An independent security researcher used an AI model to find a flaw in Zcash's main privacy pool that could have created counterfeit ZEC no one would be able to detect. The disclosure, surfaced by the Zcash team and amplified by WuBlockchain on June 5, describes a soundness bug in the Orchard shielded pool that validators have since patched through an emergency two-phase network upgrade.
The short version: for a window of time, the math that is supposed to guarantee no one can spend coins they do not own had a hole in it. Inside a shielded pool, where balances and transaction amounts are hidden by design, that kind of hole is close to a worst case.
A soundness hole in the proof circuit
Orchard is Zcash's current shielded transaction pool. It relies on zero-knowledge proofs so a user can prove a transaction is valid without revealing the sender, receiver, or amount. The whole system rests on one assumption: a valid proof can only be produced for a genuinely valid transaction.
The bug broke that assumption. According to the disclosure, a flaw in the Orchard proof circuit could have let an invalid transaction pass verification, which would allow an attacker to mint ZEC out of nothing. Because the pool hides amounts, the freshly minted coins would have been indistinguishable from legitimate ones. There would be no on-chain balance that suddenly looked wrong, no obvious red flag for nodes to reject.
Taylor Hornby, an independent researcher auditing the protocol for Shielded Labs, identified the issue on May 29. Per reporting, Hornby used Anthropic's Opus 4.8 model, released the day before on May 28, together with custom tooling to write a working exploit that generated unlimited counterfeit ZEC in a local test environment. The exploit never touched mainnet.
Five days from discovery to hard fork
Zcash validators moved fast. Phase one was a temporary soft fork that activated June 2 at mainnet block height 3,363,426, around 02:00 UTC. It disabled Orchard actions across the network, effectively freezing the affected pool so no one could attempt the exploit while a permanent fix was prepared.
Phase two was a hard-fork upgrade, NU6.2, which activated June 3 at block 3,364,600 with corrected circuit code. Total response time from discovery to patched network was roughly five days. Pausing the shielded pool meant briefly breaking the feature Zcash exists to provide, but it closed the attack surface while the repair shipped.
The unverifiable all-clear
The Zcash Foundation stated there is no evidence the bug was exploited, no unauthorized value was created, and user privacy was not affected. That is the reassuring headline. The uncomfortable part is structural: the same privacy that makes Zcash valuable also makes the "no counterfeit happened" claim difficult to confirm from the outside. In a transparent ledger you can sum every balance and check it against issuance. In a shielded pool you cannot, at least not yet.
That gap is now driving a concrete proposal. Shielded Labs has put forward a new upgrade aimed at proving ZEC's total supply, so the network could demonstrate that the amount of shielded ZEC matches what should exist. It is an attempt to give a privacy chain an auditability guarantee without unwinding the privacy itself.
Markets did not wait for the philosophical debate. ZEC fell about 25% over 24 hours and roughly 16% over the trailing week as the disclosure spread, giving back the gains it had posted earlier. The reaction lands against a broadly fearful backdrop: the Crypto Fear and Greed Index sat at 18, "Extreme fear," as of June 5, 2026, with Bitcoin at $63,262 and Ether at $1,754.
A new template for finding crypto bugs
The detail worth sitting with is the method. A single auditor pointed a frontier AI model at a production zero-knowledge circuit and produced a working counterfeiting exploit faster than the protocol's own years of human review had caught it. For every team running a shielded pool, an optimistic rollup, or any system whose safety depends on proof soundness, that changes the threat model. The attacker pool just got bigger and the time-to-exploit just got shorter.
For holders, the practical takeaway is narrower. This was a protocol-level soundness bug, not a wallet or custody breach, so the lesson is less about where you keep keys and more about which trust assumptions you are relying on. A chain's "trustless" guarantee is only as strong as the proof system underneath it, and even battle-tested circuits can carry a latent flaw that the right tool surfaces overnight. Whether you favor self-custody setups or a custodial product, protocol soundness is a layer below either choice, and it is one most users never audit themselves.
For now, Orchard is patched, the network is running corrected code, and the open question is whether Zcash can ship a supply proof convincing enough to retire the doubt that a private pool can never fully dispel.
Overview
A soundness bug in Zcash's Orchard shielded pool could have allowed undetectable counterfeit ZEC. Researcher Taylor Hornby found it on May 29 using Anthropic's Opus 4.8 model and a working test-environment exploit. Validators disabled Orchard via a soft fork on June 2 and shipped the NU6.2 hard fork on June 3. The Zcash Foundation reports no evidence of exploitation, though the pool's privacy makes that hard to verify, prompting a Shielded Labs proposal to prove total ZEC supply. ZEC fell about 25% in 24 hours on the news.
