News linked to both this project and an event.
Odaily Zcash founder Zooko Wilcox posted on X stating that a security audit conducted by Anthropic's Claude Mythos AI model did not find any "more severe vulnerabilities" in the Zcash protocol. The audit was commissioned by Shielded Labs, a Swiss non-profit organization supporting Zcash development. On June 3, Zcash developers temporarily paused Orchard transactions after discovering a vulnerability in the shielded pool, restoring functionality through an emergency upgrade the same day. The issue stemmed from a four-year-old forging vulnerability in the Orchard shielded pool, identified by security researcher Taylor Hornby with the assistance of Anthropic's Claude Opus 4.8 model. The Zcash Foundation stated there is no evidence that the vulnerability was exploited, nor was any unauthorized value creation detected, and user privacy remained unaffected.Anthropic released the first public version of the Claude Mythos model, Fable 5, on Tuesday, and stated on Friday that it has suspended access to the Fable 5 and Mythos 5 AI models due to export control directives issued by the U.S. government citing national security concerns. (Cointelegraph)
According to Cointelegraph, Zcash founder Zooko Wilcox stated that a security audit of the Zcash protocol—commissioned by Shielded Labs and conducted using Anthropic’s Mythos AI model—did not uncover any new critical vulnerabilities. Previously, security researcher Taylor Hornby discovered, using Claude Opus 4.8, a four-year-old forgery vulnerability in the Orchard shielded pool, prompting developers to urgently suspend Orchard transactions on June 3 and complete the fix the same day. The Zcash Foundation confirmed there is no evidence the vulnerability was ever exploited, and user privacy remained unaffected.
Zcash founder Zooko posted on X, stating that at the request of Shielded Labs, Anthropic and Mythos conducted a security audit of Zcash, and no further critical vulnerabilities were found in the Zcash protocol. Shielded Labs and other parties are continuing to carry out security reinforcement efforts.
According to a post by Zcash co-founder Zooko (@zooko), Anthropic, in collaboration with Mythos, conducted a security audit of the Zcash protocol at the request of Shielded Labs. The audit found no critical vulnerabilities. Shielded Labs and related teams are continuing their efforts to strengthen security, and further updates will be announced separately.
Odaily News, June 9th — BitMEX co-founder Arthur Hayes stated in his latest article "Reality Test" that if oil prices continue to rise due to the US-Iran conflict, it could trigger a collapse of the AI stock bubble and drag the entire crypto market down.Hayes said that if traffic restrictions in the Strait of Hormuz persist deep into the second quarter, spot prices for hydrocarbons and other key commodities could rise in the third quarter. If oil prices continue to climb and inflationary pressures impact the US midterm elections, Trump might pivot to a tough stance targeting data center construction, AI regulation, and taxation. Hayes believes the market could anticipate Trump limiting AI capital expenditure and taxing AI companies, thereby triggering the burst of the AI stock bubble.Hayes also noted that since November 2022, the scale of AI-related debt issuance has been approximately $1.5 trillion, and US M2 has increased by roughly the same amount during the same period. He believes the three factors that could pop the AI bubble include rising energy costs, the market's inability to absorb three major AI-related IPOs — namely SpaceX, Anthropic, and OpenAI — and Trump's shift to opposing AI. In terms of portfolio, Hayes stated that Maelstrom's stock portfolio holds significant positions in US-listed energy producers; he has sold AI-related stocks and offloaded non-core crypto assets, having dumped HYPE, NEAR, and WLD last week, as well as selling ZEC due to the Orchard Pool vulnerability. He still holds Bitcoin and ETH and will execute tactical short trades via derivatives.
Odaily Seer monitoring shows that Polymarket has launched a new prediction event titled "Was Zcash's Orchard privacy pool confirmed to have been exploited?"On June 4, Zcash's core development team revealed that they had deployed an emergency network upgrade to fix a critical cryptographic vulnerability in the Orchard privacy pool. This flaw could have potentially allowed a malicious attacker to arbitrarily forge unlimited amounts of ZEC. Due to the vulnerability's characteristic that "it is impossible to cryptographically prove whether it was exploited in the past," independent support organization Shielded Labs subsequently proposed on June 5 to deploy a new privacy pool during the NU7 upgrade at the end of July. They also suggested implementing strict "Turnstile-accounting" audits for tokens exiting Orchard to investigate whether any forged tokens exist. According to the settlement rules for this prediction event, if before December 31, 2026, official sources or mainstream credible media confirm that the vulnerability was effectively exploited on the mainnet before being patched, the event will settle as YES.Odaily Seer continues to monitor prediction markets, seeing changes before pricing.
Odaily Seer Prophet Channel monitoring shows that the probability of "Zcash will hit $100 in 2026" on Polymarket has risen to 53%, a 24-hour increase of 36%.Market rules: If between 17:35 on November 24, 2025, and 23:59 on December 31, 2026 (Eastern Time), the lowest price (Low) of any 1-minute candlestick of the Binance ZEC/USDT trading pair reaches or falls below the price stated in the title, this market will immediately settle as "Yes"; otherwise, it will settle as "No." Settlement is based solely on the 1-minute candlestick data of the Binance ZEC/USDT trading pair; prices from other exchanges or trading pairs will not be considered.In previous news, the privacy coin Zcash disclosed and fixed a critical security vulnerability that could have been exploited by malicious miners to transfer over 25,000 ZEC (approximately $6.5 million) from the deprecated Sprout privacy pool. Officials stated that the vulnerability had existed since July 2020 but was not actually exploited, and user funds remained safe at all times. The development team has released version v6.12.0 to complete the fix, and major mining pools have already upgraded their deployments.Odaily Seer Prophet Channel continues to monitor prediction markets, seeing changes before pricing.
Haseeb, Managing Partner at Dragonfly, has addressed the recently patched Zcash vulnerability, stating that there are many misconceptions in the market regarding the incident. He pointed out that even if the vulnerability had been exploited before the fix, an attacker could only profit by forging ZEC within the shielded pool. For these tokens to enter mainstream trading platforms, they would first need to be converted from shielded addresses to transparent addresses. Since the supply of ZEC in transparent addresses is publicly verifiable, any abnormal transfers exceeding the maximum supply would be detected and blocked. Therefore, the vast majority of investors and exchange users holding transparent ZEC would not be affected.Haseeb stated that the Zcash team plans to introduce a new “Turnstile” mechanism and a new shielded pool in future upgrades to verify that the current shielded pool does not suffer from inflation issues. He also noted that formally verified cryptographic systems can reduce implementation errors at the design level. Finally, Haseeb disclosed that Dragonfly still holds ZEC, and he is personally an investor in ZODL.
According to the THORChain blog, ZEC is in the queue for launch on THORChain. However, due to a recent vulnerability disclosed in Zcash—whose existing patch impacts integrators’ normal operations—THORChain must first complete a minor code modification to its Bifrost module before proceeding. The development team stated that the change is minimal but must be completed prior to ZEC’s launch. Monero (XMR) is currently expected to launch by the end of this month, with ZEC scheduled to follow.
According to Hyperinsight’s monitoring, Zcash faces a theoretical risk of unlimited token supply due to a vulnerability in its Orchard zero-knowledge proof system. Negative public sentiment surrounding its “black-box” nature has continued to escalate and culminated in today’s concentrated outbreak.
Odaily, Cypherpunk, the company managing the ZEC treasury, stated that all software has vulnerabilities. Historically, Bitcoin once "over-minted" 184 billion BTC due to a bug. However, this does not mean abandoning blockchain technology; rather, security should be enhanced through formal verification and provable correctness.Cypherpunk emphasized that with the development of AI technology, vulnerability detection will become faster and broader, but the key lies in who can discover issues before malicious actors. Zcash will demonstrate this capability through an upcoming update.
Cypherpunk, the ZEC treasury company, responded on X to the market volatility of the ZEC token, stating that all software contains vulnerabilities and citing the historical Bitcoin incident in which a bug led to the accidental minting of 184 billion BTC. However, this does not mean blockchain technology should be abandoned; instead, security should be enhanced through formal verification and provable correctness.
according to Onchain Lens monitoring, due to the Orchard Pool vulnerability, ZEC fell below $400. The 3x leveraged ZEC short position of “1011 insider whale” Garrett Jin has a floating profit of over $13.5 million, while his 5x leveraged BTC long position has a floating loss of over $17 million.
Arthur Hayes (@CryptoHayes), co-founder of BitMEX and CIO of Maelstrom Fund, stated in a post that he has liquidated his entire $ZEC position following a vulnerability exploit targeting ZEC’s Orchard Pool. Hayes noted that although malicious minting is highly unlikely, it cannot be cryptographically proven impossible; privacy narratives demand “perfection,” not merely “probable security.” He added that if the underlying assumptions are later falsified, he does not rule out repurchasing $ZEC at a lower price. His team continues to hold a $WLD position and maintains a bullish stance.
on May 29, 2026, Taylor Hornby discovered a critical counterfeiting vulnerability in Zcash's Orchard pool. Taylor Hornby reported the vulnerability to the Zcash Open Development Lab, and after coordinated efforts, a fix was completed on June 2. The vulnerability could have been exploited to secretly create an unlimited number of counterfeit ZEC within Zcash Orchard. Due to the privacy features of Orchard, it is cryptographically impossible to determine whether the vulnerability was exploited before the fix was deployed.The vulnerability had existed since Orchard's activation in May 2022 until an emergency fix was deployed on June 1, 2026. Taylor Hornby, with the assistance of AI tools, wrote a complete exploit program and generated an infinite, undetectable amount of counterfeit ZEC in a local test environment. Shielded Labs is currently collaborating with other Zcash developers to explore network upgrade proposals that would allow anyone to verify the integrity of Zcash's supply.
The Zcash Foundation released Zebra versions 4.5.3 and 5.0.0 to address a critical soundness vulnerability in the Orchard zero-knowledge proof circuit. Version 4.5.3 temporarily disables Orchard operations via an emergency soft fork, while version 5.0.0 activates NU 6.2, re-enables Orchard using the patched circuit, and permanently closes the vulnerability.
Odaily news: The Zcash Foundation has announced the release of Zebra 4.5.1 version update to fix a consensus-critical security vulnerability and strongly recommends that all node operators upgrade immediately. The vulnerability, identified as GHSA-2prc-cj5x-4443, involves a sigops (signature operation count) counting error in P2SH transactions, which could lead to potential consensus fork risks. This fix corrects an incomplete patch in the previously released 4.5.0 version, which was just released yesterday.The Zcash development team stated that the issue stems from discrepancies in sigop counting logic between different implementations, which could cause nodes to produce different results when verifying transactions, thereby affecting consensus consistency on the chain. The fix resolves this by reverting and adjusting the Rust implementation logic to ensure alignment with the expected protocol behavior.The Zcash Foundation emphasized that there is currently no workaround for this issue, and upgrading to 4.5.1 is the only method to ensure nodes remain on the correct chain and avoid potential fork risks.
: The Zcash Foundation has released version 4.5.0 of its node client, Zebra. This update includes multiple security fixes, addressing a critical consensus vulnerability and several high-severity Denial of Service (DoS) issues. All node operators are strongly urged to upgrade immediately.Key fixes in this release include a sigop counting error in P2SH script parsing (which could cause a consensus fork with zcashd), a logic flaw in NU5 block validation caching, a crash risk related to transparent address balance overflow, along with multiple crash and resource exhaustion vulnerabilities in RPC interfaces and mempool processing. The Foundation stated that some vulnerabilities could be exploited by malicious nodes, leading to node stalls, restart loops, or even permanent stoppage.Additionally, this version adds support for ZIP-213 (enabling shielded coinbase outputs to Sapling) and optimizes network performance and security boundaries. This includes limiting resource allocation during the pre-handshake phase, fixing risks related to multi-threaded queue abuse, and enhancing the misbehavior scoring mechanism.The Zcash Foundation stated that this update addresses over 80 security reports from the ZCG Vulnerability Disclosure Program (spanning April to May 2026), covering multiple layers including consensus security, memory management, RPC processing, and the P2P network attack surface. Officials emphasized that there is no alternative to this upgrade; upgrading is the only way to ensure nodes do not experience a chain split and remain secure.
the L1 blockchain TAC team stated they have confirmed a security incident on the cross-chain layer resulted in approximately $2.8 million in assets being transferred, involving assets such as USDT, BLUM, and tsTON.TAC stated that if the attacker returns the relevant funds to the designated multi-signature address, the team will consider this incident a "white hat rescue" and will not take legal action against the operator of the involved ETH/BSC, ZEC, and TON addresses.As a reward, the attacker can receive an approximately 10% bounty, equivalent to about 13 ETH and 300 ZEC.
The Zcash Foundation officially announced the release of Zebra 4.4.0, which addresses multiple critical consensus-level security vulnerabilities. All node operators are strongly advised to upgrade immediately. The vulnerabilities include a denial-of-service (DoS) flaw that could permanently halt the discovery of new blocks; a signature operation (sigop) counting error in block validation that may cause consensus divergence; abnormal handling of transparent transaction signature hashes; and a memory allocation amplification attack risk. The Zcash Foundation stated that some of these vulnerabilities could cause Zebra nodes to accept blocks rejected by zcashd, potentially triggering a chain fork. Without timely upgrades, nodes risk interruption of block discovery, consensus forks, and amplified resource consumption. No alternative mitigations are currently available.