On July 8, ZEC, the native coin of privacy-focused blockchain Zcash, briefly gained more than 12%, breaking above $500 before correcting to around $484. The move came after the development team said it was approaching a major network upgrade designed to fully resolve the vulnerability that could have allowed an unlimited amount of fake ZEC to be minted.

ZEC price movement over the past 24 hours. CoinGecko screenshot taken at 09:30 AM on July 8, 2026.
ZEC price movement over the past 24 hours. CoinGecko screenshot taken at 09:30 AM on July 8, 2026.

This is seen as an important step in restoring community trust after last month’s serious security incident.

The Vulnerability That Sent ZEC Down More Than 60%

As previously reported, in early June, Zcash discovered a serious vulnerability in Orchard, the network’s largest private transaction pool, which holds more than 4 million ZEC.

The bug had existed from Orchard’s launch in May 2022 until June 1, 2026. In theory, it could have allowed an attacker to create an unlimited amount of fake ZEC without leaving any trace on the blockchain.

Security researcher Taylor Hornby discovered the vulnerability with assistance from the Claude Opus 4.8 AI model and later notified the Zcash team so an emergency patch could be deployed.

However, due to Zcash’s privacy-focused design, the development team could not prove with certainty that the bug had never been exploited. This severely damaged market confidence and caused ZEC to plunge by more than 60% in just two days.

Ironwood Pool Offers a Solution to the Fake ZEC Problem

To fully address concerns over ZEC’s supply, Zcash Open Development Lab (ZODL) proposed launching an entirely new shielded pool called Ironwood to replace Orchard.

Instead of simply patching the old vulnerability, Ironwood is designed to allow the community to gradually verify that no fake ZEC is circulating on the network, while preserving the privacy and security features that define Zcash. According to the current plan, the upgrade is expected to be activated by the end of July 2026.

In the latest post from privacy-optimisation project Project Tachyon, published on July 7, Zcash developer Sean Bowe said one of Ironwood’s most important changes is a turnstile mechanism, which allows users to gradually move all ZEC from Orchard into the new pool.

In the latest post from privacy-optimisation project Project Tachyon, published on July 7,
In the latest post from privacy-optimisation project Project Tachyon, published on July 7 

As Orchard is phased out and more ZEC migrates into Ironwood, the community will gain stronger grounds to verify that the circulating supply is valid and that no abnormal amount of coins was created in the past.

However, building a new pool alone is not enough to restore user trust. For this reason, Project Tachyon is also carrying out a formal verification programme for Ironwood. Unlike conventional code audits, this method uses mathematics to prove that, at the design level, Ironwood does not contain vulnerabilities that could allow hackers to create fake ZEC in the future.

According to Project Tachyon, blockchain money-creation vulnerabilities can arise from three main causes: broken cryptographic assumptions, protocol-design flaws or implementation bugs in software. The Orchard vulnerability falls into the category of a protocol-design flaw, or specification bug, which is the type of issue most capable of allowing fake ZEC to be created without leaving any trace on the blockchain.

If the issue were only in the software implementation, abnormal transactions would still be recorded on-chain and could be detected by replaying the entire transaction history using a corrected version.

For this reason, the purpose of formal verification is not simply to prove that Ironwood has been patched, but to provide mathematical evidence that Ironwood’s design itself cannot contain the kinds of causes that would lead to this vulnerability.

Zcash co-founder Zooko Wilcox said the project is now very close to completing this mathematical proof. If successful, Ironwood would become the first Zcash shielded pool mathematically proven not to contain an undetectable fake-ZEC creation vulnerability, helping restore community confidence after last month’s security incident.

Conclusion:
Ironwood could become a key turning point for Zcash if it proves that the network can preserve privacy while also giving users stronger assurance over supply integrity. However, the recovery in ZEC will depend on successful deployment, community migration from Orchard and renewed trust after the previous security incident.