Security engineer Taylor Hornby, who discovered a critical flaw in Zcash’s Orchard shielded pool that could have allowed unlimited counterfeiting of ZEC tokens, has announced plans to audit Monero and other privacy-focused cryptocurrencies.
Hornby found the vulnerability on May 29 using Anthropic’s Claude Opus 4.8 AI model. The bug had been undetected since the Orchard pool’s activation in May 2022-four years of a live vulnerability that could have been used to mint fake ZEC.
Hornby was engaged by Shielded Labs in April 2026. He identified the flaw just days into his AI-assisted review. He reported it to the Zcash Open Development Lab, which implemented an emergency soft fork by June 1 and a full network upgrade, NU6.2, on June 2.
ZEC fell by at least 38% following the disclosure, as traders priced in the possibility the bug had already been exploited. Hornby said he reported rather than exploited the vulnerability because the Zcash developers were “like family.”
Hornby’s use of AI-assisted auditing signals a potential new standard for privacy-focused protocols.
Monero uses a fundamentally different privacy architecture-ring signatures, stealth addresses, and RingCT-versus Zcash’s zero-knowledge proofs. But the same opacity that protects user privacy could conceal a counterfeiting bug if one exists. Hornby’s extended audits mean holders should brace for potential volatility, even if no exploitation is found.