The Zcash Counterfeiting Vulnerability And The Trust Problem It Created
Zooko Wilcox-O’Hearn recently disclosed on X that a vulnerability had existed on Zcash since 2022. This flaw could have allowed counterfeit ZCash (CRYPTO: ZEC) through its Orchard shielded pool. He assured the public that the bug has been eliminated and it’s very unlikely that the loophole was exploited. These assurances fell on deaf ears as the market responded with panic selling.
Following this news, $ZEC slumped by over 30%. As panic spread, the sell-off continued. The day’s loss hit around 50%. $ZEC dropped from this price to as low as $250. Key supporters of the privacy coin did not help matters as they cut their losses since ZCash cannot quantify the extent of the damage. How can the safety of this chain be proven when a bug went unnoticed for 4 years?
How The Bug Was Discovered
ZCash engaged security researcher Taylor Hornby to run checks, and he discovered the issue on May 29. After his discovery, he replicated the vulnerability in a local environment and created ZEC tokens. He hit the jackpot. This test confirmed a vulnerable path to increase supply in the secret pool. Now, observers are rife with questions. Did forged ZEC tokens ever make it into the privacy pool? Can ZCash prove that counterfeit $ZEC has never appeared in the pool? These possibilities are difficult to disprove, hence the domino effect.
The affected upgrade Orchard , a privacy-shielded pool, relies on zero-knowledge proofs. It was built to preserve assets in transactions. ZK proofs compel users to meet the conditions for minting without disclosing underlying data. The network verifies this proof. If it is invalid, the mint is rejected. This protocol ensures that assets in the pool come from Verifiable sources and that $ZEC is not minted out of thin air. Orchard does all the transparency checks in the background while concealing transaction details.
What Taylor Hornby found was a weak constraint. This loophole allows data that will otherwise be rejected to return a success after validation. If the system is deceived into believing a transaction is …
About The Author
