Zcash tumbles $5B after AI finds shielded-pool bug

The flaw was discovered May 29 by Taylor Hornby, a security engineer engaged by Shielded Labs in April to search Zcash’s code for vulnerabilities. Hornby used Anthropic’s Opus 4.8 model while examining Orchard, the protocol’s most advanced shielded pool.

Hornby reported that a rule inside Orchard’s cryptographic circuit was written loosely enough that incorrect values could pass validation. He said he built and tested an exploit in a local environment that produced counterfeit ZEC that appeared valid and then notified the Zcash Open Development Lab.

Network developers introduced a temporary change that disabled the affected Orchard actions and deployed a hard-fork upgrade to patch the circuit and restore full functionality. Teams involved reported no evidence the flaw was exploited on the live network before the fix.

Orchard has been active since May 2022, meaning the implementation error remained in the code for roughly four years despite prior reviews and audits.

The disclosure triggered a sharp market reaction. The ZEC price fell to about $255, down more than 50% from recent highs, before recovering to roughly $321 at press time. Market value declined from around $10 billion to about $4.5 billion during the sell-off and later rose to near $5.3 billion. Approximately 30% of circulating ZEC-more than five million coins-are held in shielded addresses.

Shielded Labs proposed a network upgrade that would create a new shielded pool and require coins leaving Orchard to migrate via turnstile accounting. The migration is intended to let the community reconcile supply as coins move into a system with verifiable accounting. Developers cautioned that such a migration would be technically complex and could raise governance questions if discrepancies appeared.

Reactions from industry figures varied. Cameron Winklevoss wrote that Zcash’s cryptographers and security engineers engage top researchers and that the discovery and quick patch reflect ongoing security work. Arthur Hayes wrote that he sold his entire ZEC position after reassessing the privacy thesis, arguing the field demands perfection rather than improbability. Mert Mumtaz of Helius noted that, in theory, zero-knowledge circuits can contain bugs that inflate supply and that such exploits are harder to detect inside shielded systems. Josh Swihart, a Zcash-focused developer, urged greater use of formal verification to mathematically prove that an implementation matches its specification.

The episode highlighted how advanced AI tools can change security workflows. The same models that helped defenders find the flaw can accelerate discovery by attackers. Zcash teams said they will continue working with Hornby, pursue formal verification of Orchard’s circuit, hire additional security staff, and present detailed proposals for supply-verification upgrades.