Behind Zcash's 50% crash: Can ZEC truly be infinitely inflated? What is the worst that could happen

Written by: Shannon@金色财经

On June 5, 2026, Zcash officially proactively disclosed the discovery of an infinite minting vulnerability affecting the Orchard privacy pool.

As a result of this news, the market reacted violently, and the ZEC price halved within 24 hours.

Meanwhile, the vulnerability was discovered and fully tested by security researchers with the help of Claude Opus 4.8 (for context, see Golden Finance’s prior report: Claude Opus 4.8’s debut that followed ZEC’s one-day plunge and brought Zcash down).

This further intensified panic in the crypto market.

But beyond ZEC’s 50% flash crash, many factual truths still need to be clarified.

For example, what exactly does the so-called “infinite minting” mean? Is it like the previous LUNA, with infinite minting? In the worst case, how many ZEC would be minted?

This article provides a brief analysis as follows.

Will the Zcash Orchard vulnerability cause infinite issuance of ZEC?

This is a key question that needs careful clarification.

Zcash developer Shielded Labs said: “The vulnerability allows unlimited, undetectable minting of counterfeit ZEC within the Orchard pool.”

The Zcash Foundation said: “A successful exploitation of this vulnerability may allow the Orchard pool to accept invalid state transitions, potentially enabling double-spending within Orchard, but it cannot inflate the total supply of ZEC—total supply is protected by Zcash’s Turnstile mechanism.”

Both statements are true, but they describe issues at different levels.

The key is to understand the mechanism of the “Turnstile” (Turnstile).

Zcash’s multiple pools (transparent pool, Sprout, Sapling, Orchard, lockbox, etc.) track fund flow between them through a cross-pool accounting system.

As a cross-pool accounting validation, the Turnstile tracks the value between the Sprout, Sapling, Orchard, transparent pool, and lockbox pools and confirms that the total supply remains intact.

The Zcash Foundation stated that during the period the vulnerability existed, the Turnstile did not detect any unauthorized creation of value.

To understand it with an analogy: Orchard is a cryptographic black-box room, and the Turnstile is the exit turnstile that records the total amount coming in and going out. You can “copy” money arbitrarily inside the room (forging ZEC within Orchard), and the Turnstile won’t notice—because it only checks the total amounts in and out, not what happens inside the room. But when you try to take the “copied” money out of the room, the turnstile finds that more is going out than coming in and raises an alarm (rejects the transaction).

So, the Turnstile limits the value that each pool can send out so that it cannot exceed the value it receives.

An introduction to Zcash’s five major pools

Zcash’s pool system has a total of five pools. From the oldest historically to the newest, they are:

Transparent Pool

The most basic pool behaves almost the same as Bitcoin—addresses, balances, and transaction history are all publicly verifiable. All major exchanges and wallets default to transparent addresses (starting with t). Its advantage is the strongest compatibility; its disadvantage is zero privacy. Most ZEC “last-mile” transactions (deposit/withdrawal on exchanges) go through this pool.

Sprout Pool (2016)

Zcash’s original privacy pool, and also the first zk-SNARKs implementation to land on the mainnet. Addresses start with zs.

The key limitation is that it relies on a “trusted setup”—a multi-party computation ceremony to generate public parameters. In theory, if participants collude, they could forge proofs. This has long been criticized as a hidden risk. Today, Sprout has effectively entered a legacy state, with very small holdings; the official recommendation is that users migrate their assets.

Sapling Pool (2018)

Zcash’s second-generation privacy pool, with a major performance improvement. The time to generate proofs dropped from the minute level to the second level, and memory usage was also reduced significantly, making it the first time that mobile devices and lightweight wallets could practically send shielded transactions. The proof system was upgraded to Groth16, covering the three elements of sender, receiver, and amount for privacy. It still relies on a trusted setup, but it uses a larger-scale ceremony (hundreds of participants). At present, a substantial number of users are still using it, holding about 590,000 ZEC.

Orchard Pool (2022)

The most advanced privacy pool in operation, and the main protagonist of this vulnerability event. The most important technological breakthrough is the adoption of the Halo2 proof system, which completely eliminates the need for a trusted setup—no longer relying on any external ceremony, and with purer security assumptions. Addresses start with u (Unified Address).

It is also the largest shielded pool in Zcash. Before the vulnerability was discovered, it held about 4.5 million ZEC, accounting for roughly 27% of the circulating supply across the network, and carrying the vast majority of privacy transaction volume. This vulnerability stems from the constraint logic in its ZK proof circuit.

Lockbox Pool

Unlike the first four pools, it is essentially different in nature. It is not a privacy pool for storing user assets; instead, it is a protocol-layer development fund custody account.

When NU6 activated at the November 2024 halving, 12% of block rewards were routed to Lockbox for accumulation. At the same time, ZCG (Community Grant Commission) continued to receive an 8% allocation, while ECC and the direct funding addresses of the Zcash Foundation were removed from the protocol. Before that, this 20% had been sent directly to three specific institutions.

Lockbox is an issued fund pool tracked by the protocol. At present, no withdrawal mechanism has been defined. The Zcash community will need to decide and specify an appropriate decentralized withdrawal mechanism in the future in order to use these funds to support ecosystem participants. In other words, the money is locked inside, but the design plan for the key is still under discussion.

In summary, Lockbox is more like a “protocol treasury” rather than a transaction pool that ordinary users would directly interact with.

The Lockbox funds are also included in the Turnstile total-amount tracking, so it is mentioned together in this Orchard vulnerability disclosure— the foundation needs to confirm that the Lockbox accounts are also unaffected.

Turnstile (Turnstile): the security lock connecting all pools

This is not an independent pool, but a cross-pool accounting constraint mechanism that spans all pools.

It records the historical net inflow of each pool, and any pool’s outflow must not exceed the total amount it has ever received.

It is precisely this mechanism that means that even if the Orchard vulnerability allows unlimited forging of balances within the pool, it still cannot move the forged ZEC out to the transparent pool or to exchanges.

Because the exit turnstile will detect the accounts are out of balance.

How many ZEC do Zcash’s pools hold currently, respectively?

Source: zkp.baby data from June 5

How many ZEC would be minted in the worst case?

There is a specific numerical boundary here—this is the most important but least emphasized data in current reports.

During the vulnerability’s existence, as of the discovery date, the Orchard pool held at most about 4.5 million ZEC, while the older Sapling and Sprout pools held approximately 592,000 and 25,000 ZEC respectively.

After the disclosure, the number of ZEC in the Orchard pool decreased to 4.392 million, a drop of only about 2.46%.

This means the worst-case impact of the vulnerability is as follows:

Therefore, in the worst case, the “minting”—more precisely, “double-spending”—has an upper limit of about 4.5 million ZEC within the Orchard pool (about 27% of the circulating supply).

“Unlimited forgery of ZEC” still has uncertainties

Taylor Hornby did not only find the vulnerability theoretically; he also constructed a working exploitation program and tested it in a local environment.

The result was shocking: he could generate an unlimited amount of counterfeit ZEC that is undetectable. If it were run on the mainnet, he could mint unlimited ZEC directly into his own wallet, and no one could see that it happened.

The phrase “unlimited minting into the wallet” refers to the book balance within the Orchard pool, not the real ZEC that could be sold on the transparent pool or exchanges.

For attack scenarios focused on privacy (only activity within Orchard, never leaving the pool), this is technically accurate.

For scenarios involving cashing out and monetization, the Turnstile remains a hard limit.

But there is another layer of uncertainty that cannot be eliminated. The same cryptographic technology that hides balances also makes it impossible to prove on-chain, in isolation, whether a particular vulnerability was abused.

Shielded Labs stated that there is no way to cryptographically determine whether someone exploited the vulnerability before it was fixed, although they believe the likelihood of prior exploitation is low.

This is exactly why Shielded Labs proposed a new round of upgrades.

By forcibly running all ZEC within Orchard through a new Turnstile accounting, to “prove the absence of counterfeit coins.” The plan involves deploying a new privacy pool and executing the Turnstile accounting mechanism on all tokens in the Orchard pool.

This is currently the only path that can provide positive proof to the market.

Conclusion

The vulnerability will not cause unlimited global issuance of ZEC; the Turnstile mechanism provides a hard cap.

But the vulnerability can infinitely forge balances within the Orchard pool and conduct double-spending inside the pool, theoretically allowing it to sweep the inventory of about 4.5 million ZEC within the pool.

Moreover, due to privacy features, whether the exploit was used before the fix cannot be disproven at the cryptographic level.

This is the biggest uncertainty in eliminating this incident.

And uncertainty is precisely the source of the greatest panic and risk.