PANews reported on June 5th that Zcash founder Zooko Wilcox posted on the X platform that security researcher Taylor Hornby discovered a serious forgery vulnerability in the Zcash Orchard pool on May 29, 2026. This vulnerability allows attackers to forge an unlimited number of counterfeit ZECs without detection. Hornby disclosed the vulnerability to the Zcash Open Development Lab (ZODL), which coordinated an emergency response across the entire ecosystem. The vulnerability was patched on June 2nd. This vulnerability has existed since the Orchard pool was launched in May 2022.

Hornby, aided by the Anthropic Opus 4.8 model, wrote a complete exploit program and successfully generated an infinite number of counterfeit ZECs in local testing. Due to Orchard's privacy-oriented nature, it is cryptographically impossible to prove whether the vulnerability had already been exploited before it was patched. Zooko's assessment suggests that this vulnerability remained undiscovered by top cryptographers worldwide for years, and Hornby's use of cutting-edge AI tools to discover it before attackers meant the patching window was extremely short; therefore, the likelihood of it actually being exploited is low. To prove the integrity of the Zcash supply, Shielded Labs plans to launch a network upgrade, deploying a new privacy pool and implementing a "turnstile accounting" mechanism for all Orchard pool tokens. Detailed plans for this proposal will be released next week.