Taylor Hornby, a safety researcher who works with Shielded Labs, found a bug on Could 29, 2026 – simply in the future after Anthropic launched Opus 4.8- that resulted in billions of {dollars} faraway from the challenge’s market capitalization.
The flaw affected a shielded pool throughout the protocol’s design that powered non-public Zcash transactions, and was critical sufficient to set off an emergency response throughout all the ecosystem. It resulted in a sudden sell-off that noticed ZEC’s worth crash by roughly 60%, thereby erasing greater than $4 billion in market cap.
The brief model of the story is comparatively easy: a lacking constraint in Zcash’s Orchard circuit might have allowed a malicious prover to spend the identical shielded notice many occasions over whereas producing completely different nullifiers. In follow, this implies an attacker might have inflated ZEC throughout the Orchard pool with out leaving an on-chain fingerprint.
The scary half is that this bug has existed since Orchard went dwell, and this occurred in Could 2022. Subsequently, the whole publicity window lasted for round 4 years, earlier than it was finally patched shortly after Hornby found it.
AI Helped Discover The Vital Vulnerability
This story isn’t simply in regards to the flaw, however the way in which it was discovered.
Hornby mentioned he used a {custom} “zcash-full-stack-auditor” agent framework with Claude Opus 4.8. It was designed to work at most effort and was pointed on the halo2 implementation, together with the Orchard circuit. The AI was trying to find soundness and zero-knowledge safety points.
The researcher reported that round 6 p.m. on Could 29, one of many audit brokers flagged a vulnerability that it believed could possibly be used to double-spend Orchard notes. Hornby then used Claude to assist write proof-of-concept code towards the same circuit, earlier than testing the problem towards the actual Orchard circuit.
Testing the Exploit with Claude
Hornby later constructed a full take a look at in Zcash’s native regtest mode, the place the exploit doubled the worth of an Orchard notice till the take a look at pockets stability exceeded 10 million ZEC. These transactions had been by no means broadcast to mainnet or testnet, after all, however the take a look at itself was important as a result of regtest applies the very same validation guidelines, that means that it might have been finished on mainnet with the identical diploma of success.
Per the official disclosure, the total PoC took roughly six hours to develop utilizing Claude Code’s assist. Hornby mentioned the mannequin wanted comparatively little steerage past a number of hints.
In fact, it’s necessary to grasp that this doesn’t imply that AI independently “hacked Zcash.”
Taylor Hornby is a famend specialist safety researcher. That audit was focused, and the instruments had been custom-built.
Nonetheless, the case exhibits how some frontier AI fashions are starting to considerably scale back the time required to analyze extremely complicated, technical methods.
The publish How One Man Used Claude Code to Uncover a Billion-Greenback Bug appeared first on CryptoPotato.