Shares of Cypherpunk Technologies, the company backed by Cameron and Tyler Winklevoss, fell 37% on Friday after a privacy bug in Zcash raised concerns among investors. The stock, trading under ticker CYPH, dropped to 59 cents from its previous close, recovering slightly from an intraday low of 53 cents, according to Yahoo Finance.

The sell-off followed news from Shielded Labs, the organization behind Zcash, which disclosed a vulnerability in the privacy coin’s software. The bug, which went undetected for four years, could have theoretically allowed an attacker to create counterfeit ZEC coins. An emergency fix was deployed this week, but Shielded Labs could not guarantee the bug had not been exploited, leaving some investors nervous.

Winklevoss Twins Respond to Market Jitters

Cameron Winklevoss took to X to defend the project, stating that “there will be bugs” in any blockchain software. He emphasized the importance of having “world class researchers focused on hardening the network and staying ahead of the bad guys.” The twins had previously invested heavily in Zcash, with Winklevoss Capital leading a nearly $59 million private placement in Cypherpunk late last year.

The impact also spread to Gemini, the Winklevoss twins’ crypto exchange. Its shares, listed as GEMI, fell 4.4% to $4.41 amid broader pressure on U.S. stocks. The Nasdaq was on pace to slide more than 2% on Friday.

Zcash Price and Cypherpunk Holdings at Risk

The privacy coin itself saw a sharp decline. ZEC traded around $329, a 37% drop over the past day, according to CoinGecko. This was a far cry from the multi-year high of nearly $700 it hit in November. That same month, Cypherpunk announced its pivot to buying Zcash, purchasing 314,185 coins worth $102 million at an average price of $337 each. Friday’s plunge pushed the company’s holdings into the red. Last month, Cypherpunk reported a net loss of $77.2 million for the quarter ending March 31, largely due to the swing in Zcash’s value.

Some market commentators, like BitMEX co-founder Arthur Hayes, said they reduced their exposure to Zcash entirely. Hayes noted in an X post that it’s “impossible” to assess whether the bug was exploited because of Zcash’s privacy features, though he said he thinks it’s “extremely unlikely.” Cypherpunk pushed back against the doubt, stating on X that “there is zero evidence” of exploitation and adding that an attacker would have needed to “sit on counterfeit ZEC through a massive bull run instead of cashing out.”

The situation highlights the risks associated with privacy-focused cryptocurrencies, where bugs can be hard to detect and even harder to prove after the fact. For now, investors are left waiting to see if the fix holds and whether confidence in Zcash can recover.