Zcash Co-Founder Zooko Wilcox and Jason McGee of Shielded Labs have issued their clearest explanation yet of what the Orchard vulnerability means for users, the ZEC supply, and the upcoming Ironwood upgrade.
In a June 15 post on the Zcash Community Forum, the two addressed four questions that have dominated the privacy coin’s community since the critical Orchard flaw was publicly disclosed: whether the bug was exploited, whether legitimate Orchard funds are recoverable, whether Zcash’s supply can be independently verified, and whether similar counterfeiting vulnerabilities may still exist.
Their answer is cautiously reassuring, but not absolute. Shielded Labs believes prior exploitation is unlikely and that legitimate Orchard funds remain recoverable. However, the post also confirms the uncomfortable core issue: users cannot independently verify today that no counterfeit ZEC exists inside the legacy Orchard shielded pool.
That is where Ironwood becomes critical.
The proposed network upgrade is designed to seal the old Orchard pool, prevent new deposits or internal circulation, and force all remaining funds to move only through Zcash’s existing turnstile accounting system. In simple terms, Ironwood is meant to shift the Orchard incident from a trust-based assessment, “we believe it was not exploited,” to a protocol-level guarantee that anyone running a node can verify.
Key Highlights
- Zooko Wilcox and Jason McGee answered four major Orchard vulnerability questions, including exploitation risk and fund recoverability.
- Shielded Labs says no proof of exploitation has surfaced, but users still cannot independently verify Orchard supply today.
- Ironwood would seal the legacy Orchard pool and restore verifiable Zcash supply through turnstile accounting.
Why This Is Bigger Than “No Evidence of a Hack”
The Orchard vulnerability was discovered on May 29, 2026, by security researcher Taylor Hornby while working with Shielded Labs on a targeted security review of Zcash’s protocol. The flaw had existed since Orchard’s activation in May 2022 and affected Zcash’s latest shielded pool.
As The Crypto Times previously reported in its coverage of Zcash’s emergency fork, the bug triggered one of the most urgent technical responses in Zcash’s history. Developers first coordinated a temporary soft fork to disable Orchard transactions, then activated the NU6.2 hard fork at block 3,364,600 to restore Orchard with a corrected zero-knowledge proof circuit.
The Zcash Foundation said at the time that there was no evidence of exploitation, no unauthorized value creation detected, and no impact on user privacy. But the new Shielded Labs post makes a key distinction: “no evidence” is not the same thing as cryptographic proof.
Because Orchard is a shielded pool, its privacy design hides transaction amounts and participants. That is the entire point of Zcash. But in this specific case, the same privacy properties also mean users cannot simply inspect the chain and prove that no counterfeit funds were ever created inside Orchard before the patch.
The Four Questions Answered
To restore market confidence following a volatile 50% price crash and subsequent 80% rebound, Wilcox and McGee systematically deconstructed the community’s primary concerns:
1. Was the Orchard vulnerability ever exploited?
Shielded Labs says the answer is unknown with absolute certainty, but likely no. The post gives three reasons. First, the flaw survived years of review by top cryptographers before Hornby found it through a deliberate AI-assisted audit. Second, developers quickly froze Orchard activity after discovery and coordinated the fix within days. Third, if an attacker had exploited the bug, they would likely have tried to monetize the counterfeit ZEC by moving value out of Orchard, which should have left visible evidence through the turnstile.
2. Can legitimate Orchard funds be recovered?
Shielded Labs believes they can, assuming the base case that exploitation did not happen. However, the post also explains the worst-case scenario. If counterfeit ZEC had been created and withdrawn first, Zcash’s turnstile would cap total exits from Orchard at the amount that legitimately entered. In that scenario, late-moving legitimate users could face partial or full loss of recoverability. Shielded Labs describes this as unlikely, but it does not dismiss the risk entirely.
3. Can users independently verify that Zcash supply has not been inflated?
The answer today is no.
That is the central news point. The Orchard bug has been patched, but the legacy Orchard pool still prevents users from independently proving the current supply is sound. Ironwood is the proposed fix for that verification gap.
4. Do similar counterfeiting bugs remain elsewhere in the protocol?
Shielded Labs says there is no 100% guarantee, but confidence is rising. The team says multiple researchers and teams have reviewed Zcash for similar flaws, including AI-assisted searches using Anthropic’s Mythos model before that model was suspended. No additional counterfeiting vulnerabilities have been identified so far.
How Ironwood Changes the Equation
Ironwood is not just another routine network upgrade. It is the proposed mechanism for restoring Zcash’s “sound money” claim after Orchard temporarily broke independent supply verifiability.
According to Shielded Labs’ Ironwood proposal, the upgrade would create a new shielded pool using the fixed Orchard circuit. At the same time, the old Orchard pool would be closed to new outputs. Funds already inside the legacy pool would no longer be able to circulate internally. Their only path would be out through the turnstile.
That matters because the turnstile tracks how much ZEC enters and exits each pool. If more ZEC tries to leave Orchard than legitimately entered it, the protocol rejects the excess. After Ironwood activates, even if hypothetical counterfeit funds existed inside Orchard, they could no longer continue circulating privately inside that pool or inflate the active circulating supply.
This is the key shift: users would no longer need to guess whether an attacker exploited the bug. The protocol would make excess ZEC unable to remain part of the active supply.
The Ironwood proposal aims to let users verify the circulating supply simply by running a node and summing balances across active pools.
A Price Crash, a Rebound, and a Trust Test
The Orchard incident hit ZEC hard. ZEC plunged sharply after the vulnerability became public, with the market reacting not only to the bug itself but to uncertainty around supply verification. The token later staged a dramatic rebound of more than 80% from its lows as developers completed the emergency fix and the Ironwood plan emerged.
That rebound showed that traders were willing to price in a fast technical recovery. But the June 15 clarification shows the deeper issue was never just whether Orchard transactions were working again. The bigger question was whether Zcash could restore the ability for users to verify the 21 million supply cap without trusting developers, researchers, or public statements.
For a privacy coin, this is a uniquely difficult balance. Zcash’s value proposition depends on both confidentiality and monetary soundness. Bitcoin-like scarcity only matters if users can verify it. Privacy only matters if users do not have to expose themselves to prove the system is honest.
Ironwood is Zcash’s attempt to preserve both.
What Users Should Watch Next
The next phase will depend on execution. Users should watch for the finalized Ironwood activation timeline, independent audit updates, wallet support, exchange readiness, and migration instructions for funds currently held in Orchard.
Wallet behavior will be especially important. The Ironwood proposal says wallets should support the new pool and help users migrate funds after activation. However, migration itself may reveal the amount and timing of the transfer, even if it does not necessarily link funds to a transparent address. That means wallet design will matter for preserving privacy during the transition.
The community will also be watching whether any attempted excess withdrawal from Orchard ever appears. Shielded Labs says it believes that outcome is unlikely. But if excess ZEC attempts to leave the old pool after Ironwood, that would become public evidence that counterfeiting occurred. If no excess appears, it would strengthen the case that the vulnerability was never exploited.
Why This Matters
The Orchard vulnerability is becoming one of the most important security case studies in privacy crypto. It showed that even advanced zero-knowledge systems can contain subtle soundness risks. It also showed that AI-assisted security research can help defenders find flaws before attackers do.
But the more important lesson is about verifiability.
Zcash has already patched the bug. Developers coordinated a soft fork, activated NU6.2, and restored Orchard functionality within days. No evidence of theft, unauthorized value creation, or privacy loss has surfaced. Yet the June 15 post makes clear that full confidence requires more than a successful patch.
It requires users to be able to verify the supply themselves.
That is why Ironwood is now the central event for Zcash. If it works as designed, the upgrade will not merely close the Orchard chapter. It will turn a crisis over hidden inflation risk into a stronger model for privacy-preserving supply assurance.
For Zcash, the real test is no longer whether it survived the Orchard vulnerability. It is whether Ironwood can prove, at the protocol level, that ZEC’s supply remains sound without compromising the privacy that makes Zcash valuable in the first place.
