Taylor Hornby, a safety researcher who works with Shielded Labs, found a bug on Could 29, 2026 – simply sooner or later after Anthropic launched Opus 4.8- that resulted in billions of {dollars} faraway from the venture’s market capitalization.
The flaw affected a shielded pool inside the protocol’s design that powered non-public Zcash transactions, and was critical sufficient to set off an emergency response throughout the whole ecosystem. It resulted in a sudden sell-off that noticed ZEC’s worth crash by roughly 60%, thereby erasing greater than $4 billion in market cap.
The quick model of the story is comparatively easy: a lacking constraint in Zcash’s Orchard circuit may have allowed a malicious prover to spend the identical shielded observe many instances over whereas producing totally different nullifiers. In observe, this implies an attacker may have inflated ZEC inside the Orchard pool with out leaving an on-chain fingerprint.
The scary half is that this bug has existed since Orchard went reside, and this occurred in Could 2022. Due to this fact, the whole publicity window lasted for round 4 years, earlier than it was in the end patched shortly after Hornby found it.
AI Helped Discover The Vital Vulnerability
This story isn’t simply in regards to the flaw, however the best way it was discovered.
Hornby stated he used a {custom} “zcash-full-stack-auditor” agent framework with Claude Opus 4.8. It was designed to work at most effort and was pointed on the halo2 implementation, together with the Orchard circuit. The AI was looking for soundness and zero-knowledge safety points.
The researcher reported that round 6 p.m. on Could 29, one of many audit brokers flagged a vulnerability that it believed may very well be used to double-spend Orchard notes. Hornby then used Claude to assist write proof-of-concept code in opposition to the same circuit, earlier than testing the difficulty in opposition to the true Orchard circuit.
Testing the Exploit with Claude
Hornby later constructed a full take a look at in Zcash’s native regtest mode, the place the exploit doubled the worth of an Orchard observe till the take a look at pockets steadiness exceeded 10 million ZEC. These transactions had been by no means broadcast to mainnet or testnet, in fact, however the take a look at itself was important as a result of regtest applies the very same validation guidelines, that means that it may have been executed on mainnet with the identical diploma of success.
Per the official disclosure, the total PoC took roughly six hours to develop utilizing Claude Code’s assist. Hornby stated the mannequin wanted comparatively little steering past a number of hints.
In fact, it’s necessary to grasp that this doesn’t imply that AI independently “hacked Zcash.”
Taylor Hornby is a famend specialist safety researcher. That audit was focused, and the instruments had been custom-built.
Nonetheless, the case exhibits how some frontier AI fashions are starting to considerably scale back the time required to analyze extremely complicated, technical programs.
The publish How One Man Used Claude Code to Uncover a Billion-Greenback Bug appeared first on CryptoPotato.