Nasdaq-listed Cypherpunk Technologies (CYPH) is refusing to back down from its aggressive Zcash accumulation strategy, even as its stock plunged over 40% on Friday and the ZEC token itself lost more than half its value following the disclosure of a critical counterfeiting vulnerability in the privacy coin’s Orchard shielded pool.
The Winklevoss-backed treasury company, which currently holds 314,185.70 ZEC representing roughly 1.88% of the cryptocurrency’s circulating supply, took to X to push back against the growing wave of panic selling and criticism from prominent crypto voices.
“Please stop the FUD,” the company wrote in a post directed at critics, including crypto influencer Nick O’Neill who had publicly called the situation “pretty awful for the crypto market.”
What happened: The Orchard Infinite Inflation Bug
The selloff was triggered by the disclosure of a counterfeiting vulnerability in Orchard, the shielded pool that serves as the core of Zcash’s privacy architecture. According to a post by Zcash co-founder Zooko Wilcox-O’Hearn alongside researchers Jason McGee and Taylor Hornby, the bug could have been exploited to create an unlimited amount of counterfeit ZEC tokens within Orchard, all completely undetectable due to the pool’s privacy features.
Security researcher Taylor Hornby discovered the flaw on May 29 during a targeted protocol audit, working with Anthropic’s Opus 4.8 AI model. The vulnerability had gone undetected for four years since the Orchard pool’s activation in May 2022.
Developers responded with an emergency soft fork to pause the Orchard pool, followed by a hard fork (NU6.2) to implement the fix. The Zcash Foundation has said there is no evidence the bug was ever exploited, though it acknowledged that the privacy properties of Orchard make it impossible to say for certain.
ZEC dropped from near $700 highs in late May to around $329 during the selloff, a roughly 50% decline. Cypherpunk’s stock fell to as low as 53 cents intraday before recovering slightly to 59 cents, its lowest level since early March.
Cypherpunk pushes back: ‘Zero Evidence of a Hack’
In a series of posts on X, Cypherpunk Technologies pushed back hard against what it described as fear, uncertainty, and doubt surrounding the incident.
“There is literally zero evidence of a hack. A bug was just patched,” the company wrote. It went on to frame the discovery as a positive, saying Zcash is at the forefront of AI-driven security research, which allowed world-class cryptographers to find the vulnerability and patch it before any malicious actor could exploit it.
The company also argued that the broader crypto industry should take notice, warning that the rest of the crypto ecosystem needs to follow Zcash’s lead on security research, “otherwise tons of exploits will happen.”
Cypherpunk stays committed to 5% supply target
Despite the massive hit to its portfolio, Cypherpunk remains committed to its goal of accumulating 5% of Zcash’s fixed supply of 21 million tokens. The company purchased its 314,185 ZEC at an average price of $337 apiece, meaning Friday’s crash pushed its entire position underwater.
Will McEvoy, chief investment officer of Cypherpunk, told The Block that the company’s investment thesis has not changed.
“We are firmly committed to our 5% network accumulation target, as Zcash just demonstrated the institutional-grade security culture that will survive the AI era,” McEvoy said.
He added that short-term price action is “noise” and that the firm’s multi-year capital allocation strategy remains unchanged, centered on Zcash’s position as the leading private, censorship-resistant store of value.
In its most recent first-quarter 2026 earnings report released last month, Cypherpunk had already reported a net loss of $77.2 million, largely driven by unrealized losses on its ZEC holdings.
The Twitter debate: Nick O’Neill vs. Cypherpunk
The tension between bearish crypto voices and Cypherpunk played out publicly on X. Nick O’Neill (@chooserich), a popular crypto commentator, described the bug disclosure as a “giant negative catalyst with potential cascading implications,” adding that it “kinda completely invalidates the thesis” for people who had been calling ZEC the “next bitcoin.”
O’Neill also disclosed that he had sold 75% of his $ZEC position when the news broke, noting that the biggest bull posters for Zcash are also the largest bag holders, which “just feels all sorts of conflicted.”
However, O’Neill did provide some nuance, acknowledging that Ethereum survived a much larger hack early in its history and went on to become one of the largest crypto assets. He also later clarified his position, stating that he was not necessarily saying a malicious actor hacked ZEC, but rather that the discovery of an exploit in a blockchain that has been around for years “damages trust no matter the follow on action.”
Cypherpunk responded directly to O’Neill’s posts, calling on him to stop spreading FUD and reiterating that no hack took place, only a bug that was found and fixed.
Winklevoss Brothers back Zcash’s future
Cameron and Tyler Winklevoss, the Gemini co-founders whose investment firm Winklevoss Capital led a nearly $59 million private placement in Cypherpunk last November, also appear unfazed by the situation.
Cameron Winklevoss wrote on X that formal verification is the way forward for securing software in the age of AI and that Zcash is leading the way on this front. He pointed to plans for Zcash to introduce formal verification in its next network upgrade, which he said would make counterfeiting bugs in shielded pools mathematically impossible.
“Encrypted money with provable correctness is unstoppable,” Cameron Winklevoss added.
Gemini’s own stock (GEMI) took a smaller hit, falling 4.4% to $4.41 on Friday amid broader market pressure, with the Nasdaq sliding more than 2%.
Arthur Hayes exits, others watch from the sidelines
Not everyone is sticking around. BitMEX co-founder Arthur Hayes, who had previously touted ZEC as part of a “holy trinity” of altcoins alongside HYPE and NEAR, sold his entire ZEC position following the disclosure.
Hayes noted that while he believes exploitation is “extremely unlikely,” it is technically impossible to verify whether the bug was used due to Zcash’s privacy features.
Cypherpunk’s broader ecosystem bets
Beyond simply accumulating ZEC tokens, Cypherpunk has been investing heavily in the Zcash development ecosystem. In March, the company invested $5 million in Zcash Open Development Labs (ZODL), alongside major investors including a16z crypto, Winklevoss Capital, Coinbase, and Paradigm.
The only other public company with meaningful ZEC exposure is Reliance Global Holdings (EZRA), which held just 213.14 ZEC as of March 31, 2026, according to its latest quarterly report. Reliance shares were down only about 2% on Friday, reflecting the relatively small size of its ZEC position.
What comes next for Zcash
The Zcash development teams are now focused on formal verification of the Orchard shielded pool’s zero-knowledge circuits, a process that would provide mathematical guarantees that the underlying cryptographic proofs are free from certain classes of bugs.
Multiple teams are working on this effort, and Shielded Labs has announced plans to recruit a Head of Security and a Cryptographer to strengthen its security capabilities going forward.
The incident comes at a particularly sensitive time for Zcash, which had been riding a massive rally in 2026. The privacy coin had surged over 1,200% on the back of several tailwinds, including the SEC closing its investigation into the Zcash Foundation in January, Grayscale’s spot ZEC ETF filing in May, and growing institutional interest in privacy coins as a hedge against AI-era surveillance.
Whether Cypherpunk’s conviction bet pays off or whether the Orchard bug marks a turning point in market confidence for ZEC remains to be seen. But for now, the company is not blinking.
Also Read: Zcash Price Rebounds Above $300 After 40% Crash: What’s Next for ZEC?
