In a dramatic turn for privacy-focused cryptocurrencies, Zcash (ZEC) plunged 46% in a single day after the disclosure of a critical vulnerability in its Orchard Pool, while XRP Ledger developers seized the moment to unveil a new native privacy amendment. The bug, silently present since the NU5 upgrade in May 2022, was identified on May 29, 2026, by security engineer Taylor Hornby of Shielded Labs using AI-assisted formal methods. An emergency hard fork on June 3 patched the flaw, but the damage to trust was already done.
The vulnerability resided in an insufficient constraint in elliptic-curve multiplication inside the halo2_gadgets crate, potentially allowing crafted inputs to bypass circuit validity checks and mint counterfeit ZEC. Because of Orchard’s shielded architecture, it is cryptographically impossible to prove that no fake coins were created during the nearly four-year window. This struck at the core of Zcash’s sound-money narrative, leading to a full capitulation by major investors, including BitMEX co-founder Arthur Hayes, who announced he had liquidated his entire ZEC position.
Hayes, who had previously held ZEC as part of a self-styled ‘Holy Trinity’ portfolio alongside HYPE and NEAR, stated: “The probability of unauthorized minting is extremely low, but it cannot be proven cryptographically impossible… The narrative of protecting privacy from AI, governments, and Big Tech demands perfection.” ZEC’s price collapsed from above $600 to around $390, erasing over $3 billion in market capitalization and slicing through multiple moving averages.
Amid the Zcash crisis, the XRPL Foundation teased amendment XLS-0096 (Confidential Transfers for MPT), which introduces verifiable confidentiality to the XRP Ledger. Unlike blind anonymity, XLS-0096 uses EC-ElGamal homomorphic encryption and zero-knowledge proofs to encrypt user balances and transaction amounts from observers while allowing validators to verify total issuance, making invisible inflation mathematically impossible. The amendment also features an AI-resistant sigma protocol, a split balance model to prevent transaction freezes, and built-in mechanisms for selective disclosure and regulatory compliance. Initially deployed for multi-purpose tokens (stablecoins, tokenized assets), the groundwork could eventually extend to XRP itself.
