Zcash has had a rough few months. The discovery of a critical vulnerability in its Orchard shielded pool sent ZEC tumbling more than 50%, hitting lows around $300, and left a community built on privacy promises wondering whether its supply figures could even be trusted. Now, founder Zooko Wilcox says the project is close to completing the mathematical proof that would put those fears to rest.
The proof in question is tied to the Ironwood upgrade, and its completion would formally verify that the shielded pool’s zk-SNARK circuits are free from the class of bugs that made undetectable counterfeiting theoretically possible.
What the Orchard vulnerability actually meant
The Orchard vulnerability, discovered and patched between May and June 2026, created a scenario where an attacker could, in theory, mint unlimited ZEC inside the shielded pool without anyone being able to detect it.
The damage was immediate. ZEC shed more than half its value following the disclosure. What made things worse is that Zcash’s privacy model was also the thing that made the vulnerability so dangerous. Shielded pools are private by design, which creates a situation where a supply-inflation bug is uniquely hard to detect or rule out retroactively.









