Zcash fixes the vulnerability that allows unlimited issuance of ZEC, but it cannot be verified whether it has been exploited due to the characteristics of the privacy pool

On May 29, 2026, Taylor Hornby discovered a critical forgery vulnerability in the Zcash Orchard funding pool. Taylor Hornby reported the vulnerability to the Zcash Open Development Lab, and all parties collaborated to complete the fix on June 2. This vulnerability could be exploited to secretly create an unlimited number of forged ZEC within Zcash Orchard. Due to the privacy features of Orchard, it is impossible to cryptographically prove whether the vulnerability was exploited before the fix was deployed. The vulnerability had existed since the activation of Orchard in May 2022, until an emergency fix was deployed on June 1, 2026.

With the assistance of AI tools, Taylor Hornby wrote a complete exploit and generated unlimited and undetectable forged ZEC in a local testing environment. Currently, Shielded Labs is collaborating with other Zcash developers to explore network upgrade proposals that would allow anyone to verify the integrity of Zcash's supply.