Hyperliquid ZEC selloff deepens after Zcash Orchard bug disclosure

ZEC sold off sharply after disclosure of a critical vulnerability in Orchard, Zcash’s newer shielded payment system, that could theoretically have allowed unlimited counterfeit ZEC to be created and the same shielded note to be spent multiple times. GoPlus Security later said the flaw stemmed from a missing constraint in the halo2 zero-knowledge proof library and was active from Orchard’s May 2022 launch until a June 1 patch. Zcash and Shielded Labs said emergency mitigations, including temporarily disabling Orchard and deploying the NU6.2 network upgrade, were put in place and that there was no evidence of exploitation, but they also said there is no cryptographic way to prove whether the flaw had been used before remediation. The uncertainty drove panic selling, more than $116 million in 24-hour liquidations, a 51.6% drop in Hyperliquid ZEC open interest from a June 3 peak of about $371.8 million to $180 million, Arthur Hayes’ exit from ZEC, a more than 47% drop in Cypherpunk Technologies shares, and a further delay to THORChain’s planned ZEC integration while that protocol remains offline after a separate $10.7 million exploit.