Zcash founder reveals details of a serious forgery vulnerability in Orchard, stating that "the likelihood of it being exploited is low."

CoinFeed reported on June 5th that Zcash founder Zooko Wilcox posted on the X platform that security researcher Taylor Hornby discovered a serious forgery vulnerability in the Zcash Orchard pool on May 29, 2026. This vulnerability allows attackers to mint an unlimited number of counterfeit ZECs without detection. Hornby disclosed the vulnerability to the Zcash Open Development Lab (ZODL), which coordinated an emergency response across the entire ecosystem. The vulnerability was patched on June 2nd. This vulnerability has existed since the Orchard pool was launched in May 2022. Hornby wrote a complete exploit program using the Anthropic Opus 4.8 model and successfully generated an unlimited number of counterfeit ZECs in local testing. Due to the privacy features of Orchard, it is cryptographically impossible to prove whether the vulnerability had already been exploited before the patch.