A Bug Could Have Printed Unlimited Zcash For Four Years. Did Anyone?

On June 5, 2026, Zcash fell 30 to 50 percent in a single day. The trigger was the kind of disclosure privacy-coin holders dread. A flaw had been sitting in Zcash's shielded transaction circuit since May 2022, and for those four years it could have let someone mint counterfeit ZEC that nobody would ever see.

The bug was real. Security researcher Taylor Hornby found it with help from Anthropic's Opus 4.8 model, built a working exploit in a local test, and reported it privately. Developers shipped an emergency fix within days. But a fix only closes the door going forward. It says nothing about whether anyone walked through it while it was open.

That left one question hanging over the market: was Zcash actually counterfeited, or not? We went to the chain to find out.

Why This Is Hard To Answer

Normally you catch inflation by checking the books. Bitcoin's supply is public, so if someone printed extra coins, the total wouldn't add up. Zcash is built to hide exactly that. Inside its shielded pools, amounts are encrypted.

The bug lived in that privacy. It sat in a piece of the Orchard circuit meant to stop a person from spending the same coin twice. A missing constraint let an attacker spend a single shielded note over and over, doubling its value each time, all behind zero-knowledge proofs.

So the forgery itself is invisible. If someone created fake ZEC inside the Orchard pool and simply held it, no amount of analysis will ever find it. That part is settled, and Zcash's own developers have said so. But there is a catch that works in our favor.

The One Thing An Attacker Can't Hide

Fake coins sitting inside the shielded pool are worthless until you take them out. The moment value moves from the shielded side to an ordinary transparent address, that crossing is public. Zcash calls these crossings turnstiles, and the network tracks the running balance of every pool. A consensus rule says a pool's balance can never go negative. You cannot pull more money out of the shielded pool than was ever put in.

That is the lever. An attacker can mint all the fake ZEC they want, but cashing it out means draining it through the turnstile, and that draining is visible and capped. The most anyone could steal is roughly the size of the Orchard pool itself, and taking anywhere near that would empty the pool in plain sight.

So the hard question collapses into a simple one. Is the shielded pool being drained, and was there any unusual outflow while the bug was exploitable?

What The Chain Shows

We pulled Zcash's full history and cross-checked the totals against outside sources: a public block explorer for height and activity, and emission-schedule supply data for the coin count. Three things stand out.

Top: total shielded supply over time, near a record high. Bottom: daily flows in and out of the shielded pools around the bug window (shaded), with dotted lines marking normal daily noise.

Supply is exactly where it should be. Zcash has issued about 16.75 million ZEC, on schedule and well under the 21 million cap. None of the extra coins a counterfeiter would need have appeared on the transparent side. (Supply splits across transparent and shielded value pools; only the pool totals are public, not the amounts inside.)

The shielded pool is near a record high, not draining. Shielded ZEC grew roughly eightfold over the Orchard era and now sits around 5 million, just off its all-time peak from April 2026 (top panel). A large theft would show up here as a sharp drop. Instead the pool kept filling.

The window that mattered was quiet. The bug existed for four years, but it only became easy to find once Opus 4.8 was released on May 28. From that release until Orchard was switched off on June 2, daily flows in and out of the pool were small, and net positive on several days (bottom panel). The Orchard pool specifically gained about 11,000 ZEC over that stretch. The big withdrawals on the chart land either before May 28, when the bug wasn't practically findable, or after June 2, when the fix was already live and holders were moving coins to exchanges to sell into the crash. Neither lines up with an exploit.

Across two independent datasets, the fingerprints of a real theft are absent, and the supply numbers match outside sources to within a rounding error.

The Honest Part

This is where a weaker write-up would declare victory. We won't, because the data does not support certainty, and pretending otherwise would repeat the overconfidence that let this bug live for four years.

Two gaps cannot be closed.

The first is the invisible forgery. If fake notes were minted and never withdrawn, they are still sitting in the Orchard pool, and no one can detect them. The fix does not burn them. That is exactly why Zcash's recovery plan includes migrating funds into a fresh pool over time, so that anything hiding gets flushed out.

The second is a small cash-out. Shielded pools see large legitimate swings every day. Normal daily variation runs around 25,000 ZEC, and single days routinely move 200,000 ZEC in either direction. A patient thief who pulled out 50,000 to 100,000 ZEC, spread across several days or buried under bigger honest inflows, would blend into that noise. The chart rules out a raid. It cannot rule out a quiet skim.

So, Was Zcash Counterfeited?

On the evidence, there is no sign of it. Supply is on schedule, the pool is at record highs rather than drained, and the days the bug was exploitable look entirely ordinary. A large, market-moving theft is off the table.

What can't be proven is the absence of a small or unrealized one. That is a permanent feature of a coin built for privacy, not a weakness in the analysis. The same math that protects Zcash users also shields a hypothetical attacker from view.

The remaining comfort is human rather than cryptographic. The bug survived years of expert review and took hours to weaponize even with a frontier AI model helping. The people most likely to find it first were the auditors who did, and they reported it instead of draining the pool. That is not proof. Paired with a chain that shows no fingerprints, it is about as much reassurance as a privacy coin can give.

Further Reading

• Zcash plummets 30% as developer reveals a major bug undetected for four years — CoinDesk
• Zcash patches critical Orchard counterfeiting bug — Bitcoin.com
• Zooko confirms critical Orchard bug, discovered May 29 — BanklessTimes
• Emergency soft fork and NU6.2 activation — Zcash Foundation
• ZIP 209: Prohibit Negative Shielded Chain Value Pool Balances — the consensus rule behind the turnstiles
• Turnstile enforcement against counterfeiting — Electric Coin Company
• Addresses and value pools in Zcash — Zcash documentation
• Zcash shielded supply hits record highs — BeInCrypto

Analysis based on full-history Zcash chain data through early June 2026, cross-checked against independent block-explorer and supply sources. Shielded amounts are private by design; this work measures what crosses the public turnstiles between Zcash's transparent and shielded sides.