ZCash (ZEC) went through a turbulent week, losing up to 53% of its price at one point. As of June 7, ZEC recovered by up to 12%, trading at $435.

After the exploit news, ZEC is still down a net 21% for the past week. ZEC is now closely watched for stability, as the ZCash protocol is still grappling with the recent discovery of an unauthorized minting bug. 

The loss of confidence caused not only short-term market panic, but also speculations on whether ZEC would go down to zero and become worthless. Questions were raised on the potential for other coins and tokens to have similar unauthorized supply, though so far, no similar exploits have been discovered. 

Who discovered the ZCash vulnerability?

Security researcher Taylor Hornby discovered the Orchard shielded pool had a critical vulnerability that allowed for the creation of counterfeit ZEC. 

Hornby used AI to test Orchard Pool for vulnerabilities, alerting the ZCash Open Development Lab (ZODL). The team patched the vulnerability on June 2, but the announcement itself already caused panic on the market. 

The chief reason for this is that ZEC is a privacy asset, and the real supply and ownership cannot be audited. Reportedly, the vulnerability existed for around four years, and there is still no proof whether the vulnerability was exploited. 

Is the Orchard pool safe?

ZEC remains a mined coin, and the exploit is linked strictly to the creation of new coins within the Orchard pool. Currently, the total supply of ZEC is not affected, with a total of 16,755,823 coins in circulation. 

Within the Orchard pool, ZEC can be moved with the highest level of confidentiality. The counterparties and the transactions are not transparent, so there is no way to tell if any of the users were affected. 

As Cryptopolitan reported, in early 2026, a ZEC whale unshielded 202K ZEC in a single transaction, taking away 1% of the Orchard pool. There is still no way to prove if the ZEC within Orchard is all coming from externa deposits, or a bad actor still managed to withdraw some of the coins into the wider ZEC network.

Over the past year, the Orchard pool was also mentioned by influencers as a true privacy hub in crypto, encouraging the deposits of nearly 5M ZEC. Based on the potential exploit, some of those coins are suspected to be counterfeit. 

Orchard was one of the key narratives around ZCash during its record 2026 rally, with encouragement to make deposits. The pool quickly turned into the biggest shielded hub for ZEC. In the past year, the Orchard pool doubled its supply of locked coins. 

In the week after the vulnerability was discovered, ZCash was still considered risky. ThorChain decided to delay its ZEC integration until the protocol ensured no significant supply of fake ZEC exists. 

ZCash team introduces the Ironwood supply verification

Following the Orchard pool announcement, the ZCash team looked for ways to prove the circulating supply does not contain counterfeit coins. 

The Ironwood verification system will allow users to ensure the supply of ZEC is correct. For now, Ironwood is still in the proposal stage, expecting activation after a vote. 

All users that run a ZCash node would be able to verify the current supply and be assured it corresponds to the expected mining schedule. 

The old Orchard pool will be replaced by a new one, where all users will be subject to turnstile accounting. In this way, even if some ZEC was created on the old Orchard pool, it could not cross into the new one. 

Don’t just read crypto news. Understand it. Subscribe to our newsletter. It’s free.