patched.
Zcash developers patched a critical counterfeiting vulnerability in the Orchard pool discovered on May 29. The flaw, identified by security researcher Taylor Hornby, could have enabled the creation of unlimited undetectable ZEC tokens.
The bug was confirmed as real and exploitable by Shielded Labs, though the privacy design of Orchard prevents verification of prior exploitation. Developers completed an emergency fix by June 2 but cannot cryptographically prove whether the flaw was previously abused.
ZEC fell 29.0% in the past 24 hours to $443.05 amid concerns over the vulnerability and potential supply integrity risks. Shielded Labs is exploring a network upgrade to verify the absence of counterfeit tokens.