A Four-Year Zcash Bug Just Got Found by an AI Model Released the Day Before

 



An AI security audit uncovered what four years of human review inside Zcash's Orchard privacy pool never found.

On May 29, 2026, Taylor Hornby, a security researcher working under Shielded Labs, ran an automated audit of Zcash's halo2 cryptographic circuit using Anthropic's Claude Opus 4.8, an AI model that had been publicly released just the previous day. The audit flagged a missing circuit constraint in two lines of code inside the variable-base scalar multiplication gadget. That constraint was the one thing standing between the Orchard pool's internal accounting and a prover who wanted to spend the same note multiple times.

The bug had been there since May 2022 when Orchard first activated. Human auditors had reviewed the code before activation and again afterward. It stayed hidden.

Hornby built a working proof of concept using Claude's assistance, demonstrating in a local regtest environment that a wallet's Orchard balance could be inflated past 10 million ZEC by chaining the exploit. The attack left no on-chain signature and produced nullifiers indistinguishable from legitimate ones.

The Zcash Open Development Lab acknowledged the issue within hours and deployed an emergency soft fork on June 1 that disabled Orchard while a fix was prepared. By June 2, Orchard was re-enabled with the corrected circuit at block 3,364,600.

No confirmed exploitation occurred. But the privacy design of Orchard means no one can cryptographically prove that either.

What makes this story bigger than a patched bug is the Ironwood debate now running inside the Zcash community. The proposed upgrade introduces a migration turnstile that requires all existing Orchard funds to move into a new pool. Forum members are discussing what happens to ZEC holders who migrate last if any counterfeit balance somehow survived undetected. The structural mechanics, who absorbs any shortfall and how, are still being worked through.

Daira Emma Hopwood, a Zcash cryptographer, is working on formal mathematical verification of the Orchard circuit in parallel, using a computable elliptic curve library for the Lean proof assistant.

For the full breakdown of the vulnerability, the forum debate, and what this means for ZEC holders navigating the Ironwood migration window, read the complete coverage at CryptoNewsLive.org.

Comments