OverviewZcash (ZEC) lost roughly half its value in 48 hours in early June 2026, falling from a June 4 peak near $624 to about $309 on June 5 after Shielded Labs disclosed a critical soundness flaw in OverviewZcash (ZEC) lost roughly half its value in 48 hours in early June 2026, falling from a June 4 peak near $624 to about $309 on June 5 after Shielded Labs disclosed a critical soundness flaw in

ZEC Plunges on Infinite Mint Fears: Analyzing the Market Fallout of the Orchard Bug

Overview

Zcash (ZEC) lost roughly half its value in 48 hours in early June 2026, falling from a June 4 peak near $624 to about $309 on June 5 after Shielded Labs disclosed a critical soundness flaw in the Orchard shielded pool. Liquidations topped $116 million and more than $5 billion was erased from Zcash's market capitalization, yet the bug was never exploited: no funds were stolen, no counterfeit ZEC was confirmed, and the network's turnstile mechanism verified that total supply remained intact throughout. The crash was driven by something subtler and more dangerous than a hack; the inability to ever cryptographically prove the supply was clean.
This article looks past the headlines to analyze what actually happened at the level of market microstructure and zero-knowledge cryptography. The flaw, hidden in the Orchard circuit since its May 2022 activation, was an under-constrained element in the variable-base scalar multiplication gadget of the halo2_gadgets crate. It could have allowed an attacker to forge nullifiers and mint counterfeit ZEC inside the shielded pool with no on-chain signature. It was discovered on May 29, 2026 by security engineer Taylor Hornby, contracted by Shielded Labs, using Anthropic's Claude Opus 4.8; a finding that had eluded four years of expert human audits. Developers patched it through a two-stage emergency response culminating in the NU6.2 hard fork.

The Catalyst: An Under-Constrained Circuit

The root of the panic was a soundness flaw that sat dormant in the Orchard pool from its activation in May 2022. Orchard is Zcash's most advanced shielded pool, built on the Halo 2 proving system with no trusted setup, and it holds the large majority of shielded ZEC. Instead of publishing transaction details like Bitcoin, Zcash records an encrypted note plus a zero-knowledge proof that the transaction obeys the rules.
The vulnerability lived in the variable-base scalar multiplication gadget of the Orchard circuit, implemented in the halo2_gadgets Rust crate. According to theofficial Zcash security disclosure, the incomplete double-and-add loop held the per-iteration base coordinates constant across rows but never tied them to the real base. The coordinates were written into the circuit with assign_advice, and the chain failed to anchor to either the doubling-row base or the complete-addition base. In plainer terms, a constraint that was supposed to force a witnessed value to equal the actual base was missing.
The practical consequence was that a sophisticated attacker could push mathematically invalid inputs past an elliptic-curve check that should have rejected them, forging nullifiers to double-spend the same shielded note and mint counterfeit ZEC inside the pool with no observable on-chain signature.
Zcash's development lab was careful to frame what kind of bug this was. CEO Josh Swihart described it as a flaw in the protocol's "rulebook" loosely written rules that made fake transactions possible rather than a break in the underlying cryptography or the proof engine itself. That distinction matters for assessing systemic risk, even if it offered little comfort to the order book.
The discovery itself is the part that will be studied for years. Hornby found the flaw on May 29, hours after Anthropic released Claude Opus 4.8 on May 28, by pointing the model at the Orchard circuit through a purpose-built auditing framework. He went beyond flagging it, he wrote a complete proof-of-concept exploit that generated counterfeit ZEC in a local test environment. A blind spot that four years of expert human review had missed surfaced in a single concentrated effort. That is the genuinely novel element here, and it cuts both ways: AI tooling now hardens networks faster, but it also lowers the cost of finding latent flaws for anyone pointing the same tools at the same code.

The Turnstile Mechanism vs. The Market Narrative

When the disclosure broke, the market priced the worst case: chain-wide hyperinflation. The architecture tells a narrower story.
The bug did not enable an infinite global mint of spendable ZEC. The risk was confined to the Orchard pool. Zcash uses a "turnstile"; a public accounting boundary that tracks exactly how much transparent ZEC enters and exits each shielded pool. Consensus rules physically prevent more public ZEC from being withdrawn from Orchard than was ever deposited. The Zcash Foundation confirmed total supply integrity held throughout, verified by precisely this mechanism.
So the real worst case was Orchard insolvency, not global inflation. If counterfeit notes had been created, honest claimants would be competing with fraudulent ones for a finite pool of real, turnstile-backed ZEC. Structurally this resembles a liquid-staking or vault shortfall, where bad claims dilute a fixed reserve, rather than a transparent smart-contract drain. That analogy is illustrative; the disclosure describes the turnstile-containment mechanism, not a specific named comparison. The containment was real. The nuance was almost entirely lost in the panic.
Grayscale CLO Craig Salm and Gemini's Cameron Winklevoss both made the empirical case for calm: to believe the exploit was actually triggered, someone would have had to out-analyze every developer at ECC, ZODL, Shielded Labs, and the Foundation combined and then decline to drain the pool during a 20x-plus bull run. Possible, but improbable. Winklevoss framed the rapid discovery and remediation as a vote of confidence in the network's defenders rather than an indictment.

Why the Order Books Emptied

If the turnstile contained the damage, why the severe liquidity drain? The answer is the privacy paradox of zero-knowledge proofs. Because ZK proofs hide all private circuit inputs by design, an attacker manipulating those inputs leaves no observable on-chain signature. Nullifiers generated through this specific double-spend path would be cryptographically indistinguishable from legitimate activity. Even high-level statistical analysis of Orchard action counts cannot conclusively prove whether an exploit happened. As the project itself acknowledged, the flaw could have enabled undetectable counterfeiting. On a transparent chain like Bitcoin or Ethereum, a hack is visible—stolen funds can be traced, attacker wallets monitored, the exact supply impact quantified. With Orchard, the perfect privacy that gives ZEC its value also makes it mathematically impossible to prove the network was clean before the patch.
Markets abhor that kind of uncertainty. The combination of possible-but-unprovable insolvency and a permanently unverifiable history triggered a classic bank run. Being early to the exit is the rational move in a shielded liquidity crisis: traders unshielded ZEC and sold, depth thinned, and large holders liquidated outright. The most visible exit was Arthur Hayes, who closed his entire position, conceding he thought counterfeiting was unlikely but that the inability to prove it had broken his thesis for holding. The sell-off stayed largely Zcash-specific: Monero slipped only 3% to 4% and Dash held roughly flat, confirming the market read this as an idiosyncratic event rather than a privacy-coin contagion.

The Liquidity Fallout in Context

The drawdown landed on top of an enormous run. ZEC had closed 2025 up roughly 691%, the best-performing privacy coin, touching $744 in November before the June repricing pinned it near $309. The asset had also been attracting institutional attention, the SEC closed its investigation into the project in January 2026, and Grayscale filed to convert its Zcash Trust into what could become the first U.S. spot privacy-coin ETF. Roughly 30% of circulating supply now sits in shielded pools, up from around 8% in 2024.
That backdrop is why the disclosure hit so hard. ZEC had become the privacy trade, and the bug struck the exact property—verifiable supply integrity inside the shielded pool that the trade was built on. Updating a zero-knowledge circuit is not a simple node patch, either: it requires changing the pinned verifying key, which is why a hard fork was unavoidable rather than a quiet hotfix.

Moving Forward: Restoring the Peg of Trust

Closing the code was the first step, not the last. Thetwo-stage fix—an emergency soft fork on June 2 followed by the NU6.2 hard fork on June 3 repaired the circuit, but it did not, and cannot, retroactively prove that no counterfeit ZEC was ever minted. That is the trust deficit the market is now pricing.
Shielded Labs' answer is a proposed new shielded pool called Ironwood. The plan targets activation around late July 2026, following Orchard's end-of-support, and is backed by formal verification, independent audits, and AI-assisted review, a more rigorous assurance framework than Orchard ever had. The mechanism is the clever part. As funds migrate out of Orchard through the turnstile, one of two things happens: either all coins exit cleanly, confirming the supply was honest all along, which developers consider far more likely, or excess ZEC attempts to leave, gets rejected and destroyed by the turnstile, and in doing so creates publicly verifiable on-chain evidence that counterfeiting occurred. Either way, the question that cryptography alone cannot currently answer eventually becomes visible to everyone. MEXC'sbreakdown of the Ironwood proposal walks through the migration timeline in more detail. Until that migration completes and a provably clean pool exists, the market will likely keep applying a heavy risk premium to ZEC.
The Orchard episode is a historic stress test for privacy coins. It demonstrates that in advanced cryptography, the most dangerous vulnerabilities are not the loud ones that visibly drain a transparent contract. They are the silent ones buried in the math, where the same privacy that creates the asset's value also makes its safety unprovable.

Frequently Asked Questions

How much did ZEC fall, and was anyone robbed?
ZEC dropped from about $624 on June 4 to roughly $309 on June 5, 2026 close to 50% in 48 hours with liquidations over $116 million. No funds were stolen and no exploit was confirmed. The crash reflected uncertainty about whether the supply could be proven clean, not a realized loss.
What exactly was the Orchard bug?
A soundness flaw in the variable-base scalar multiplication gadget of the Orchard zero-knowledge circuit, in the halo2_gadgets crate. A missing constraint failed to bind a witnessed value to the real elliptic-curve base, which could have let an attacker forge nullifiers and mint counterfeit ZEC inside the Orchard pool without leaving any on-chain trace. The Zcash dev lab characterized it as a "rulebook" flaw, not a break in the core cryptography.
Could it have created infinite ZEC across the whole network?
No. Zcash's turnstile mechanism caps how much ZEC can ever leave a shielded pool at the amount deposited, so the risk was confined to potential Orchard insolvency, not chain-wide inflation. The Foundation confirmed total supply remained intact.
How was it discovered, and what role did AI play?
Security engineer Taylor Hornby, contracted by Shielded Labs in April 2026 to hunt protocol bugs, found it on May 29 using Anthropic's Claude Opus 4.8 (released May 28) inside a custom auditing framework. He wrote a working exploit that generated counterfeit ZEC in a local test environment. The flaw had survived four years and multiple expert audits.
How was it fixed?
In two stages: an emergency soft fork (Zebra 4.5.3) disabled Orchard transactions at block 3,363,426 on June 2, then the NU6.2 hard fork (Zebra 5.0.0) re-enabled Orchard with a corrected circuit at block 3,364,600 on June 3.
Why did ZEC keep falling after the fix?
Because zero-knowledge privacy makes it mathematically impossible to prove, from Orchard's records alone, that no counterfeit ZEC was created before the patch. Markets price unresolved, unprovable uncertainty heavily. Shielded Labs' proposed Ironwood pool aims to restore verifiable supply integrity by late July 2026.
 
Disclaimer: This article is for informational purposes only and does not constitute financial, investment, or trading advice. Digital assets are volatile and you may lose capital. Conduct your own research before making any decision.
市場の機会
4 ロゴ
4価格(4)
--
----
USD
4 (4) ライブ価格チャート

説明:暗号資産パルスは、AIと公開情報源を活用し、最新のトークントレンドを瞬時にお届けします。専門家の洞察と詳細な分析については、MEXC 学ぶ をご覧ください。

このページで共有されている記事は公開プラットフォームから収集したものであり、参考情報としてのみ提供されています。MEXCの立場や見解を代表するものではありません。すべての権利は Emmanuel Olamiye に帰属します。第三者の権利を侵害するコンテンツがあると思われる場合は、service@support.mexc.com までご連絡いただければ速やかに削除いたします。MEXCはいかなるコンテンツの正確性、完全性、適時性も保証せず、提供された情報に基づいて取られたいかなる行動についても責任を負いません。本コンテンツは、金融、法律、またはその他の専門的なアドバイスを構成するものではなく、MEXCによる推奨または支持として解釈されるべきものでもありません。専門家の洞察と詳細な分析については、MEXC 学ぶ をご覧ください。

4 についてもっと知る

もっと見る
Litecoin(LTC)2026年7月価格予測:LTCは40ドルのラインを維持できるのでしょうか?

Litecoin(LTC)2026年7月価格予測:LTCは40ドルのラインを維持できるのでしょうか?

Litecoinは直近で厳しい局面を迎えており、2026年7月のLitecoin価格予測を検索している人なら、すでにそれを理解しているはずです。 このトークンは過去1年だけで約50%下落しており、その下落は夏に入っても続いています。 しかし、その数字の裏側にあるストーリーは、価格チャートだけを見るよりも興味深いものです。 Litecoinは今年、本格的な規制上の明確性を得て、初の現物ETFも登場し
2026/07/03
2026年7月のChainlink(LINK)価格予測:LINKはピークから84%下落、それでも銀行が買い続ける理由とは?

2026年7月のChainlink(LINK)価格予測:LINKはピークから84%下落、それでも銀行が買い続ける理由とは?

Chainlinkは今年、機関投資家関連で最も大きな進展の一つを迎えましたが、価格はほとんど反応していません。 CoinMarketCapのデータによると、2026年7月2日時点でLINKは8.51ドルで取引されています。Chainlinkは5月に米国の大手清算機関と契約を結び、6月には50行から成る銀行コンソーシアムをネットワークに迎え入れたにもかかわらず、価格はその動きをほとんど織り込んでいま
2026/07/02
Cardano 2026年7月価格予測:ADAは次のハードフォーク前に0.24米ドルを維持できるのか

Cardano 2026年7月価格予測:ADAは次のハードフォーク前に0.24米ドルを維持できるのか

CardanoのADAトークンは今年前半、長い期間で見てもかなり厳しい値動きの中で苦戦を強いられました。現在、トレーダーは直近で0.24米ドル付近まで戻した動きが本当に維持できるのかに注目しています。 Cardanoの大型ネットワークアップグレードが独自のガバナンスシステムを通じて進行する一方、現物ETFの可能性に向けた規制面のカウントダウンも進んでいます。2026年7月は、Cardanoの技術的
2026/07/02
もっと見る

4 の最新情報

もっと見る
コロンビア vs ガーナの試合時間と視聴方法:2026年ワールドカップ テレビチャンネル、ライブ配信、キックオフガイド

コロンビア vs ガーナの試合時間と視聴方法:2026年ワールドカップ テレビチャンネル、ライブ配信、キックオフガイド

コロンビア対ガーナは、2026年FIFAワールドカップのラウンド32の重要な試合の一つです。2026/7/4 10:30(日本時間)にキックオフされ、試合はミズーリ州カンザスシティのカンザスシティ・スタジアム / アローヘッド・スタジアムで開催されます。
2026/07/03
コロンビア vs ガーナ 予想スタメン:2026年ワールドカップに向けた予想先発11人、チームニュース、負傷情報

コロンビア vs ガーナ 予想スタメン:2026年ワールドカップに向けた予想先発11人、チームニュース、負傷情報

2026/7/4 10:30にキックオフ予定のコロンビア対ガーナは、2026年ワールドカップのラウンド32に設定されています。試合はカンザスシティスタジアム / アローヘッドスタジアムで行われ、勝者はラウンド16でスイスと対戦します。 この記事では、キックオフ前の最新のコロンビア対ガーナのメンバー、予想される先発11人、チームニュース、負傷者情報、戦術的な選択に関する疑問に焦点を当てます。公式メンバーは通常、試合開始の約1時間前に発表されるため、以下の名前は最近のチームニュース、グループステージでの起用状況、戦術的なニーズに基づいた予想メンバーとして扱ってください。
2026/07/03
イラン交渉進展とホルムズ海峡の原油流通回復で原油価格安定

イラン交渉進展とホルムズ海峡の原油流通回復で原油価格安定

TLDR 米国の7月4日の祝日週末を前にした金曜日、原油価格はほぼ横ばいで推移した。ブレント原油は1バレル約71.96ドル、WTIは70ドル以下で取引された。原油は順調に推移している。
2026/07/03
もっと見る