TechFlow News, June 5: According to Hyperinsight monitoring data, Zcash faces a theoretical risk of unlimited supply inflation due to a vulnerability in the Orchard zero-knowledge proof system. Negative public sentiment—fueled by the “black-box” nature of the issue—has been building and culminated today.
Amid panic-driven selling pressure, ZEC contract open interest on Hyperliquid has plunged 51.6% from its June 3 peak (approximately $371.8 million), with a significant portion of capital—$145 million—exiting earlier in the cycle. The open interest changes (in UTC time, converted to Beijing Time) are as follows:
- May 29 to 8:00 a.m. May 30: ZEC contract open interest stood at ~$223 million;
- May 30 to 8:00 a.m. June 3: Open interest rose to a peak of $371 million; concurrently, the price climbed from ~$530 to $630, reflecting both volume and price growth;
- June 3 to 8:00 a.m. June 4: Price stabilized at elevated levels, while open interest dropped to $226 million;
- June 4 to present: Negative sentiment erupted en masse, pushing open interest further down to $180 million.
Notably, nearly $145 million in positions exited during the early morning hours of June 3–4—while the vulnerability details remained undisclosed to the public and the price was still stabilizing—suggesting that large institutional players may have recognized the severity of the flaw earlier than the general public. The corresponding timeline (Beijing Time) is as follows:
- Late May 29 to early May 30: Security researcher Taylor Hornby discovered the Orchard circuit vulnerability and privately reported it to the Zcash core team, which confirmed the issue and began drafting a remediation plan;
- Evening of May 31: The team initiated non-public coordination with miners and exchanges;
- 10:00 a.m., June 2: An emergency soft fork was activated to suspend Orchard transactions and mitigate risk;
- 12:05 p.m., June 3: The NU6.2 hard fork activated, patching the vulnerability and re-enabling Orchard transactions; an emergency upgrade announcement was issued (without disclosing the full severity of the vulnerability);
- Evening of June 4 to June 5: Based on information released by the community and official channels, the severity of the vulnerability gradually came to light. Primary concerns include the possibility of generating infinite, undetectable counterfeit ZEC; the flaw had existed for four years; and due to the privacy pool’s inherent properties, it remains impossible to confirm with 100% certainty whether the vulnerability was exploited. The issue remains in a “black-box” state—and if exploitation occurred, the total ZEC supply is now questionable.
