The Zcash network was hit by a vulnerability in the Orchard private pool that could theoretically allow unlimited creation of ZEC.

Discovery and scope

A security researcher reported the bug, which reportedly affected the core mechanism for private transactions and existed since May 2022.

The flaw, while theoretical in nature, suggested a pathway to minting tokens without following intended consensus checks, increasing concern among users and exchanges.

Developer response

The Zcash development team issued an emergency update to mitigate the vulnerability and urged node operators to apply the patch promptly to remain safe.

The project team stated that they had not found evidence of exploitation or any undisclosed inflation linked to the flaw after their investigation.

Market reaction

Following public disclosure, the price of ZEC fell by more than 30% within a single day, reflecting heightened sell pressure and uncertainty.

Additional market pressure came after Arthur Hayes announced he had sold his entire ZEC position, while noting willingness to re-enter if concerns about hidden inflation were disproved.

Next steps for the ecosystem

Nodes that have not upgraded remain exposed until they adopt the emergency patch, and exchanges continue to monitor deposits and withdrawals for anomalies.

Developers and auditors plan further reviews of the Orchard codepath to prevent similar issues and to restore confidence in private transaction integrity.