ZEC responds to Orchard vulnerability: No evidence of theft found; Orchard pool will be archived.

Shielded Labs believes that the probability of the Orchard vulnerability being exploited previously was very low, therefore user asset security and the total amount of tokens are currently remaining normal.

Written by: Zooko Wilcox, Jason McGee

Compiled by: Luffy, Foresight News

Recently, a security vulnerability was discovered in Zcash's Orchard module, raising two major concerns: Is the total supply of Zcash tokens abnormal? Are user assets safe?

Currently, various discussions have intertwined with different topics, making it difficult for many to understand the actual impact of this vulnerability on ordinary users. This article will explore these issues and interpret their underlying meanings one by one.

This Orchard vulnerability raises four key questions:

1. Has the vulnerability been exploited by hackers?
2. Can users retrieve their legitimate assets stored in Orchard normally?
3. Can users verify for themselves whether the total supply of Zcash tokens has been artificially inflated?
4. How can we confirm that there are no other similar vulnerabilities in the project that could lead to fraud?

Has the vulnerability already been exploited?

There is no definitive conclusion yet. Overall, the possibility that the vulnerability was previously maliciously exploited is low, but we cannot rule it out completely, mainly based on three points:

• For years, numerous top cryptography experts and security researchers worldwide have been reviewing the Zcash code, yet this vulnerability remained undiscovered. It was proactively discovered by Taylor Hornby of Shielded Labs, not accidentally. He utilized AI-powered security detection technology and self-developed tools specifically to uncover such hidden flaws. These types of vulnerabilities are highly difficult to detect and exploit, especially for professionals outside the Zcash codebase.
• After the vulnerability was exposed, the Zcash development team immediately joined forces with major mining pools to temporarily freeze the Orchard fund pool and push out a fix, which greatly reduced the attack window for hackers.
• Most attacks in the cryptocurrency space are aimed at quick profits, and hackers typically cash out immediately once a vulnerability is publicly disclosed. To exploit this vulnerability, hackers would need to transfer counterfeit ZEC from the Orchard liquidity pool and exchange it for other assets, operations that usually leave traces. If the vulnerability has already been exploited, relevant evidence should already exist. Historically, hackers have generally "quickly left after succeeding," rather than deliberately hiding for months or even years.

Can I still retrieve my legitimate assets in Orchard?

We believe the assets can be retrieved normally, provided the vulnerability has never been exploited. If this assessment is correct, all legitimate assets held by the user in Orchard can be successfully transferred out.

Conversely, if hackers have already exploited the vulnerability to create fake tokens and transferred them into the liquidity pool, the existing transfer channels will limit the total amount that can be transferred out, with the maximum transfer limit equal to the total amount of tokens initially legally deposited. In this situation, once the fake tokens are transferred out first, some users may not be able to recover their legitimate assets in full.

We believe the probability of the aforementioned extreme scenarios occurring is low. If you still have concerns, you can transfer your assets out of the Orchard pool, but before doing so, you need to understand the potential risks of different transfer methods:

• Transferring to a public address (t address): The transfer amount and time will be completely public, and the assets will be publicly associated with that address, completely losing privacy.
• Transferring to the Sapling privacy pool: The transfer amount and time will still be recorded, but assets will not be linked to specific addresses or transaction history, offering greater privacy than public addresses. It's important to note that Sapling relies on a trusted initialization ritual completed in 2018, which inherently poses additional security risks.
• Wallets: Among the mainstream self-hosted wallets, only YWallet and Zkool support Sapling pools.
• Other wallets or custody platforms may also encounter various unexpected problems such as operational errors, software malfunctions, and platform risk control issues.

In summary, the risks mentioned above are all within a manageable range. Given the assessment that "the vulnerability is highly unlikely to have been exploited," keeping assets in the original privacy wallet is the safest option. If operational security can be ensured, transferring assets out is also an option; everyone can decide based on their own circumstances.

Can users verify on their own that the total supply of Zcash has not been increased?

This is not currently possible. Due to this vulnerability, ordinary users cannot independently verify whether the total amount of tokens in the current privacy pool has been increased.

However, the planned Ironwood network upgrade will solve this problem, as follows:

This upgrade will completely shut down the Orchard pool, prohibiting new asset transfers and preventing the internal circulation of tokens within the pool. All assets can only be transferred out through the existing channels. The total amount transferred out through these channels is strictly equal to the number of tokens legally deposited initially, thus preventing excessive token outflows at the source.

After the upgrade, anyone running a node can verify the compliance of the total token supply. Even if counterfeit tokens did exist previously, they cannot continue to circulate in the Orchard pool and inflate the overall issuance. Users don't need to guess the actions of hackers or other users; the protocol itself guarantees that there will be no over-issuance of tokens.

This is crucial; Zcash's long-term credibility is built on users' ability to independently verify the total token supply. The Ironwood upgrade will restore this capability to users.

How can I confirm that the project does not have other token fraud vulnerabilities?

We cannot give a definitive answer at this stage, but we have reason to believe that similar vulnerabilities no longer exist.

Shielded Labs, in collaboration with several teams, conducted a comprehensive investigation of the Zcash protocol, focusing on vulnerabilities related to token forgery. During the investigation, the team also utilized the Mythos AI model from Anthropic, which has not yet been officially released, to assist in detection. We will publish a follow-up article detailing the process and results of this investigation.

To date, the team has not discovered any new vulnerabilities that could be exploited for fraudulent purposes. This investigation brought together senior technical personnel, a professional security team, and advanced AI analysis tools, which further confirms our confidence that there are currently no undisclosed high-risk vulnerabilities of the same type.

At the same time, we are also conducting additional testing in collaboration with partners such as the Tachyon project to further strengthen our security measures. Further updates will be released later.

Summarize

This Orchard vulnerability raises four core questions: whether the vulnerability has been exploited, whether legitimate assets can be retrieved, whether the total amount of tokens can be verified, and whether other fraudulent vulnerabilities exist.

Based on the current investigation results, we believe the probability of this vulnerability being exploited previously is very low. Therefore, user asset security and the total token supply remain normal. After repeated testing by multiple independent teams, we are increasingly confident that the project currently has no other undiscovered vulnerabilities that could be exploited.

However, one issue remains undeniable: currently, users cannot independently verify the total token supply. The upcoming network upgrade will completely resolve this problem. After the upgrade, the Orchard pool will be permanently closed, allowing users to independently verify the total token supply without needing to determine if token fraud has occurred.