On May 29, security researcher Taylor Hornby, hired by the Zcash team, discovered a critical vulnerability in Zcash’s Orchard privacy pool using Anthropic’s Claude Opus 4.8. The bug allowed an attacker to mint unlimited, undetectable counterfeit ZEC.
By June 1, an emergency fix was deployed. The Orchard pool, active since May 2022, uses zero-knowledge proofs. The flaw: a transaction input check wasn't properly enforced, letting false inputs pass validation. Hornby wrote a full exploit, tested it locally, and disclosed it.
Because Orchard is a privacy pool, it's impossible to determine if the vulnerability was exploited. The bug evaded years of scrutiny from world-class cryptographers. Shielded Labs is proposing a network upgrade with a new shielded pool and strict accounting to expose any counterfeited supply.
ZEC fell 43% to $306.