Zcash (ZEC) developers are proposing a new supply verification system following a counterfeiting vulnerability that triggered a more than 50% price crash last week. The cryptocurrency fell to $250 after security researcher Taylor Hornby discovered a flaw in the Orchard zero-knowledge proof circuit that could have allowed creation of fake ZEC tokens without detection. Developers released an emergency patch and ZEC rebounded more than 70% to $433, but the privacy features that define Zcash make it impossible to verify whether counterfeit tokens were minted before the fix. On June 6, Shielded Labs announced the Ironwood proposal in collaboration with The Zcash Foundation, ZODL, Tachyon Group, and Valar Group to restore independent supply verification capabilities for users.
Zcash Vulnerability Triggers 50% Price Crash and $116 Million Liquidations
Last week, Zcash suffered a decline of more than 50%, falling to $250 after reports of a counterfeiting bug in its Orchard zero-knowledge proof circuit spread across the market. The incident contributed to $116 million in liquidations across the market.
Taylor Hornby discovered the flaw using an AI auditing framework powered by Claude Opus 4.8. Developers said the vulnerability could have allowed an attacker to create fake ZEC tokens within the Orchard pool without detection. The bug had existed within the Zcash network without being detected until recently.
Developers Patch Orchard Circuit and ZEC Recovers to $433
Developers released an emergency fix through a coordinated effort involving the Zcash Open Development Lab (ZODL) and other ecosystem participants. Following the patch, ZEC's price rebounded by more than 70% to $433 according to CoinMarketCap data.
While the team fixed the flaw, it remains unclear whether counterfeit ZEC was created before the patch. Developers believe exploitation was unlikely, but noted that Orchard's privacy features make it impossible for users to verify whether any fake tokens were minted.
Ironwood Proposal Introduces Supply Verification and Turnstile Mechanism
On June 6, Shielded Labs announced the Ironwood proposal in an X post, in a report authored by Zcash founder Zooko Wilcox, Jason McGee (founder of Shielded Labs), and Taylor Hornby. The proposal is being developed alongside The Zcash Foundation, Tachyon Group, Valar Group, and ZODL.
The primary goal of Ironwood is to give each user the ability to independently verify Zcash's supply. Once activated, users running a node would be able to confirm that the circulating supply has not been tampered with.
The proposal blocks any transaction that tries to mint a new coin in the Orchard pool. ZEC would no longer freely circulate within that pool, and funds would only move out through a turnstile mechanism.
The report said Ironwood could provide evidence about whether the vulnerability was ever exploited during last week's incident. As users move funds into a new pool, any potential counterfeiter would face a choice: either try to transfer fake coins, risking exposure, or leave the coins behind.
If no extra ZEC tries to leave the Orchard pool, the report noted that it would strongly suggest the flaw was never exploited. If excess funds try to exit, they would be blocked and destroyed, preserving the current circulating supply while showing that counterfeiting had occurred.
FAQ
What caused the Zcash price crash last week?
Zcash crashed more than 50% to $250 after reports spread of a counterfeiting bug in its Orchard zero-knowledge proof circuit. Security researcher Taylor Hornby discovered the vulnerability using an AI auditing framework, and the flaw could have allowed attackers to create fake ZEC tokens without detection.
How does the Ironwood proposal work?
Ironwood gives users running a node the ability to independently verify Zcash's circulating supply. The proposal blocks new coin minting in the Orchard pool and implements a turnstile mechanism that only allows funds to move out, making any attempt to transfer counterfeit tokens detectable.
Was the Zcash vulnerability exploited before the patch?
Developers believe exploitation was unlikely, but Orchard's privacy features make it impossible to verify whether fake tokens were minted. The Ironwood proposal could provide evidence by monitoring whether excess ZEC attempts to exit the Orchard pool when users migrate funds.
