Zcash Freezes Orchard Pool After AI Surfaces Token-Forgery Bug

Zcash's Orchard shielded pool shipped with a flaw that could in principle let someone forge tokens and quietly inflate the supply. Taylor Hornby of Shielded Labs found it on purpose. He went looking, using AI-assisted detection and tools he built himself, and surfaced a defect that years of review by outside cryptographers had missed. Once it was disclosed, Zcash developers worked with major mining pools to temporarily freeze the Orchard pool and push a fix, cutting the window for anyone to act on it.

Two questions matter to people holding ZEC: is the supply already inflated, and is their money safe. Shielded Labs gives a qualified yes on safety. It puts the odds that the bug was ever exploited as very low, and it lays out the reasoning. The vulnerability is genuinely hard to find, which is why it sat undiscovered for so long. Exploiting it would mean moving forged ZEC out of the pool and swapping it for other assets, the kind of move that leaves traces. Attackers in this space strike and run. No such evidence has shown up.

Here is the part Shielded Labs does not paper over. Right now, ordinary users cannot independently confirm that Zcash's total supply has not been padded with counterfeit tokens. For a coin whose entire pitch is verifiable scarcity under privacy, that is not a small caveat. It is the caveat.

The fix is a planned upgrade called Ironwood. It permanently closes the Orchard pool to new deposits and forces every remaining asset out through the original channels, which can only return what was legitimately put in. After that, anyone running a node can check the supply math themselves, without trusting the team's word or guessing at what a hacker might have done.

Holders who want out now can move funds to a transparent address and lose privacy, or to the older Sapling pool, supported by only two self-custody wallets, YWallet and Zkool, and resting on a trusted setup ceremony from 2018. Shielded Labs says repeated sweeps, including help from Anthropic's unreleased Mythos model and work with the Tachyon project, have turned up no other forgery bugs. It cannot prove none exist. Until Ironwood ships, no node operator can prove the supply either.