A newly discovered vulnerability in Zcash’s Orchard privacy pool sent shockwaves through the market on June 5, prompting BitMEX co-founder Arthur Hayes to sell his entire ZEC position just hours after details of the flaw became public.
The selloff has reignited a long-standing debate about privacy-focused cryptocurrencies: can users fully trust systems where certain supply-related exploits might remain hidden until long after they occur?
Hayes Sells as Zcash Team Works to Reassure Users
In a post on X, Hayes wrote, “The Holy Trinity is dead” and confirmed he had sold his entire ZEC holding after reports of the Orchard pool vulnerability. The issue was first disclosed by Zcash founder Zooko Wilcox and members of Shielded Labs, who explained that security researcher Taylor Hornby discovered the flaw on May 29.
The team warned that a malicious actor could have exploited this weakness to create unlimited fake ZEC in Orchard, Zcash’s protected transaction zone, without immediate detection.
Developers moved quickly and patched the vulnerability by June 1. Still, a serious concern remained: because of Orchard’s private design, there is no cryptographic way to prove whether the bug had been exploited before it was fixed. That uncertainty appears to have driven Hayes’s decision to exit his position.
“While I think it’s extremely unlikely any minting occurred, it cannot be formally cryptographically proved impossible,” he wrote, adding that privacy-focused assets demand “perfection not improbability.”
The market reacted immediately. CoinGecko data showed ZEC fell more than 35% within 24 hours to roughly $386, after trading as high as $611 during the same period.
The token has declined nearly 27% over the last week and more than 40% over two weeks, while trading activity surged as investors reassessed risk. Daily spot volume topped $1.7 billion amid the selloff.
CoinGlass recorded nearly $49 million in liquidations in the past day, with long positions accounting for more than $41 million of those losses.
This is the second recent occasion on which Hayes exited a position shortly after making bullish comments. The day before, he disclosed that he had sold his HYPE and NEAR holdings, having previously suggested HYPE could reach $150.
Supply Concerns Resurface as Questions Remain
News of the vulnerability prompted varied reactions across the crypto community. Investor Udi Wertheimer argued that privacy coins face a distinct category of risk compared with transparent blockchains because counterfeit issuance may remain undiscovered for extended periods, citing a past Zcash inflation bug that was revealed years after it existed.
Others took a more measured stance. Helius CEO Mert Mumtaz noted that major software bugs have appeared across the crypto ecosystem, including in Bitcoin, and that the immediate question is whether the vulnerability was exploited before the patch was applied.
Mumtaz also noted that Zcash developers are already planning a future network upgrade that could help verify supply integrity by migrating to a new shielded pool, which would add another layer of assurance over time.
Barry Silbert, founder of Digital Currency Group, pushed back against the negative reaction, arguing the disclosure illustrated the effectiveness of Zcash’s security processes rather than signaling their failure.
“The AI-enabled assault on blockchains is here and I’m proudly on Team Zcash,” he wrote.