News
5 Jun 2026, 07:00
Aave Restores Lending After $300M Recovery Fund Ends Bridge Exploit

Aave declared lending pools fully operational on June 1 after a $300 million coalition replaced assets from an April 18 bridge exploit. Aave Labs filed an emergency U.S. federal court motion to unlock $71 million in frozen recovered ETH before restoration could complete.
5 Jun 2026, 07:00
Zcash Slides 30% Despite Emergency Fix for Critical Bug

The flaw existed since May of 2022, and was discovered by security engineer Taylor Hornby on May 29. While researchers successfully demonstrated the exploit in a controlled environment, there is currently no evidence that it was used on the live network. Security Flaw Sends Zcash Price Into Freefall Zcash (ZEC) experienced a steep decline in value after the public disclosure of a critical security vulnerability that could have theoretically allowed an attacker to create an unlimited amount of counterfeit ZEC. The revelation triggered a lot of concern among investors, and contributed to a decline of more than 30% in the cryptocurrency’s price over the past 24 hours. ZEC price action over the past 24 hours (Source: CoinCodex) The vulnerability was discovered on May 29 by security engineer Taylor Hornby while conducting a security review on behalf of Shielded Labs. According to reports, Hornby identified a flaw in Zcash’s Orchard shielded pool, a privacy-focused component that uses advanced cryptographic techniques to conceal transaction details. After the discovery, the issue was disclosed to the Zcash Open Development Lab (ZODL), which coordinated an emergency response and deployed a hard fork on June 3 to eliminate the threat. The flaw reportedly existed since May of 2022 and involved a weakness in an elliptic curve multiplication check used in Orchard’s cryptographic verification process. This bug could potentially allow malicious actors to bypass transaction validation mechanisms and generate counterfeit ZEC without detection. During testing, Hornby successfully created a proof-of-concept exploit capable of producing unlimited counterfeit coins in a controlled environment. Hornby used Claude Opus 4.8, an advanced artificial intelligence model released only one day before the discovery, to assist with the targeted code review that ultimately uncovered the vulnerability. Researchers stated that if the same exploit had been executed on the live Zcash network prior to the patch, it could have resulted in undetectable counterfeit ZEC being generated in a wallet. Despite the seriousness of the vulnerability, there is currently no evidence that it was exploited on the mainnet. BitMEX co-founder Arthur Hayes commented that while it cannot be mathematically proven that no illicit minting occurred, he believes it is unlikely that attackers successfully abused the flaw. Nevertheless, Hayes revealed that he sold his entire ZEC position after the disclosure. Others pointed out that similar theoretical risks exist across many privacy-focused cryptocurrency protocols that rely on zero-knowledge proofs. Mert Mumtaz, CEO of Solana infrastructure company Helius, argued that vulnerabilities of this nature are not unique to Zcash and often stem from complex cryptographic circuits that are difficult to audit and monitor. The incident also revived memories of a previous counterfeiting vulnerability discovered in Zcash’s cryptographic framework in 2018. That flaw was privately fixed before any known exploitation occurred.
5 Jun 2026, 06:25
Zcash Plunges 30% to $339 After Orchard Counterfeit Bug Disclosure, Hayes Dumps Entire ZEC Bag

Zcash News Zcash slid roughly 30% over the past 24 hours after Shielded Labs disclosed a critical vulnerability in the Orchard shielded pool that could have allowed an attacker to mint an unlimited...
5 Jun 2026, 06:00
Bitcoin Falls To $61,300 As Mt. Gox Moves BTC, Raising Selloff Concerns

With roughly 24,081 Bitcoin still sitting in wallets tied to the defunct exchange, Mt. Gox has started moving funds again — and the timing could not be more charged. Deadline Pressure Mounts The repayment deadline for Mt. Gox creditors is now set for October 31, 2026, the third postponement since the original cutoff of October 31, 2023. Court approval was required each time the date was pushed back, and the trustee overseeing the case says some creditors have still not received their funds due to unresolved paperwork or procedural problems. Most payouts have already gone through. Base repayments, early lump-sum payments, and intermediate distributions have been completed for eligible creditors, with around 19,500 of them paid back through platforms like Kraken and Bitstamp as of late March 2025. 116 BTC Lands On Bitstamp The latest movement involves 116.3 BTC, valued at roughly $8.16 million, transferred directly to Bitstamp. On-chain data from Arkham Intelligence confirms the transaction, which followed a far larger move earlier this week when 10,422.65 BTC worth around $739 million was shifted to a new wallet beginning with the address prefix “14FEEM.” The smaller tranche — 116.3 BTC — was later separated from that batch and sent to the exchange. Whether the Bitstamp transfer is intended to convert funds into fiat for creditor payouts or to distribute BTC directly to creditors through the platform remains unclear, though both have been used in previous distributions. Markets Respond Sharply Bitcoin dropped to around $61,300 before recovering above $64,000, with some observers pointing to the Mt. Gox transfers as a contributing factor. The $739 million movement earlier in the week rattled sentiment first. The subsequent Bitstamp deposit, though much smaller, kept the pressure on. Mt. Gox collapsed in 2014 after losing about 850,000 BTC in a security breach. The estate set aside for creditor recovery includes 142,000 Bitcoin, 143,000 Bitcoin Cash, and approximately 69 billion Japanese yen in cash. Still Around $1.55B Left To Move The remaining 24,081 BTC under Mt. Gox control is currently worth about $1.55 billion, and every on-chain movement tied to the estate draws immediate scrutiny from traders watching for signs of further selling. The October deadline gives the trustee roughly five months to wrap up outstanding distributions before the window closes again. Featured image from Pexels, chart from TradingView
5 Jun 2026, 05:54
Zcash crashes 36% on Orchard vulnerability, traders eye $367 support

Zcash's ZEC token has fallen more than 36% from recent highs after developers disclosed a critical vulnerability in the network's Orchard shielded pool, pushing the cryptocurrency toward a key long-term support area around $367. According to information released by Shielded Labs and the Zcash Open Development Lab, security engineer Taylor Hornby discovered the flaw on May 29 and reported it to developers, who responded with an emergency hard fork activated on June 3 to eliminate the risk. The disclosure has nevertheless triggered a sharp market reaction. ZEC traded near $390 on Thursday after briefly changing hands above $611 earlier this week, wiping more than $3 billion from its market capitalisation. Data shared by Shielded Labs showed the vulnerability affected the cryptographic circuit underlying the Orchard privacy pool. Hornby, assisted by Anthropic's Claude Opus 4.8 model, identified a flaw in an elliptic curve multiplication check and successfully built a proof-of-concept exploit capable of generating counterfeit ZEC. Researchers at Shielded Labs said that if the same exploit had been executed on the live network before the patch, it could have produced "unlimited, undetectable counterfeit ZEC" inside an Orchard wallet. Traders focus on support levels after selloff Although developers have fixed the vulnerability, uncertainty remains because Orchard's privacy design makes it impossible to cryptographically prove whether the flaw was exploited before disclosure. Shielded Labs stated that it is "not overly concerned" about prior abuse because the bug survived years of expert review and required a highly targeted investigation using advanced tools and artificial intelligence to uncover. Even so, traders appear focused on downside risks. Market data shows ZEC has broken below its 20-day, 50-day and 100-day exponential moving averages following the disclosure. ZEC/USDT 1-day price chart. Source: TradingView. The next major technical level sits near the 200-day exponential moving average around $367, a region that also aligns with a historically high-volume trading zone on the volume profile. Momentum indicators have also weakened. Daily RSI has dropped to roughly 37, its lowest level in several weeks. ZEC/USDT 1-day price chart. Source: TradingView. Although the reading has not yet entered oversold territory below 30, it shows that selling pressure remains elevated after the Orchard disclosure. The Bollinger Bands also show how stretched the move has become, with ZEC pressing near the lower band after losing the middle band during the selloff. The lower band sits near the high $300s, close to spot price, while the upper band remains far above current levels after the recent spike above $600. Combined with an RSI near 37, the setup shows heavy downside momentum. CoinGlass liquidation data indicates that much of the leveraged long positioning has already been cleared out during the decline. ZEC 24-hour liquidation heatmap. Source: Coinglass. Remaining liquidation clusters are concentrated above the current market price, particularly between $430 and $500, with larger pockets extending toward the $550 region. Those levels could attract price if buyers return, though current market attention remains fixed on whether the $367 area can hold. Beneath the current trading range, volume profile data indicates another historically active trading zone between approximately $220 and $260, where ZEC spent several months consolidating earlier this year. If the $367 region fails to hold, traders could begin monitoring that lower volume cluster as the next major area of historical support. However, not everyone believes the worst-case scenario occurred. Arthur Hayes, co-founder of BitMEX, said on Friday that illegal minting of ZEC through the Orchard flaw was unlikely, although he acknowledged there is no formal cryptographic proof that it never happened. "Sadly, due to the Orchard Pool exploit, I had to dump our entire ZEC bag," Hayes wrote on X. "The Holy Trinity is dead," he added, referring to Zcash, Hyperliquid and Near Protocol, which he said he had sold this week. Industry participants noted that similar risks have appeared before across privacy-focused systems. Mert Mumtaz, co-founder and chief executive officer of Solana infrastructure company Helius, said variants of the same issue exist across many privacy protocols because complex zero-knowledge circuits can contain bugs that are difficult to detect. "This same FUD comes back every five months as new people learn how privacy pools work," Mumtaz wrote. The current incident is not the first counterfeiting-related concern for Zcash. In 2018, the Electric Coin Company discovered a vulnerability in the cryptography underpinning zk-proofs and later remediated the issue without any known losses. As questions linger over whether the Orchard flaw was ever exploited, Shielded Labs said it is working with Zcash developers on a network upgrade that would allow users to verify the integrity of the circulating ZEC supply and prove the absence of counterfeit coins in the Orchard pool. The post Zcash crashes 36% on Orchard vulnerability, traders eye $367 support appeared first on Invezz
5 Jun 2026, 05:15
Zcash Dev Lab CEO: Recent ZEC Bug Was a Rulebook Flaw, Not a Core Crypto Vulnerability

BitcoinWorld Zcash Dev Lab CEO: Recent ZEC Bug Was a Rulebook Flaw, Not a Core Crypto Vulnerability In the wake of a recently disclosed vulnerability in Zcash’s Orchard protocol — a flaw that could have enabled the infinite minting of ZEC tokens — the CEO of the Zcash development lab has moved to clarify the nature of the bug, distinguishing it from a fundamental cryptographic failure. Clarifying the Orchard Vulnerability Josh Swihart, CEO of the Zcash development lab, addressed the incident on his X account, stating that the vulnerability was not rooted in the underlying cryptographic technology or its proof-generation engine. Instead, Swihart explained that the issue resided in a specific ‘rulebook’ that was ‘loosely written, which made fake transactions possible.’ This distinction is crucial for understanding the scope of the problem and the security of the broader Zcash network. The Orchard protocol is a shielded payment system within Zcash, designed to enhance privacy. The bug, if exploited, could have allowed an attacker to create counterfeit ZEC tokens without detection. However, Swihart emphasized that the core cryptographic proofs — the mathematical backbone of the system — remained sound. The flaw was in the set of rules that govern how those proofs are validated. Formal Verification as the Path Forward Swihart stressed the importance of preventing such vulnerabilities from recurring, advocating for ‘formal verification’ as the most robust solution. Formal verification involves mathematically proving that a system’s code behaves exactly as intended for all possible inputs, leaving no room for edge cases that a loosely written rulebook might miss. He noted that multiple teams are currently working to verify Orchard’s existing circuits using this method, a process that could significantly bolster the protocol’s security. Why This Matters for Zcash Users and the Broader Crypto Ecosystem For Zcash holders and users, the key takeaway is that the network’s cryptographic foundation was not compromised. The vulnerability was a procedural or implementation error, akin to a bank having a flaw in its transaction approval workflow rather than a flaw in its vault’s locking mechanism. This incident, however, underscores the complexity of building secure privacy-focused systems and the need for rigorous, multi-layered auditing processes. The event also serves as a broader lesson for the cryptocurrency industry. As blockchain protocols grow more sophisticated, the ‘rulebooks’ — the specific logic that dictates how cryptographic proofs are interpreted — become potential attack vectors. The push for formal verification, while resource-intensive, represents a mature approach to security that could become an industry standard. Conclusion The Zcash Orchard bug was a serious but contained security issue. The swift response from the Zcash development lab, combined with a clear explanation that the core cryptographic technology was not at fault, helps maintain trust in the protocol. The ongoing effort to formally verify Orchard’s circuits is a proactive step that should strengthen the network against similar flaws in the future. For the crypto community, it reinforces the principle that security is a continuous process of improvement, not a one-time achievement. FAQs Q1: What exactly was the Zcash Orchard bug? The bug was a vulnerability in the rulebook of the Orchard protocol that could have allowed an attacker to create fake ZEC tokens. It was not a flaw in the underlying cryptographic technology. Q2: Was any Zcash stolen or minted as a result of this bug? No. The vulnerability was discovered and disclosed responsibly before it could be exploited. No funds were lost or illicitly created. Q3: What is formal verification, and why is it important? Formal verification is a mathematical method used to prove that a system’s code behaves correctly for every possible scenario. It is considered the gold standard for security because it eliminates the edge cases and logical gaps that manual code reviews might miss. This post Zcash Dev Lab CEO: Recent ZEC Bug Was a Rulebook Flaw, Not a Core Crypto Vulnerability first appeared on BitcoinWorld .








































