The bug hid in the code for four years. It took an AI to surface it.
On May 29, Taylor Hornby, a security engineer at Shielded Labs, ran Anthropic's Claude Opus 4.8 on a targeted audit of Zcash's Orchard circuit — the cryptographic heart of the privacy pool that went live in May 2022. What came back was alarming: a flaw that let an attacker mint unlimited counterfeit ZEC with no trace left on-chain. Human auditors had reviewed the same code for four years and missed it.
The technical problem traced to an insufficiently constrained element in the Orchard circuit. An attacker could feed false values into elliptic curve multiplication operations and still pass the zero-knowledge proof verification. Hornby built a working exploit in a local environment — the counterfeit faucet ran freely.
The response moved fast. An emergency soft fork on June 2 disabled Orchard entirely. A corrective hard fork followed on June 3 with a rewritten circuit. Shielded Labs has since proposed a broader network upgrade: a new shielded pool, turnstile accounting to verify Orchard coin supply, and an expanded security programme including formal verification work and new security hires.
The question nobody can fully answer is whether the flaw was exploited before the patch. Shielded Labs is direct: there is no cryptographic way to know. They argue exploitation was unlikely — finding the bug required cutting-edge AI tooling that was not available when Orchard launched, and the window before the fix was short. But "unlikely" is not "impossible," and that gap matters a great deal for a coin whose core promise is cryptographic certainty.
Markets reflected that gap. ZEC dropped roughly 30% to around $400 in the 24 hours following disclosure. For a privacy coin, a question mark over supply integrity cuts deeper than almost any other type of security incident.
