ZEC Plunges 30% After Anthropic AI Identifies Potential Zcash Counterfeiting Flaw

The market capitalization of Zcash dropped by nearly $3 billion over the last 24 hours after a critical vulnerability was disclosed, even though the issue had already been patched.

The price of ZEC declined on Thursday after developers publicly revealed a critical counterfeiting flaw in the Orchard pool of Zcash, a vulnerability that could, in theory, enable a malicious actor to create an unlimited supply of ZEC.

According to a post shared on X, security engineer Taylor Hornby, who worked with Shielded Labs, identified the flaw on May 29 and reported it to the Zcash Open Development Lab. The team quickly launched an emergency response and resolved the issue through a hard fork that went live on June 3.

However, uncertainty remains over how extensively the vulnerability may have been exploited since its introduction in May 2022. Those concerns triggered a sharp sell-off in Zcash, with ZEC plunging more than 30% over the past 24 hours to around $410 at the time of publication. The project’s market value also dropped by over $3 billion.

However, Arthur Hayes said on Friday that the chances of ZEC being fraudulently created through the vulnerability appear low, although he noted that “it cannot be formally cryptographically proved impossible.”

“Sadly, due to the Orchard Pool exploit, I had to dump our entire ZEC bag,” he said.

“The Holy Trinity is finished,” he said, referring to Zcash and the two other digital assets he exited earlier this week, Hyperliquid and Near Protocol.

Claude Helps Identify Software Bug During Security Review

Taylor relied on Claude Opus 4.8, which had been released on May 28, one day before the flaw was identified, to support a focused audit of the Orchard circuit, the cryptographic infrastructure that powers Zcash’s Orchard shielded pool.

The critical vulnerability permitted invalid data to pass an elliptic curve multiplication verification, allowing the cryptographic calculations designed to authenticate transactions to be deceived.

Taylor successfully developed and validated a proof-of-concept exploit that was capable of producing an unlimited quantity of counterfeit ZEC.

“If he had run the same tool on Zcash mainnet it would have generated unlimited, undetectable counterfeit ZEC in his mainnet Zcash wallet,” the security researchers said on Friday.

The main concern is that no cryptographic method exists to determine whether the flaw had been exploited before the patch was applied, as the privacy features of Orchard prevent such verification.

However, Shielded Labs said it was “not particularly worried,” noting that the vulnerability was sophisticated enough to remain unnoticed through years of expert audits. The flaw was ultimately uncovered through a deliberate investigation carried out by highly skilled researchers using advanced tools and artificial intelligence.

The firm said it is collaborating with Zcash developers on a proposed network upgrade that would enable users to verify the integrity of the ZEC supply and confirm that no counterfeit tokens exist within the Orchard pool.

Zcash Faces Another Reported Counterfeiting Vulnerability

Mert Mumtaz, co-founder and chief executive of Helius, said that nearly all privacy-focused protocols contain some variation of the same type of vulnerability.

“This same FUD comes back every five months as new people learn how privacy pools work,” he said.

He said the threat remains largely theoretical across most zero-knowledge privacy systems, arising from circuit-level flaws that are difficult for attackers to exploit and even harder for developers to identify.

This was not the first instance of a comparable flaw affecting Zcash. In 2018, the team at Electric Coin Company identified a counterfeiting weakness within the cryptographic framework that supports zk-proofs and later resolved the issue in 2019 without any reported losses.