coin-img-ETHETH-11.36%coin-img-BTCBTC-5.74%coin-img-SOLSOL-8.14%coin-img-XRPXRP-6.22%coin-img-USDCUSDC-0.04%coin-img-ADAADA-17.20%coin-img-HYPEHYPE-14.41%coin-img-TONCOINTONCOIN-16.21%coin-img-ETHETH-11.36%coin-img-BTCBTC-5.74%coin-img-SOLSOL-8.14%coin-img-XRPXRP-6.22%coin-img-USDCUSDC-0.04%coin-img-ADAADA-17.20%coin-img-HYPEHYPE-14.41%coin-img-TONCOINTONCOIN-16.21%coin-img-ETHETH-11.36%coin-img-BTCBTC-5.74%coin-img-SOLSOL-8.14%coin-img-XRPXRP-6.22%coin-img-USDCUSDC-0.04%coin-img-ADAADA-17.20%coin-img-HYPEHYPE-14.41%coin-img-TONCOINTONCOIN-16.21%coin-img-ETHETH-11.36%coin-img-BTCBTC-5.74%coin-img-SOLSOL-8.14%coin-img-XRPXRP-6.22%coin-img-USDCUSDC-0.04%coin-img-ADAADA-17.20%coin-img-HYPEHYPE-14.41%coin-img-TONCOINTONCOIN-16.21%

Zcash Discloses Critical Orchard Flaw; ZEC Slides as Much as 43%

CoinDesk reported that the Zcash ecosystem has confirmed a critical vulnerability in Orchard, its shielded (privacy) transaction pool, which could allow an attacker to forge an unlimited amount of ZEC. A fix was completed and deployed on June 1. Because Orchard is designed to preserve privacy, the ecosystem says it cannot verify on-chain whether the bug was exploited at any point between May 2022 and June 2026. Following the disclosure, ZEC fell to around $250, marking an intraday peak drop of 43%. The issue was discovered on May 29 by security researcher Taylor Hornby, who was engaged by the Zcash team for security research. Hornby said he produced working exploit code with assistance from Anthropic's Claude Opus. The flaw sits in Orchard's input-validation logic: checks that appear to enforce transaction rules do not correctly apply the required constraints. As a result, an attacker could craft fraudulent inputs that still pass zero-knowledge proof verification, effectively minting ZEC from nothing. Any forged tokens would be indistinguishable from legitimate ZEC. Hornby said he validated the exploit only in a local environment and immediately disclosed it to ZODL, the group coordinating Zcash development, without attempting any mainnet attack. An emergency patch was rolled out on June 1 to block further exploitation. The team also acknowledged the vulnerability may have been exploitable for roughly four years, and that Orchard's privacy properties make it cryptographically impossible to determine whether covert minting occurred. To mitigate ongoing risk, Shielded Labs is proposing a network upgrade that would introduce a new privacy pool and add a "turnstile accounting" verification mechanism for assets moving out of Orchard. Under the approach, existing Orchard funds would need to pass through a verifiable checkpoint to detect any forged supply. The proposal requires community governance approval and must proceed through Zcash's standard network-upgrade process, with a more detailed version expected next week. Shielded Labs also said it will pursue full mathematical verification of the Orchard circuit and hire a security lead and cryptography researchers. The incident has renewed attention on AI's role in security research: Claude Opus 4.8 was released publicly on May 28, and researchers identified the longstanding vulnerability within about 24 hours of the model going live. As more capable models are released, the pace of both attacks and defenses in crypto protocols may accelerate.
Wybrane
Klauzula wyłączenia odpowiedzialności: Powyższe treści są wyrazem opinii autora i nie stanowią opinii BingX. Nie należy ich traktować jako porady inwestycyjnej od BingX. Sprawdź szczegóły w regulaminie.