AI model finds four-year Zcash bug; ZEC drops 38%
Taylor Hornby used Anthropic’s Claude Opus 4.8 to find a four-year flaw in Zcash’s Orchard pool that could mint unlimited ZEC; exploit verified, emergency patch deployed and ZEC fell about 38%.
In May, security researcher Taylor Hornby used Anthropic’s Claude Opus 4.8 to locate a four-year-old flaw in Zcash’s Orchard shielded pool. Hornby built and tested a working exploit, reported it to Zcash developers, and an emergency protocol patch was applied on June 1.
The bug was embedded in two lines of code in the Orchard circuit. A check that appeared to validate transaction inputs did not enforce the intended rule, which could have allowed an attacker to create ZEC inside the shielded pool without detection.
Zcash developers reviewed Hornby’s report, reproduced the exploit and released the urgent fix. Developers reported the patch addressed the immediate vulnerability and said further audits are planned.
The disclosure triggered a market reaction. Zcash’s token fell about 38% after the issue was made public.
The flaw had existed for more than four years and had not been found in earlier reviews by specialists working on zero-knowledge proofs.
Security experts highlighted the case as an example of advanced AI being used to find subtle logic and protocol-level errors. Ben Goertzel, founder and CEO of SingularityNET, described the discovery as an early marker of a change in how security research is done and said models can reason about whether software behaves as designers intended.
Sean Ren, CEO of Sahara AI and a computer science professor, warned that open-source blockchain code can be directly analyzed by powerful models and urged projects to use those models to test defenses.
Danny Jenkins, CEO and co-founder of ThreatLocker, noted that modern models can perform tasks in seconds that once took hours or days, increasing the number of people able to locate vulnerabilities.
Shielded Labs hired Hornby to use a frontier model specifically to hunt for protocol-level faults. The team described that work as part of a proactive review process.
Developers and security firms urged integrating AI-driven testing into development and audit cycles and preparing for faster discovery of both accidental and malicious flaws.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
