A security bug that slept inside Zcash’s code for 4 years just woke up at the worst possible time. The disclosure sent ZEC tumbling nearly 40% and left the entire Zcash ecosystem scrambling to answer a question that has no clean answer: did anyone exploit it before the fix? The story starts with a nonprofit developer called Shielded Labs. One of their security engineers, using an advanced AI model, discovered a critical vulnerability inside Zcash’s Orchard privacy pool. The flaw had been sitting undetected since May 2022, invisible to every audit and review that happened across those 4 years.