The "infinite printing money" loophole has lurked for four years, and the privacy coin ZEC has halved in one day.

CN
Odaily星球日报
Follow
2 hours ago

Original | Odaily Planet Daily (@OdailyChina)

Author | Asher (@Asher_0210)

In the early morning of June 5, Zcash founder Zooko Wilcox posted that he confirmed a critical forgery vulnerability existed in the new generation privacy pool Orchard enabled by Zcash in 2022. Although Zcash officials emphasized that the vulnerability has been fixed and believed the probability of exploitation was low, it still could not stop the spread of market panic.

After the news spread, the Zcash token ZEC quickly plummeted, falling more than 30% at one point; by the afternoon, the selling did not stop, and the atmosphere of panic continued to spread, with the price dropping to around $250 at one point, expanding to a daily decline of over 50%.

Security researcher Taylor Hornby discovered the issue on May 29 and has completed vulnerability verification in a local environment, generating a test version of forged ZEC, further confirming that the vulnerability is an executable attack path. Currently, the biggest controversies surrounding Zcash are twofold: first, whether forged ZEC has existed in the privacy pool over the past four years; second, how the officials can prove that no forged ZEC has flowed into the privacy pool, which is extremely difficult to falsify.

Where does the "unlimited issuance" of ZEC come from?

The security of Orchard (Zcash's privacy protection "shielded pool") relies on zero-knowledge proof circuits, with the core rule being asset conservation: expenditures in each transaction must come from legitimate inputs and cannot be created out of thin air. Users can hide their balance and transaction amounts, but the system must validate the legitimacy of transactions.

Security researcher Taylor Hornby found that an incomplete constraint in the Orchard circuit allows attackers to input data that should not pass, yet validation may still return success. In other words, there is no need to have administrative permissions or control nodes, nor is it a backdoor vulnerability; as long as the system mistakenly believes the transaction is legitimate, ZEC that does not originally exist may be recorded as legitimate assets within Orchard.

Shielded Labs refers to it as "unlimited, undetectable counterfeit ZEC".

The vulnerabilities are fixed, but historical issues remain

The greatest fear of ordinary security incidents is a massive loss, and the most troublesome aspect of this crisis for Zcash is that the losses cannot be directly quantified.

If an attack occurs on a transparent chain, the market can at least see the attack addresses, fund flows, and affected assets. However, the transaction amounts, balances, and fund paths in Orchard are inherently hidden. Once forged ZEC once appeared in the pool, it is difficult for outsiders to determine whether it is still in Orchard or has gradually flowed out through normal transactions.

More critically, Orchard is not a completely isolated black box. Users can migrate assets between different pools, and both real ZEC and potentially forged ZEC can mix within the pool.

The Zcash ecosystem can emphasize that there is currently no evidence of the vulnerability being exploited and can also state that the probability of malicious exploitation is low. However, for traders, "not discovering abnormalities" and "having proven nothing went wrong" are not the same thing.

This is also the core reason for the continued expansion of the ZEC decline. Until it is proven whether fake ZEC ever appeared in Orchard, the credibility of ZEC's supply will remain shrouded in uncertainty.

Arthur Hayes liquidates, igniting a market confidence crisis

After the exposure of the ZEC vulnerability, BitMEX co-founder Arthur Hayes publicly liquidating his holdings further amplified market panic.

Arthur Hayes stated on the X platform that he has sold all of his ZEC holdings. Hayes indicated that he learned about the attack incident the previous day, but did not realize its conflict with his narrative framework; the 30% drop in ZEC prompted him to rethink and decide to take profit on the entire position. He added that although he believes the probability of additional minting occurring is extremely low, it cannot be officially proven at the cryptographic level; he will continue to reassess his judgment, and if the assumption is falsified, he will buy back, hoping to re-enter at a lower price; privacy is priceless, and he does not mind buying back at a higher price.

This has a significant impact on ZEC. For some time, Arthur Hayes has been one of the key promoters of the ZEC narrative. He was optimistic about the long-term logic of privacy assets regaining value in the context of AI, government surveillance, and the expansion of large tech companies. Therefore, his liquidation is not just a big player taking profits, but more like a public downgrade of the current narrative surrounding ZEC.

When leading narrative supporters choose to exit first, the bullish positions originally supported by belief and expectation are more likely to shift towards collective profit-taking and hedging.

Community sentiment spirals out of control, ZEC transitions from price correction to trust crisis

Possibly influenced by Arthur Hayes's liquidation, discussions within the community regarding ZEC quickly shifted from "should we bottom fish" to "can we still trust it?".

On one hand, the community repeatedly emphasizes the seriousness of the vulnerability itself. Compared to short-term declines, many users care more about the fact that a vulnerability theoretically able to create unlimited counterfeit coins lurked within Orchard for nearly four years. For them, the price drop is merely superficial; what truly shakes their confidence is that the most core safety assumption of Zcash has been called into question.

On the other hand, the process of discovering the vulnerability with the assistance of AI has further exacerbated the distrust. Taylor Hornby conducted a targeted review of the Orchard circuit with the aid of AI tools, ultimately discovering the vulnerability, writing the exploitation program, and generating forged ZEC in a local environment. Although AI did not conduct the audit independently, what the community more easily remembers is that "a critical vulnerability that existed for years was assisted in being found by AI in a short time," and this narrative quickly fermented.

This has directed public opinion towards the Zcash development and auditing system. The community questions why a vulnerability that existed since 2022 could run on the mainnet for years without being discovered. If even the core privacy pool may have constraint omissions, how can users still trust Zcash's commitments to supply and privacy security?

Thus, this decline is no longer just a realization of profit-taking. Until Zcash provides more convincing proof, no one is truly willing to hold ZEC for the long term.

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To

Related Articles

avatar
avatarTechub News
46 minutes ago
COMPUTEX 2026: AI transitions from a computing power competition to physical deployment, and the robotics industry chain begins to enter a mass production narrative - from the Taipei exhibition site to discussions in the capital market, how Physical AI reshapes industry focus.
avatar
avatarOdaily星球日报
1 hour ago
Agent's Payment This Year: Under the Halo, the Market Has Not Arrived
avatar
avatarTechub News
2 hours ago
A new round of major technology fusion is happening: Why can't AI do without blockchain?
avatar
avatarTechub News
2 hours ago
Yao Shunyu: A bad tendency of China's AI is the preference for ranking manipulation.
avatar
avatarTechub News
2 hours ago
OpenAI researcher Sebastian Bubeck and Ernest Ryu: How AI Accelerates Mathematical Research and Moves Towards Universal Science
APP

X

Telegram

Facebook

Reddit

CopyLink