Zcash (ZEC) suffered a significant 30% decline, reaching a price of $400, driven by broader market trends and the revelation of a critical vulnerability in its Orchard privacy pool. This flaw, disclosed by Shielded Labs, could potentially have allowed for the undetected creation of unlimited counterfeit tokens, posing a risk to the cryptocurrency's supply integrity.
Details of the Vulnerability
Shielded Labs announced that the bug could have enabled an attacker to generate an infinite number of counterfeit ZEC tokens without detection. This discovery raises concerns about the trustworthiness of Zcash's supply and its market value.
On May 29, security engineer Taylor Hornby detected the vulnerability using Anthropic’s Opus 4.8 AI model, and it was promptly fixed by June 1. The issue had been present since the Orchard's activation in May 2022, remaining undetected for four years.
- Hornby, contracted by Shielded Labs to identify vulnerabilities, found that the exploit could create unlimited counterfeit ZEC tokens in testing.
- Shielded Labs emphasized there is no cryptographic means to confirm if the flaw was exploited before it was patched.
- The organization is advocating for a network upgrade to enhance security and restore confidence in ZEC’s supply.
Despite the swift response to the vulnerability, the market reacted negatively, possibly due to the prolonged existence of the bug without detection. Shielded Labs acknowledged the uncertainty regarding whether the exploit had been utilized before the fix was implemented.
Response to the Discovery
Hornby reported the vulnerability to the Zcash Open Development Lab (ZODL), which facilitated the emergency fix. Shielded Labs stated that the bug had escaped attention from cryptographers for years, only coming to light through advanced AI tools and dedicated researchers.
The organization believes that exploitation likely did not occur for several reasons: the bug had been scrutinized by experts for years, and the rapid identification and fixing left little opportunity for exploitation.
To further bolster security, Shielded Labs plans to propose a network upgrade that will allow independent verification of ZEC's supply integrity. This upgrade will involve the implementation of a new shielded pool and stricter accounting measures for coins from the Orchard pool. The firm is also enhancing its security efforts by collaborating with Hornby and pursuing new hires for key security roles.
Additionally, Shielded Labs intends to publish a comprehensive update regarding these developments next week.
Privacy AI Disclaimer: Portions of this article were generated using AI tools and reviewed by our editorial team to ensure accuracy and compliance with our standards. For more information, see CoinDesk's full AI Policy.