An exchange on X between Polygon’s CTO Mudit Gupta and Zcash founder Zooko Wilcox reignited a long-simmering debate over whether privacy-preserving shielded pools can be perfectly audited — and, by extension, whether ZEC’s 21 million cap can be trusted under all conceivable failure modes. The dispute hinged on a familiar fault line in privacy-coin design: zero-knowledge protocols can obfuscate individual balances and flows, but they still must preserve a hard monetary base.
Gupta opened with a stark framing: “Nobody knows how many Zcash tokens actually exist. Shielded assets like Zcash are hard to audit. In March 2019, an infinite mint bug was detected in Zcash shielded assets. It was fixed in October 2019 but there is no guaranteed way to tell if the bug was ever exploited.”
https://twitter.com/Mudit__Gupta/status/1982580591553044632?ref_src=twsrc%5Etfw” rel=”nofollow noopener” target=”_blank
He later softened the immediate risk assessment — “Based on heuristic, it’s unlikely the bug was exploited so no reason to panic” — while stressing what he called an enduring category risk: “I’m just highlighting an attack vector with Zcash and similar privacy pools… I’m not claiming any bug was exploited, just mentioning the possibility and risk.”
Wilcox pushed back, calling the initial post “not accurate,” and pointed Gupta to “publicly-verifiable on-chain audits” that track the monetary base. “They show the integrity of the Zcash monetary base. A straightforward game-theoretic analysis further shows zero counterfeiting,” he wrote, linking to community dashboards and documentation.
In a follow-on, Wilcox encapsulated the ZEC position with a thought experiment about the legacy Sprout pool: “Suppose someone counterfeited ZEC in the Sprout pool before October 28, 2018. Then there is a ‘race to the exits’ between the counterfeiter and his victims. Whoever moves their ZEC out of the Sprout pool first gets to keep all the money. Conclusion: there was no counterfeiting.” He added that “even if there was counterfeiting… there would still be only 16,355,911 ZEC in existence, and still only 21 M ever. Thanks, turnstiles!”
Stripped to its essentials, the technical disagreement is less about Zcash’s intended monetary policy and more about the edge-case guarantees when privacy meets auditability. Zcash’s published economics mirror Bitcoin’s: a fixed 21 million upper bound and a halving-style issuance schedule. That cap is unambiguous in official materials.
The controversy traces back to the counterfeiting vulnerability affecting ZEC’s earliest shielded pool, Sprout. According to the Electric Coin Company (ECC) and the Zcash Foundation, the flaw was discovered privately in 2018 and publicly disclosed on February 5, 2019; critically, the Sapling upgrade that activated on October 28, 2018 removed the vulnerable construction, and Zcash introduced “turnstile” accounting to constrain exits from shielded pools to, at most, the amount verifiably entered.
ECC reported at disclosure that it had seen “no evidence that counterfeiting has occurred,” a stance it has reiterated, and it described turnstile enforcement as a defense to preserve the monetary base even under hypothetical counterfeiting.
This is the heart of Wilcox’s argument. Because ZEC can only enter or leave a shielded pool via transfers that reveal values at the boundary, the chain can compute an expected pool balance. If more value tries to exit than has ever entered, the discrepancy becomes observable at the turnstile.
The “race to the exits” intuition — while informal — captures the idea that any attacker who minted bogus ZEC inside Sprout would be competing against legitimate holders to withdraw before the turnstile constraint bites; absent an unexplained drain to zero or a negative reconciliation, long-lived counterfeiting is inconsistent with observed pool totals. Zcash’s documentation describes these value-pool turnstiles and their role in monitoring pool integrity, and community discussions dating back years have treated them as the canonical mitigation.
Gupta’s rejoinder is about epistemic certainty, not policy intent. “Perhaps I should have been clearer,” he wrote. “Due to [the] possibility of bugs, there’s no guarantee that the shielded pools have the same amount of Zcash circulating inside them as transparent Zcash that went in. Therefore, you can’t be 100% sure of the actual total supply… [though] the likelihood of a bug like this being exploited is essentially 0.”
At press time, ZEC traded at $325.
Featured image created with DALL.E, chart from TradingView.com
Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
“Will I be replaced?” It’s a common question asked as the technological advancements of artificial…
Prime Minister Narendra Modi says his talks with the Dutch PM also focused on expanding…
zk_70a0641c428b4d9da61ff3313ec30429 Odomknite tajomstvá úspechu v Malina Casino: kompletný sprievodca pre hráčov Kasína, či už kamenné…
Descrease article font size Increase article font size As Canada gears up to co-host the…
By Staff The Canadian Press Posted May 16, 2026 6:01 pm 1 min read Descrease…
With global macroeconomic pressures not abating any time soon, and inflation signals coming in higher…