Zcash developers are weighing whether to introduce a new Orchard shielded pool after the disclosure and remediation of a critical counterfeiting vulnerability in the existing Orchard implementation. The issue, discovered by security engineer Taylor Hornby and disclosed to Zcash Open Development Lab, has renewed focus on supply integrity, shielded-pool design, and formal verification as a security baseline for privacy-preserving protocols.
Zcash Weighs New Orchard Pool After Bug Fix
Zooko Wilcox, Zcash co-founder, wrote in an X post with Jason McGee and Taylor Hornby that Hornby discovered the Orchard counterfeiting vulnerability on May 29, 2026, after Shielded Labs engaged him in April to conduct ongoing security research focused on the Zcash protocol. Hornby disclosed the issue to Zcash Open Development Lab, or ZODL, which coordinated an emergency ecosystem response. The fix was deployed on June 1, and the broader remediation process was completed on June 2.
The disclosed vulnerability affected Zcash’s Orchard pool, which has been active since May 2022. Wilcox, McGee and Hornby described the bug as an under-constrained element in the Orchard circuit that made it possible to submit false inputs into an elliptic curve multiplication while still passing the circuit’s checks. “The vulnerability was real and exploitable. Taylor, with the help of Opus 4.8, wrote a complete exploit which, when he tested it in a local regtest environment, generated unlimited, undetectable counterfeit ZEC.” They added: “If he had run the same tool on Zcash mainnet it would have generated unlimited, undetectable counterfeit ZEC in his mainnet Zcash wallet.”
Because Orchard is a shielded pool, the authors said there is no cryptographic way to prove solely from the existing pool whether the vulnerability was exploited before the fix. Shielded Labs said its assessment is that prior exploitation was unlikely, citing the difficulty of the bug, years of prior scrutiny, Hornby’s targeted work, and the speed of the emergency response. Still, the post emphasized that users should not have to rely on that assessment, stating: “Shielded Labs is exploring —with the help of other Zcash developers—a proposed Network Upgrade to allow anyone to verify the integrity of the Zcash supply and to prove the non-existence of counterfeit Zcash in the Orchard pool. The proposal involves deploying a new shielded pool and enforcing turnstile accounting on all coins from the Orchard pool.”
Josh Swihart, Founder and CEO of Zcash Open Development Lab (ZODL), wrote separately on X that Shielded Labs had suggested the community explore a second Zcash Orchard pool in light of the recent fix. Swihart said such a pool could, in principle, be targeted for NU7 at the end of July, while noting he was not taking a fixed position on whether it should be built. Any such network upgrade would still require support from Zcash users and the project’s standard governance process before activation.
Formal Verification Emerges as Next Safeguard
The disclosure has also shifted attention toward formal verification as a longer-term security measure for Zcash’s shielded infrastructure. Swihart described the Orchard issue as a flaw in the circuit’s handwritten rules rather than in the underlying cryptography or the proof engine. “The Orchard vulnerability was in one of the rules, written loosely enough that it would accept false information and still pass. As a result, the engine could be convinced that a fake transaction was valid.” He added: “In practice, someone could have counterfeited ZEC in the Orchard pool.”
Swihart framed the problem as especially important for shielded systems because transaction amounts and histories are hidden by design. That privacy feature means users cannot inspect values in the same way they would on a transparent ledger; assurance depends on the correctness of the mathematical rules governing valid transactions. “As Sean posted, a shielded pool hides the amounts and history of the coins. It’s the point of privacy. But it also means that you cannot verify the values like you can with a public ledger.” In his view, formal verification reduces reliance on manual review by allowing a computer to check whether the circuit matches a concise mathematical specification.
Shielded Labs said it is initiating a project to formally verify the Orchard circuit, describing the effort as an attempt to write a mathematical proof that there are no more undiscovered bugs in it. The group also said it is expanding proactive security work using state-of-the-art AI tools, with help from Hornby and Anthropic, and is opening searches for a Head of Security and a Cryptographer. Swihart said multiple teams are already working on formal verification for Orchard, while also noting that Tachyon, a future Zcash design, is being built with formal verification and a simpler rulebook.
For Zcash stakeholders, the near-term question is whether a second Orchard pool can provide a practical bridge before longer-term architecture changes arrive. Swihart wrote that a formally verified Orchard pool “might be the best path” before Tachyon if verification work can be completed, while describing Tachyon as cleaner because it has fewer special cases and a more uniform design. That leaves the community with a governance decision that spans both emergency response and protocol hardening: whether to move coins through a new shielded pool with turnstile accounting, and how quickly formal verification can become part of Zcash’s security process.
The Orchard disclosure gives Zcash a clear post-remediation agenda: evaluate a new shielded pool, establish a verifiable path for supply integrity, and accelerate formal verification of critical circuits. The vulnerability has been fixed, but the governance and engineering decisions that follow will determine how the ecosystem restores confidence in Orchard and reduces the risk of similar failures in future shielded systems.
AI Transparency Note: This article was prepared with the assistance of an AI system based on the sources listed and was reviewed, edited, and approved by a human editor before publication. All quotes, data points, and factual claims are intended to be grounded in the cited source material; however, errors cannot be ruled out entirely.