AI-assisted Zcash exploit reveals Orchard supply gap

A security researcher using AI tools found a soundness bug in Zcash’s Orchard zero-knowledge proof circuit that could have allowed unlimited creation of ZEC. Zcash deployed an emergency soft fork and then the NU6.2 hard fork to replace the circuit, and officials report no evidence of exploitation on mainnet. The fix moved from discovery to consensus upgrade in less than five days.

Shielded Labs security researcher Taylor Hornby discovered the vulnerability on May 29 while testing the Orchard proof circuit in a local regtest environment. Shielded Labs reports Hornby used Anthropic’s Opus 4.8 model, released May 28, together with a custom AI harness and prompts to generate a working exploit that produced counterfeit ZEC in the test environment. If run on mainnet, the exploit would have created shielded coins without an obvious on-chain signal.

Zcash developers confirmed the flaw within hours and activated an emergency soft fork at 02:00 UTC on June 2 at block 3,363,426 to temporarily disable Orchard actions. The protocol then enacted the NU6.2 hard fork at 00:05 EDT on June 3 at block 3,364,600. The hard fork replaced the pinned verifying key in the proof circuit and restored Orchard functionality.

The defect was a soundness bug: the proof system could accept an invalid proof. Because the circuit embeds a pinned verifying key, correcting the error required a consensus-level change. That update needed coordinated upgrades from miners, exchanges, wallet providers and node operators to take effect.

Supply accounting raised technical concerns. Orchard’s privacy protections hide amounts and balances, while the turnstile mechanism tracks aggregate value moving between shielded pools. Turnstile analysis did not detect unauthorized value creation in the window before remediation. Shielded Labs cautioned that Orchard’s privacy makes it cryptographically difficult to prove the supply was never altered and proposed routing existing Orchard coins through turnstile accounting so anyone can verify integrity on-chain.

Markets reacted after the disclosure. ZEC traded as high as $611 intraday before the announcement and later settled around $421 as traders weighed the patched circuit against the unresolved question of provable supply integrity.

The incident is part of a pattern of AI-assisted research reaching lower layers of blockchain infrastructure. Earlier this year an AI-assisted review found a high-severity bug in a major execution client that could have affected many validators. Researchers have also reported AI-agent exploit benchmarks with high success rates against smart contracts. Industry reports show large thefts and operational compromises remain a focus of attackers, with billions reported stolen in recent periods.

Zcash coordinated the response privately while the chain continued operating. The timeline from discovery to hard-fork activation was under five days. Shielded Labs has proposed a follow-up upgrade to create an on-chain record of Orchard balances through turnstile accounting; that change remains separate from the immediate consensus update that closed the soundness gap.