Zcash has clawed back much of last week’s losses, rising about 45% from the low near $300 it hit Friday as developers proposed a fix for the flaw that triggered the sell-off.
ZEC traded around $437 on Monday, according to CoinDesk data, though it remains down roughly 22% over the week. The token plunged after Shielded Labs, a nonprofit developer on the network, disclosed a counterfeiting bug in Zcash’s Orchard pool, the part of the system that hides transaction details.
The flaw, undetected since 2022, could have let an attacker create unlimited fake ZEC without anyone noticing and withdraw tokens from the protocol’s shielded pool – which offers opt-in priv
Developers, including Shielded Labs, the Zcash Foundation, and the Zcash Open Development Lab, patched the bug within days through emergency network upgrades, coordinated with the mining pools ViaBTC and Foundry. On June 6, the same groups proposed Ironwood, a plan to restore users’ ability to confirm the coin’s supply is sound.
Ironwood would create a new privacy pool using the repaired code and block the creation of new coins in the old Orchard pool. Once it activates, anyone running the Zcash software could add up the balances across pools and confirm that no more than the correct amount of ZEC exists.
Users would not have to trust the developers’ word or wait for funds to migrate.
The plan could also reveal whether the bug was ever abused. As users move coins out of the old pool, any counterfeit ZEC would either be exposed when it tried to leave or be stranded and destroyed. Shielded Labs has said it believes exploitation was unlikely.
The proposal has drawn attention beyond the Zcash community. In his latest newsletter, investor Chamath Palihapitiya described Ironwood as a way for anyone running a node to tally the balances across pools and “verify the supply is clean.”
Developers have not given a firm timeline for the upgrade, saying the work to build, test and coordinate it across the network could take longer than expected.