Zcash developers disclosed a critical bug on June 5, 2026 that, had someone found and used it first, could have created counterfeit ZEC out of nothing, with no way for anyone to notice. The flaw lived in the Orchard shielded pool, the privacy feature that hides Zcash balances, and it had been there since around May 2022, according to CryptoPotato. An emergency patch shipped on June 3 before the public disclosure. ZEC fell sharply on the news, down roughly 30% to as much as about 48% intraday on June 5 depending on which outlet you read, with several billion dollars in market value wiped out.

This is the worst kind of bug a coin can have, because it attacks the one thing the coin must get right: how much of it exists. The figures below are stamped to their source dates, this market moves fast, and nothing here tells you to buy or sell.

  • The bug was in Zcash's Orchard shielded pool and could have minted unlimited counterfeit ZEC that nobody could detect, per CryptoPotato.
  • It was present since around May 2022 and found on May 29, 2026 by security engineer Taylor Hornby, who was engaged by Shielded Labs (CryptoPotato, FinanceFeeds).
  • An emergency hard-fork patch went live on June 3, 2026: Orchard transactions were disabled, then the pool was restored with a corrected circuit (CryptoPotato, FinanceFeeds).
  • It is cryptographically impossible to confirm whether the bug was ever exploited, per CryptoPotato. The patch closes the hole; it cannot prove the hole was never used.
  • ZEC fell sharply on June 5, reported between roughly 30% and about 48% on the day depending on the source (Blockonomi, FinanceFeeds, CryptoPotato).

What is the Orchard shielded pool?

A shielded pool is the part of Zcash that hides who paid whom, and how much. Most blockchains, Bitcoin included, are public ledgers: anyone can read every balance and every transfer. Zcash was built to offer privacy on top of that, so it lets users move coins into a shielded pool where the amounts and the parties are encrypted. From the outside, a shielded transaction shows that something valid happened without revealing the details. Orchard is the newest and most advanced version of that pool, the current standard for shielded Zcash.

The privacy works through a tool called a zero-knowledge proof. In plain terms, a zero-knowledge proof lets you prove a statement is true without showing the underlying data. For Zcash, the statement is roughly: "this transaction is valid, the sender owns these coins, and no money was created from thin air," and the proof convinces the network of that without exposing the sender, the receiver, or the amount. The math that builds and checks those proofs is called a circuit. The circuit is the rulebook the proof has to satisfy.

That design is the privacy feature and the weak point at once. Because shielded balances are hidden by intent, the network cannot just look at the ledger and add up the coins. It has to trust that the circuit is sound, that the proofs it accepts really do guarantee no coin was conjured. The bug was in that circuit.

What the bug could have done

The flaw in the Orchard circuit could have let an attacker produce a valid-looking proof for a transaction that secretly created ZEC that was never mined or earned. CryptoPotato described the threat directly: an attacker could mint unlimited counterfeit ZEC, undetectably. In a normal forgery, you might eventually spot the fake by checking the books. Here the books are encrypted by design, so the counterfeit coins would sit inside the shielded pool looking exactly as legitimate as everyone else's, with nothing on the public chain to flag them.

Two words in that sentence carry the weight: "unlimited" and "undetectably." Unlimited means the cap that defines a scarce asset stops meaning anything; if you can mint at will, the fixed supply is just a story. Undetectably means you could not run an audit and catch it, because the privacy that protects honest users would protect the counterfeiter just as well. A counterfeit dollar can be examined under a light. A counterfeit shielded ZEC, in principle, could not.

This is why a supply-integrity bug ranks above almost any other failure a coin can suffer. An exchange getting hacked is a theft of real coins from one place; painful, but the total supply still adds up. A bug that quietly inflates supply breaks the accounting itself. Crypto has seen how damaging supply and bridge exploits can be: the Verus-Ethereum bridge hack and the THORChain exploit both showed how fast confidence drains when the thing being attacked is the money's own integrity rather than one user's wallet. For a privacy coin, the wound is deeper, because the same feature that makes Zcash worth using is the feature that would have hidden the fraud.

Who found it, and how was it fixed?

The bug was found on May 29, 2026 by security engineer Taylor Hornby, who was engaged by Shielded Labs, according to CryptoPotato and FinanceFeeds. Hornby credited Anthropic's Claude with helping him develop a working exploit in a local test environment, FinanceFeeds reported. That detail is about the researcher's process, not the chain itself; the exploit was built and run in isolation to prove the flaw was real before it was disclosed. Founder Zooko Wilcox and other people working on Zcash made the public disclosure, per CryptoPotato.

The fix came as an emergency hard fork that went live on June 3, 2026, two days before the public announcement, per CryptoPotato. A hard fork is a coordinated change to the network's rules that every node has to adopt. Per FinanceFeeds, the remediation first disabled Orchard transactions, which froze the affected feature so no new shielded transactions could flow through the flawed circuit, then restored the pool with a corrected circuit once the fix was in place. In plain terms, they shut the broken door and reopened it with a new lock.

The patch closes the hole, but it cannot prove the hole was never used. CryptoPotato was explicit on this point: it is cryptographically impossible to confirm whether the bug was ever exploited. The same privacy that would have hidden a counterfeit also hides whether one was ever made.

Was it ever exploited?

Nobody can say for certain, and that uncertainty is built into how the system works. Because shielded transactions encrypt their amounts, there is no public record to audit for fake coins. Investigators cannot scan the Orchard pool and tally a discrepancy, the way you might catch a doctored bank ledger. The privacy guarantee that protects honest users also means a counterfeit, if one was ever made, would leave no visible trace.

That does not mean the bug was used. It means the question may never get a clean yes or no. The flaw sat undiscovered for roughly four years, which cuts two ways: it had a long window in which it could have been found and abused, and it also went unfound by the researcher who eventually caught it until late May 2026, which suggests it was not obvious. Here is where it stands. The risk going forward is largely closed by the patch. The historical question is, by the design of the coin, unanswerable.

"We fixed the bug" and "the bug was never used" are two different claims, and only the first one is verified here. The patch protects the network from this flaw from now on. It cannot, and the developers have not, ruled out that counterfeit ZEC was created during the four years the bug existed. With a privacy coin, that gap is permanent.

What it means for ZEC holders

ZEC fell sharply once the news landed. The exact figure varies by source: Blockonomi reported a drop of more than 30% within a day, FinanceFeeds reported as much as 48%, and CryptoPotato and CryptoRank both cited roughly a 45% fall on the day, with Coinfomania putting it near 40% over about 11 hours. Several billion dollars in market value came off; CryptoPotato cited more than $3 billion erased, and Coinfomania around $3.5 billion. The spread in those numbers reflects different snapshots through a volatile day, not a single agreed price. Treat the move as "fell sharply on June 5, 2026," not as one precise percentage.

The drop is steeper because of where ZEC had been. The coin had run up strongly over the prior year, more than 750% over the past year by BanklessTimes' account, and had held up while much of the market sold off. BanklessTimes framed the core problem: for a privacy coin, the inability to prove no counterfeit was created is a serious issue, because the whole proposition rests on the coins being real and the total being fixed. When that assumption wobbles, the asset that climbed fastest has the most room to fall. Among the reactions, BitMEX co-founder Arthur Hayes sold his entire ZEC position after the disclosure, per FXStreet.

Here is what a holder can take from this, without anyone telling you what to do with your coins. The immediate technical risk is reduced: the disclosure and the patch closed the flaw, as CryptoRank noted, even as they damaged confidence. The harder problem is trust, and trust is slower to repair than code. A privacy coin asks you to believe the supply is honest precisely because you cannot see it for yourself, and this episode showed that belief was resting on a circuit with a four-year flaw in it. The patch fixes the circuit. Whether the market rebuilds the belief is a separate question, and it is the one worth watching from here.