The Breakdown - Brutal Zcash Bug Sat Hidden for 4 Years
Episode Date: June 5, 2026A critical bug in Zcash's Orchard shielded pool could have minted unlimited counterfeit ZEC — and it sat there for 4 years. The price has lost ~47% in three days. David walks through what happened, ...why ZK trust keeps mattering, and what it means for holders. Plus: Polymarket's UMA ruling that Strategy didn't sell Bitcoin (it did), and the end of the Bitcoin ETF outflow streak. TIMESTAMPS: (00:00) Intro (01:11) Zcash Crash (14:53) Polymarket Strategy Drama (23:39) ETF Flows Update FOLLOW THE SHOW › David — https://x.com/dcanellis › The Breakdown — https://x.com/TheBreakdownBW › The Breakdown Newsletter — https://blockworks.com/newsletter/the-breakdown Get top market insights and the latest in crypto news. Subscribe to the Blockworks Daily Newsletter: https://blockworks.co/newsletter/ DISCLAIMER As always, remember this podcast is for informational purposes only, and any views expressed by anyone on the show are solely their opinions, not financial advice.
Transcript
Discussion (0)
It is Friday, June the 5th. I'm your host David Canales and this is the breakdown.
We're getting you ready for the weekend ahead with some quick stories.
We're looking at this brutal Z-cash crash around this orchid-related vulnerability
that would have seen infinite supply be minted, where we take a look at the aftermath and
the disclosure of this particular bug and if there is any risk moving forward.
We're going to be looking at, again, a polymarket drama around a market for
where the micro strategy was going to sell Bitcoin before the end of May, which it did.
But apparently, Polymarket says no, it didn't.
We're going to be taking a look at why that might be and what the crowd reaction is to such a
ruling.
And yeah, we're also going to be quick, briefly look at ETF flows to get an update on those
amid an ongoing correction in the wider crypto space.
So without further ado, this is the breakdown.
Let's get to it.
Nothing said on the breakdown is a recommendation to buy or sell securities or tokens.
This podcast is for informational purposes only and interviews expressed by anyone on the show are opinions, not financial advice.
Host and guests may hold positions in the company's funds or projects discussed.
All right. So first we're going to jump into this Zcash stuff.
So I have the chart of Zcash against hype, Bitcoin, ether, and Seoul over the past year.
And as you can see, a huge drop in the price of Zcash very recently over the past three days.
Effectively, over the past year, Zcash was up 1,000 percent.
and after about a 50% retracement over a few days,
we're looking at Zcash only up around 500%.
So still massively outperforming the other majors.
But this gives you an indication of how serious the market response has been to this particular bug,
which we're going to get into a minute.
But of course, there's also a big widespread correction happening across Bitcoin, ether, and so on.
So, you know, it's all bundled together that there is this kind of crash in the price of Bitcoin
and that's flowing on into alts.
But clearly this bug has exacerbated the downturn for Zcash.
And actually, like, I have some numbers here.
Like, this is actually the seventh worst one-day drop in Zcash's history,
which spans back 10 years now, nearly 10 years.
It dropped 30%, 29% in one day.
Three-day losses are almost 47%, which, I mean, this is the worst since,
it's worse than COVID.
It's worse than even the May 2021 wipeout around terror.
So it's pretty bad for Zcash.
It's not quite as bad as the crashes when it was first listed in November 2016.
But in terms of like, in terms of post-price discovery since Zcash first launch, this is about the
worst correction in Zcash's history.
So why is it down?
Let's take a look.
So I'm piecing this timeline together because.
Originally, the way that this bug was communicated was that there was a critical soundness
vulnerability in the Orchid Zero Knowledge Proof Circuit.
And for those unfamiliar, what Orchid is, is the Z-Tash privacy pool that you can have
shielded transactions and shielded balances within this Orchid pool.
So there was a bug in this.
And essentially, what the bug entailed was that the circuit could be tricked into accepting
invalid transactions as legitimate. And in the initial blog released by the Zcash Foundation on
June the 3rd, so on Wednesday, it explained that in a protocol like Zcash, soundness means the
system should only accept valid transactions and state transitions. A soundness vulnerability
is one that could allow the system to accept something it should reject. In this case,
successful exploitation could have allowed the orchid pool to accept invalid state transitions,
potentially permitting double spending your funds within Orchid,
though with no ability to inflate the total Zcash supply,
which is protected by Zcash's turnstile mechanism.
So it's essentially a double spending bug that an attacker,
if they understood exactly how to exploit this vulnerability,
they could have told the Zcash chain
that they had access to more tokens than what they actually did.
And considering how the bugged works,
the chain would just accept that.
as a normal transaction and process it and give the attacker whatever supply that they would
that they would say that they had. This wording in particular that there was no ability to
inflate the total ZEC supply is somewhat interesting. I'm just going to pull up the chart here
for Zcash and we can see that on the 3rd of June there was no real market response to this
bug being disclosed. It only began tanking at midnight on that on June the 4th. And then we saw a huge
crash downward. And I just would point out that Bitcoin had already started its, it's, it's,
its most recent connection, it's the most recent correction below 70K, days before this as well.
So Bitcoin was already on its way down. But even with the disclosure of this bug as worded by the Zee,
Tzathe Foundation, Zetash had remained somewhat steady. It was only when a follow-up blog,
a follow-up post in the Zetash community by Zetash founder Zucco Wilcox that explained that
elaborated on the seriousness of the vulnerability, that we saw a much bigger correction
in Zetash start to occur. And with good reason, and as we can see here, this is what
Zucco posted, along with Jason Medea and Taylor Hornby. After reviewing Taylor's report and
discussing the implications of the vulnerability internally, Shielded Labs believes it is important
to provide additional context. The vulnerability could have been exploited to undetectably create
an unlimited amount of counterfeit ZEC within Orchid. Because of the privacy properties of
Orchid, there is no way to cryptographically prove whether the vulnerability was exploited
before it was remediated. However, an upgrade can be deployed to protect users and prove the integrity
of the Z-Tash supply.
So this original wording here was not correct.
The original wording that there was no ability to inflate the total Z-E-C-Supply,
that turned out to be not true.
And in the aftermath of the Zucco post on the Z-Cash forums,
in the aftermath of that, we saw the massive correction really start to take shape in Z-Cash.
I'm not too sure why the bug was initially framed as being not so damaging,
and then it took, it took, you know, 24 hours or whatever in order to correct the record.
But it's clear that the market absolutely responded to the new information as framed by Zucco
and Jason and Taylor.
So I'm not too sure if there was just wires crossed or what have you.
But it's clear that there was not outsized dumping, but it's like seeing the strength of the,
of the price of Zetash in the lead up to the disclosure of exactly how bad this bug was.
It's not like there was a bunch of people dumping their Z-Cash before the true impact of the vulnerability
could be made public.
That doesn't really appear to be the case.
But the downward pressure from people seeing that it might have been possible that there was
counterfeit ZEC minted, and we can't track that right now, that seems to be the impetus for the price
of Z-Cash to go down.
Now, I am inclined to give the Z-Cash team the benefit of the doubt, even though it might not be
the most pragmatic way of going through investing in the crypto space to just trust what the what people
tell you about things and it's very difficult because i mean we've all faced this problem getting
into crypto is that it's it's it's part finance it's part computer science and if if you're not
a computer scientist or if you're not really attuned to finance lingo or finance concepts
it's it's very hard to navigate that yourself relying on your own research and and you're
own intellect and it does come down to listening to people with very highly specialized education
and experience in order to understand what the implications are for any of this.
So that said, this is from Craig Sarm, Chief Legal Officer at Grayscale.
He tweets, from a non-technical perspective, to believe this vulnerability was actually
exploited before being patched, you'd have to believe someone won was looking at the Zetash code
paste more thoroughly than any of the ECC Zodl shielded lab Zetash
Foundation and other core Zetash dev and security contributors combined and two, resisted the
urge to completely run out of the orciful turnstile to sell all its counterfeited ZTash during
historical 20x plus bull run seems unlikely to me. In my opinion, the real takeaway here is that
the Zcash dev and security community is absolutely best in class and head of every other protocol
in terms of AI risk and so on. And he brings up the AI risk in that the security researcher
that found the bug and disclosed it to the Zetash Foundation,
used AI tooling and used Opus to understand the bug
and really like test it out and kind of prove that it's real.
But I mean, what is still worrying is that the bug existed
since Orchid had been activated in May 22,
right up until the time of the emergency fix,
which was on June 1, 26.
So about four years this bug existed that we just don't know
whether it was exploited or what the true supply of the ZTash of the ZTash currency is right now.
I mean, they are touting that there is a network upgrade that will, a future network upgrade
that will be able to be implemented that we could effectively tally the, that we could gauge
the integrity of the ZTash suppliers, as Craig Cray Sarm puts it.
So, TBD on that, until then, we basically have to trust that the, that the exploit
was not exploited.
And I just, I mean, number one, that it's like that there might be, that it's impossible
that an attacker would not be looking at the Zetash code base more thoroughly than other
security researchers.
I don't, I'm not really too sure that that is completely 100% sound logic.
But in any case, I mean, I don't just want to blindly bash Zetash.
But in my mind, this is now the second time that we have to blindly trust that everything is
okay in Zetash.
The first, of course, being the key ceremony where six individuals supposedly briefly had access to a part of a private key that would undo the zero knowledge proves that protect the chain, that if they had all teamed together and shared their part of the private key, they would essentially have a master key to the Zcash network's cryptography.
They all got together in a ceremony and destroyed those keys.
So perhaps, I mean, the likely event is that that ceremony was legitimate.
And there is this no master key that could essentially unlock, that could essentially undo Zcash's
zero knowledge proves.
We have to believe that that ceremony was legitimate and there was no secret plot for all
of those six individuals to band together and effectively reconstruct this private key, this master
key. We have to set that to one side and understand that there would be very little incentive for those
people to come together to do that to actually destroy the value proposition of Zcash. We have to,
we have to believe that. We also have to believe now that there was no hacker that exploited
this infinite minting bug that would result in an inflated supply. So now we have two layers of trust
that we now have to get through. And this is just the conspiracy theorist in me that that pieces this stuff
together naturally. Of course, believing in these sorts of theories or worst case scenarios
for cryptocurrencies would essentially sideline you from any potential upside when it comes
to buying and holding these coins. So at some point, believing in the worst case scenario possible
or these conspiracies around what might have happened, what could have happened. It's not exactly
pragmatic, but when you look at the market reaction to the eventual disclosure of how serious this
bug was, I have to wonder if these things are starting to compound in the minds of perhaps
not really plugged in people into the crypto space, but perhaps, you know, I don't want to
just say normies as a derogative, but to people who aren't just so tied to crypto as an identity
that they must be looking at just the headlines and wondering, well, if this is
happening and that is happening. I don't really know how much stock I can put into what these
incredibly educated and experienced professionals are telling me because I can't vet what the
truth is either because I just don't know computer science. I don't know I don't know cryptography.
I don't know the true details of what that key ceremony was. I don't know the true details of
the bug patch and all of that kind of stuff. So I feel for people that are trying to navigate this
as best they can. And it is just this unfortunate thing that we are all trying to
build and encourage an eco-system of trustless technology, but it still comes down to trusting
what people smarter and more knowledgeable than you say about certain instances and events.
So in any case, I mean, good luck to you if you're holding Z-Tash in amongst all of this.
Good luck to you if you're holding, you know, X-coin, whatever it is, in the age of
AI and cybersecurity in the age of AI and cryptocurrencies.
So TBD on the true impact of this, we're only
going to be able to find out once an update rolls out, a tool rolls out to vet the Zetash supply.
And even then it could be quite difficult because you have to vet not only the total Zetash supply,
but the Zetash supply that exists within the privacy pool and all of that kind of stuff.
So truly going to be messy.
It's going to be something that will hang over Zetash for quite a while.
But if Zetash can expand, but if Zetash can survive all of the fud that was around the mysterious key ceremony,
then perhaps it can survive this as well.
Okay, so on to the next one.
All right, we're looking at this story about, again,
this Polymarket Uma resolution process is again drawing some criticism.
So we have this, I mean, Galaxy has done a great job of breaking this down.
Strategy sold Bitcoin in May.
Polymarket says it didn't.
Effectively what happened.
I mean, we all know strategy sold Bitcoin for the first time since 2022 recently.
It was only a very small amount of Bitcoin that it's sold.
So what actually happened on June the 1st, strategy filed an 8K disclosing the sale of 32 Bitcoin
between May 26 and May 31.
And that sale generated $2.5 million worth of US dollars at an average net price of 77K.
And that was the company's first disclosed sale since December 2022.
So it wasn't such a big sale.
And it was also very confusing because, you know, only a couple of days before it actually
bought some Bitcoin.
So it's like, well, why did you sell it at all?
And it was a very strong.
small sliver, of course, of strategy's total holdings. Galaxy is calculated at 0.0038% of its Bitcoin treasury.
So whether or not you really care that strategy is sold, Bitcoin is kind of in the eye of the
beholder. But, I mean, there was a polymarket. There's a recurring polymarket for whether
micro strategy would sell any Bitcoin. And I have, I mean, it ends every quarter. So this, so it had a
open for whether micro strategy would sell Bitcoin by May 31st. And you can see the chart here that
there was the market had given anywhere between around 10 percent to around 30 percent that
micro strategy would sell Bitcoin. And as we get closer towards the end of the month and as the
sale is actually disclosed, you can see that the market really started to buy the yes votes
because they could see that strategy had sold Bitcoin.
But for whatever reason, the Uma Oracles have decided that no, it does not count.
And we have some context here.
So it says that no information from strategy on-chain data or consensus of credible reporting
confirmed that micro-strategy sold Bitcoin within the market's time frame.
So what they are essentially saying is that even though the market was,
set for the title of the market, Micro Strategy sells any Bitcoin by May 31st, 2026.
And even though strategy did sell Bitcoin between those dates, because it was not officially
disclosed, it does not count, which I just find incredible to believe.
When this news was revealed to the market, yes odds on polymarket spike from 10% to around 80%.
One market participant bought 700,000 yes shares at around 70 cents or at around 76 cents a piece.
He viewed this as a free arbitrage opportunity, as he described in a detailed X thread.
Each share is supposed to pay out $1 in stable coins if the prediction comes true and zero if not.
So, I mean, as outlined by Galaxy in this great piece, the original resolution text is event-based and explicit.
The market resolves yes if strategy sells any of its Bitcoin by the deadline.
Nothing in it requires the sale to be announced by then.
I mean, that's in the original text.
This is the crux of the dispute.
The Yes Camp argued that the rules named strategy's own information as the primary source
and micro-strategy's own filing lists that 32 Bitcoin as sold during the period of May 26 to May 31.
The NoCamp argued that absent public confirmation before June 1, there was nothing to resolve on by the deadline.
In other words, does the event date govern or the confirmation date?
The original rules read event-based.
The subsequent bulletin reads confirmation-based.
Traders treated the gap as a retroactive rule change, which in our view, as market analysts, it was.
I mean, brutal.
And what this comes down to, again, is framed by Galaxy, that this is an interpretation of all of these factors by UMA oracles, by UMA holders through the UMA Oracle system.
And I mean, of course, this is not the first time that the oracles, their decision making has been called into question.
But I just have to wonder, when something is so clear cut as what this seems to be,
but we still have this finicky, murky way of resolving disputes when it just seems so obvious.
It just seems so intuitive.
It definitely calls into question what is even happening.
I mean, Polymarket has to be watching this.
They have to be understanding.
I mean, let's have a look at the comments on Polly Market.
When you scroll down, the comments, scam, scam, scam, scam, scam, scams, scams,
scam rules change, beware, scammed.
And it goes on like that.
You can argue, it's very easy to argue even, that you should just ignore the comments.
It doesn't matter.
What matters is where the Polly Market is growing overall.
What matters is where the prediction markets are growing as we don't.
into election season as we go into more sporting seasons. Those things are important. I get it.
But at some point, the comment section is going to bleed out into real life. And all this stuff
is going to work negatively against not just only polymarket, but prediction markets overall.
So, I mean, you must know by now that I'm somewhat still a decentralization maxi.
I still find the most interesting things in crypto ones that are decentralized. I'm interested.
in decentralized decision-making processes,
decentralized governance.
I'm into all that stuff.
What is improvement is that the UMA oracles
in the current state of their power
over these resolution decisions
that they are able to make,
I call that satisfies polymarket users
in a way that can be replicated.
Again and again, we have these situations
where bedders expect something different.
And then again, again, we have these situations
where bettors are expecting one thing
based on what appears to be a black and white interpretation
of how the market's rules are communicated,
and then they get something else in terms of the resolution.
And it's just, I mean, I get it, it's gambling.
Anything can happen.
I get it.
You can lose money.
You're buying experimental tokens,
on experimental illiquid markets.
I mean, get that people interacting with these markets
understand that there is some level of risk,
but when the risk is coming from within side the building,
I'm not too sure how we're meant to get through all of this,
especially if that we have markets open
for stuff that isn't exactly black and white either.
This just seems like such a slam dunk in terms of, like,
did strategy sell between these dates?
And yes, it did.
Oh, the disclosure didn't.
come out until after that date. So, you know, the market, the market resolved before there was a
disclosure and then to actually go and resolve the market post-disclosure is somewhat messy.
There needs to be some way to build that into the construction of the market itself,
so this doesn't happen again. And I imagine, again, giving the benefit of the doubt,
I hate to do it. I'm trying really hard to give people the benefit of the doubt these days.
Let's just see if they can construct markets in such a way that leaves open the possibility that they can.
There's some grace period of a few days after these markets are meant to resolve to give room for potential disclosure.
Without that, I'm not sure how anyone can continue participating in some of these markets.
But in any case, still bullish on the concept of decentralized prediction markets.
I'm a big fan.
I actually want more decentralization in prediction markets.
I don't want just polymarket to make markets.
I want users to create markets.
User generated markets with some way of fixing the liquidity problem.
That would be cool.
I don't know how realistic it is.
But I want more pure play prediction markets.
And if that means some kind of alternative to the Uma Oracle system that, I mean, obviously,
and I've said it before, the Uma oracles are a way to provide decentralization around decision making.
but perhaps there needs to be more, many, many more holders and voters
that needs to be some better incentives to become an Uma holder
and an Uma Oracle participant.
Because clearly we need more decentralization in that particular process,
if not just scrap it and build it from the ground up.
Okay, on to the next one.
Okay, this is just going to be super quick.
It's just a super quick update to Bitcoin ETF flows
because we had a brutal losing stream.
Street. There's like 13 days.
Like let's count them three, six, nine, ten, eleven, twelve, twelve straight trading days of
outflows, which has to be a new record.
It has to be like four and a half billion dollars or someone like that ripped from Bitcoin
ETFs, which is, I mean, go back to the Wednesday episode to see that that's not, it's not
the end of the world when it comes to Bitcoin ETF holders, but obviously it is downward pressure
on the price of Bitcoin when such sustained and big outflows do.
happen but we have broken the streak on june the fourth and this is from far side there was
three point two million dollars positive net flows into spot bitcoin etifs uh in the u s at least so that's
yesterday so we've broken the streak well done and it was of course black rock's ibit that was
able to you know to to tip it over into the black with 47.7 million
dollars in flows with 47.7 worth of net inflows whereas basically all the others are apart from
msb t msb t saw 9.9 million but basically the others either saw no change or negative flows so well done to
the bitcoin etps for stemming the flow obviously some people are interested in buying the dip through the
etf wrapper in the meantime let's look at ethereum flows how ethereum flows are doing that also broke the
street well done there so um yeah 19.3 in the black yesterday for aetherium spot
ETFs in the US how salana doing salana saw no activity whatsoever in terms of a
spot ETFs yesterday in the US and hyper liquid what have we got here we have 12.2
million dollars in flows for yesterday what's true is is that there's been no
days of negative of of of of net outflows from high
Hype spot ETFs so far.
Every single day has been in the black, although relatively small, I do have to say,
with a total inflows of $158 million into hype spot ETF so far.
But we appear to have broken the curse at least for now.
Let's see how today's inflows go, and I'll give you guys an update about that on Monday.
So that is enough jibba jabba from me.
This has been the breakdown for this week for this Friday.
Again, smash like and subscribe.
send us a comment on YouTube on Spotify,
wherever you're consuming this content from.
I'd love to hear from you.
And always look after yourselves.
Goodbye.