Written by: Shannon@金财经

On June 5, 2026, Zcash officials proactively disclosed the discovery of an unlimited issuance vulnerability in the Orchard privacy pool.

Affected by this news, the market reacted violently, and the price of ZEC halved in 24 hours.

At the same time, security researchers discovered and fully tested the vulnerability with the help of Claude Opus 4.8 (for details, please see Golden Finance’s previous report ZEC lost half of its value in one day Claude Opus 4.8 defeated Zcash in its debut).

This further exacerbates panic in the crypto market.

However, after the ZEC flash crash of 50%, many facts and truths still need to be further clarified.

For example, what does the so-called unlimited issuance mean? Is it like the previous LUNA with unlimited issuance? How many additional ZEC will be issued in the worst case scenario?

This article is briefly analyzed as follows.

Will the Zcash Orchard vulnerability cause unlimited ZEC issuance?

This is a critical issue that needs to be clarified carefully.

Zcash developer Shielded Labs said: "The vulnerability allows unlimited and undetectable minting of fake ZEC within the Orchard pool."

Zcash Foundation said: "Successful exploitation of this vulnerability may allow the Orchard pool to accept invalid state transitions, potentially allowing double spending within Orchard, but will not inflate the total supply of ZEC - the total supply is protected by the Zcash revolving door mechanism."

Both sentences are true, but they describe problems at different levels.

The key is to understand the mechanism of the "Turnstile".

Funds flowing between Zcash's multiple pools (Transparent Pool, Sprout, Sapling, Orchard, Lockbox, etc.) are tracked by a cross-pool accounting system.

The revolving door mechanism acts as a cross-pool accounting check, tracking the value between Sprout, Sapling, Orchard, Transparent Pools, and Lockbox pools to confirm that the total supply remains intact.

The Zcash Foundation stated that the revolving door did not detect any unauthorized value creation during the duration of the vulnerability.

Use a metaphor to understand:Orchard is an encrypted black box room, and the revolving door is the exit gate of the room, recording the total amount of entry and exit. You can "copy" banknotes (forge ZEC in Orchard) anywhere inside the room, and the revolving door will not notice - because it only looks at the total amount of money coming in and out, not what is happening inside the room. But when you try to take the "copied" banknotes out of the room, the gate finds that there are more going out than coming in, and it will call the police (rejecting the transaction).

So, the revolving door limits the value going out of each pool to not exceed the value coming in.

Introduction to the 5 major Zcash pools

Zcash has a total of five pool systems. From the oldest to the newest, they are:

Transparent Pool

The most basic pool behaves almost the same as Bitcoin - addresses, balances, and transaction history are all publicly available. All major exchanges and wallets use transparent addresses (starting with t) by default. The advantage is the strongest compatibility, but the disadvantage is zero privacy. Most of ZEC's "last mile" (deposit and withdrawal exchanges) pass through here.

Sprout Pool (2016)

Zcash’s original privacy pool was also the first zk-SNARKs implementation in history to be launched on the main network. The address starts with zs.

The key limitation is that it relies on a "Trusted Setup" - a multi-party calculation ceremony is required to generate public parameters, and theoretically participants can forge proofs if they collude. This is a hidden danger that has long been criticized. Now Sprout has actually entered a legacy state, with very small holdings, and officials recommend users to migrate their assets.

Sapling Pool (2018)

Zcash's second-generation privacy pool has greatly improved performance - the time to generate proofs has been reduced from minutes to seconds, and memory usage has also been significantly reduced, making it possible for mobile terminals and light wallets to practically send shielded transactions for the first time. It proves that the system is upgraded to Groth16, and privacy covers the three elements of sender, receiver and amount. It still relies on a trusted setting, but in a larger scale ceremony (hundreds of people participating). There are still a considerable number of users using it, holding about 590,000 ZEC.

Orchard Pool (2022)

The most advanced privacy pool in active use is also the protagonist of this vulnerability incident. The most important technological breakthrough is the adoption of the Halo2 proof system, which completely eliminates the need for a trusted setup - no longer relies on any external rituals, and the security assumption is purer. The address begins with u (Unified Address).

It is also Zcash’s largest shielded pool, holding about 4.5 million ZEC before the vulnerability was discovered, accounting for about 27% of the entire network’s circulation and carrying the vast majority of private transaction volume. The vulnerability lies in the constraint logic of its ZK proof circuit.

Lockbox Pool

It is essentially different from the first four pools. It is not a privacy pool used to store user assets, but a development fund custody account at the protocol layer.

NU6 activates at the November 2024 halving, routing 12% of block rewards to Lockbox for accumulation, while ZCG (Community Grants Committee) continues to receive an 8% allocation, while the ECC and Zcash Foundation’s direct funding addresses are removed from the protocol. Prior to this, the 20% was made directly to three specific institutions.

Lockbox is a pool of issued funds tracked by the protocol. There is currently no withdrawal mechanism defined. The Zcash community will need to decide and specify a suitable decentralized withdrawal mechanism in the future before these funds can be used to fund ecological participants. In other words, the money is locked inside, but the design of the key is still being discussed.

In summary, Lockbox is more like a "protocol treasury" rather than a trading pool that ordinary users will have direct access to.

Lockbox's funds are also included in the total revolving door tracking, so it was mentioned in this Orchard vulnerability disclosure - the foundation needs to confirm that Lockbox's accounts have not been affected.

Turnstile: a security lock connecting all pools

This is not an independent pool, but a set of cross-pool accounting constraints across all pools.

It records the historical net inflows of each pool, and the outflows from any pool may not exceed the total amount that pool has ever received.

It is this mechanism that makes it impossible for the Orchard vulnerability to bring forged ZEC out to transparent pools or exchanges even if it allows unlimited forged balances in the pool.

Because the exit gate will find that the account is uneven.

How many ZEC are currently held by each Zcash pool

Source: zkp.baby data on June 5

How many more ZEC will be issued in the worst case scenario

Here is a specific numerical boundary, which is the most important but least emphasized data currently reported by all parties.

During the existence of the vulnerability, the Orchard pool held a maximum of approximately 4.5 million ZEC as of the date of discovery, while the older Sapling and Sprout pools held approximately 592,000 and 25,000 ZEC respectively.

After the vulnerability was disclosed, the current number of ZEC in the Orchard pool dropped to 4.392 million, a decrease of only about 2.46%.

This means that the worst-case impact of the vulnerability is as follows:

Therefore, the worst-case scenario of "additional issuance", or "double spending" to be precise, is capped at approximately 4.5 million ZEC in the Orchard pool (approximately 27% of the circulating supply).

"Unlimited forgery ZEC" is still uncertain

Taylor Hornby didn't just discover the vulnerability in theory, he built a working exploit and tested it in a local environment.

The results were shocking: he was able to generate an unlimited amount of undetectable counterfeit ZEC. If running on mainnet, he can mint unlimited ZEC directly into his wallet without anyone seeing this happen.

The expression "unlimited minting into the wallet" here refers to the book balance in the Orchard pool, rather than the actual ZEC sold in the transparent pool or exchange.

This is technically accurate for privacy-focused attack scenarios (active only within Orchard, never leaving the pool).

For cash-out scenarios, the revolving door is a hard upper limit.

But there is a layer of uncertainty that cannot be eliminated. The same cryptography technology both hides balances and makes it impossible to prove from the chain alone whether a vulnerability has been abused.

Shielded Labs said there is no way to cryptographically determine whether the vulnerability was exploited before it was fixed, although they believe previous exploits were less likely.

That's why Shielded Labs is proposing a new round of upgrades.

"Prove that there are no counterfeit coins" by forcing all ZEC in Orchard to go through the new revolving door accounting. The plan involves deploying a new privacy pool and implementing a revolving door accounting mechanism for all tokens in the Orchard pool.

This is currently the only path that can provide positive proof to the market.

Conclusion

The loophole will not lead to unlimited global issuance of ZEC, and the revolving door mechanism provides a hard upper limit.

However, the loophole can infinitely forge balances in the Orchard pool and perform double payments in the pool. In theory, it can sweep away the stock of approximately 4.5 million ZEC in the pool.

And due to the privacy characteristics, whether the vulnerability has been exploited before being repaired cannot be falsified at the cryptographic level.

This is the most difficult uncertainty to eliminate in this incident.

Anduncertainty is precisely the biggest source of panic and risk.