Overview
- Researcher Taylor Hornby privately disclosed a soundness bug in the Orchard shielded pool that could have allowed undetectable creation of counterfeit ZEC.
- Developers and ecosystem partners first rolled out an emergency soft fork to disable Orchard and then deployed the NU6.2 hard fork to patch the circuit and re-enable shielded transfers.
- Project teams report no confirmed on‑chain exploitation or loss of user funds, but Orchard’s privacy design makes cryptographic proof that no counterfeit coins were minted impossible.
- Anthropic’s AI tools helped find the original flaw and an Anthropic/Mythos audit reported no additional serious protocol bugs, prompting wider adoption of AI‑assisted review in Zcash security work.
- The community is pushing technical and governance fixes — including the Ironwood proposal, turnstile accounting, formal verification, and migrations for wallets and exchanges — to restore independent supply checks and rebuild user trust.