AI discovers critical Zcash vulnerability, exposing privacy coin tradeoffs as ZEC crashes 40%

Zcash Bug Crisis Shows Privacy Cuts Both Ways, Experts Say

Some said tradeoffs between privacy and auditability are "part of the deal," pointing to bugs patched in years past. Shielding funds from prying eyes has long been Zcash's forte, but investors' unease on Friday indicated that the privacy coin's core feature can also resemble an Achilles' heel. Following the disclosure of a bug that had the potential to unleash a wave of counterfeit coins, Zcash tanked to its lowest point in over a month. The digital asset recently changed hands around $350, a 33% decrease over the past day, according to CoinGecko, after falling below $265 overnight. Zcash allows users to hide transaction details, featuring a design where they can switch between address types that are either transparent or shielded using a technology known as zero-knowledge proofs. That appears to be why investors are spooked. "There is no definitive way to determine, using only cryptography, whether such exploitation occurred," Shielded Labs, an organization that supports Zcash's development, said in a disclosure, noting that the four-year-old vulnerability was fixed earlier this week. Nic Carter, founding partner of investment firm Castle Island Ventures, told Decrypt that the development may be disconcerting, but the tradeoff between privacy and auditability is not a foreign concept for people who have followed the crypto market for years. He pointed to a Zcash bug discovered in 2018 that theoretically allowed bad actors to mint counterfeit coins before it was fixed the following year. In 2017, Zcash's chief competitor, Monero, also patched a bug that allowed for the creation of an unlimited number of coins. "I don't think it's game over for Zcash," Carter added. "Some newcomers to the space, they might be a little perturbed by it, but it's basically part of the deal." Members of Monero's community echoed that sentiment, including Cake Wallet COO Seth Simmons. He praised Shielded Labs on X for fixing the exploit quickly, working with stakeholders, and being honest and transparent so Zcash's whole ecosystem could improve. "No Monero folks should be looking to dunk on Zcash," he added. "It's a natural downside to building out privacy as the default in these systems." Still, the privacy coin has been increasingly positioned by analysts and advocates as a privacy-enhanced alternative to Bitcoin, and backers of the largest digital asset by market cap took the opportunity to highlight pitfalls associated with on-chain privacy. "This will happen again in Zcash," Rob Hamilton, CEO of Bitcoin insurance firm AnchorWatch, argued on X. "You'll just never be able to prove it because you can't audit the supply." Beyond Zcash, the vulnerability that Shielded Labs said was identified using Anthropic's recently released Claude Opus 4.8 model carries implications that are "a little bit concerning," Carlos Guzman, vice president of research at crypto trading firm GSR, told Decrypt. Whether or not artificial intelligence will benefit bad actors or organizations that strengthen protocols more remains an open question, but complex cryptography is becoming less of a barrier to detecting critical flaws, Guzman said. "There aren't many experts that are familiar with these circuits, so they are kind of hard to hack," Guzman added, referring to systems that use zero-knowledge proofs. "But with AI, [...] the ability to find bugs in these systems is getting democratized."

Why ZEC fell 40% even after Zcash patched a shielded pool bug

ZEC fell 40% after Zcash disclosed and fixed a critical Orchard pool bug. Markets reacted strongly despite no confirmed exploitation. Zcash (ZEC), a major privacy-focused digital asset, fell around 40% after Zcash fixed a private pool bug in the first week of June 2026. The cryptocurrency moved lower, slipping below $350 and losing more than $3 billion in total market value. The decline followed Zcash's official disclosure of a serious security vulnerability in the Orchard shielded pool. The bug, a "soundness" vulnerability in the zero-knowledge proof circuit, may have existed since the Orchard pool was activated in 2022. In a protocol like Zcash, soundness refers to the network's ability to validate only genuine ledger transactions and state changes. A soundness vulnerability is a structural flaw that can allow the system to approve state changes or operations that do not meet the required verification rules. The vulnerability was found through an AI-assisted code review. It was reported through formal disclosure channels and quickly addressed through an urgent soft fork, followed by a permanent hard fork, NU6.2. Although investigations found no signs of active exploitation and the network's internal turnstile controls prevented unauthorized supply expansion, the event caused broad market concern. The case showed how difficult it can be to balance strong transaction privacy with security checks that users and markets can trust. Zcash relies on zero-knowledge cryptography, specifically zk-SNARKs and later halo2_gadgets, to support confidential transactions. This technology hides transaction values and the cryptographic identities of both parties. Over time, Zcash introduced several shielded pools: Sprout, Sapling and Orchard. Orchard was activated through NU5 on May 31, 2022, and brought improved efficiency, security and privacy features. As the main infrastructure for private transactions on the network, the Orchard pool held a large volume of confidential assets. Estimates indicate that more than 4.5 million ZEC were subject to operational limits during the brief stabilization phase. Transparent transactions and Sapling-based transactions continued to work normally throughout the event. However, the issues in Orchard weakened broader market confidence in the network's core goal of private asset transfers. Zcash has managed serious protocol flaws before through a preventive approach. For example, an earlier inflation risk in the Sprout pool was fixed without any loss of funds. That past case shaped mixed views within the ecosystem during the latest resolution process. Did you know? The vulnerability was found with help from Claude Opus 4.8. It became one of the most high-profile examples of AI helping identify a critical blockchain security flaw before any known exploitation. On May 29, 2026, Taylor Hornby found the flaw while conducting ongoing Zcash security research commissioned by Shielded Labs. The review used Anthropic's Claude Opus 4.8 along with a custom AI-powered analysis suite. The main vulnerability was in the Orchard Action transaction logic. More specifically, it was in the halo2_gadgets component that handles variable-base scalar operations. The flaw came from using the assign_advice() function where the stricter copy_advice() function was required. The flaw could have allowed Orchard to accept invalid state transitions, potentially enabling double-spending or counterfeit ZEC within the Orchard pool. Shielded Labs said Hornby, with help from Opus 4.8, wrote a complete exploit that generated unlimited, undetectable counterfeit ZEC in a local regtest environment. A working proof-of-concept exploit was developed quickly. In a regtest environment, it could create large counterfeit amounts. However, the network's turnstile invariant prevented unlimited total supply inflation and limited the impact to the shielded pool. Prior audits by top cryptographers and earlier AI models had missed the flaw. Did you know? Zcash's Orchard pool was introduced in 2022 as the network's most advanced privacy system. It replaced older designs with better efficiency while preserving the project's core goal of confidential transactions. Zcash Open Development Lab (ZODL), the Zcash Foundation (ZFND) and other ecosystem participants coordinated a response to address the vulnerability. Key actions included: * Promptly notifying core development teams about the issue. * Deploying an emergency soft fork through Zebra 4.5.3, which activated near block 3,363,426 on June 2. The soft fork temporarily suspended Orchard-related actions to remove the immediate attack path. * Activating the NU6.2 network upgrade on June 3 at block 3,364,600 through Zebra 5.0.0. This upgrade introduced a revised circuit, a replacement verifying key known as FixedPostNu6_2 and additional consensus safeguards. After these changes, Orchard functionality was restored. A hard fork was required because fixing a zero-knowledge proof circuit bug meant updating the pinned verifying key. This could not be done through a regular node software patch alone. Node operators were urged to upgrade to Zebra 5.0.0 quickly. Throughout the process, the Zcash Foundation said there was no known exploitation, no evidence of unauthorized value creation, the total ZEC supply remained intact and user privacy was not affected. On June 4, Zooko Wilcox, Jason McGee and Taylor Hornby released a detailed public explanation of the incident. They acknowledged that, because of Orchard's privacy properties and the nature of the bug, there is no definitive cryptographic way to determine whether the vulnerability had been exploited before discovery and remediation. Still, they assessed prior exploitation as unlikely because the flaw had evaded years of expert review, was found through a deliberate white-hat effort and was fixed quickly. Shielded Labs also outlined long-term plans. These included a possible new shielded pool with turnstile accounting to improve supply verification. It also planned continued AI-assisted security work with Hornby, a formal verification project for the Orchard circuit and hiring for security and cryptography roles. Did you know? Even though the Orchard flaw could, in theory, have created counterfeit ZEC within the shielded pool, Zcash's separate turnstile mechanism helped protect the overall ZEC supply from uncontrolled inflation by tracking balances and enforcing value-flow rules across pools. Selling pressure increased around the disclosure and later protocol upgrades. Some market observers noted that ZEC initially showed resilience and briefly traded above $600 despite broader market weakness. However, sentiment shifted once details of the vulnerability became widely known. The asset later fell below $350. Several factors contributed to the crash: * Uncertainty over whether the flaw had ever been exploited. * The inability to fully verify past activity within a privacy-preserving system. * Reports that Arthur Hayes had liquidated his ZEC position in response to the incident. * Renewed concerns about the complexity and perceived risks of privacy-focused cryptocurrencies. The turnstile helped confirm that more ZEC did not leave Orchard than entered it. However, it does not make every internal movement inside the shielded pool publicly visible. That is why some observers remained concerned: A private-pool exploit could, in theory, distort balances inside Orchard while still staying within the pool's public entry-and-exit limits. This does not prove exploitation occurred, but it explains why the market remained uneasy even after the fix. Online discussion added to these concerns. In the Monero community, some participants argued that the temporary suspension of private transaction functionality exposed weaknesses in Zcash's privacy and decentralization model. Comparisons were often made with Monero's design. On broader crypto forums, users focused on the temporary disruption affecting a major shielded pool. They also debated what the incident meant for confidence in the project. Reactions within the Zcash community were more balanced. Some members stressed that the network had not been fully halted and noted that the vulnerability had been addressed before any confirmed exploitation. Others pointed to the transparent handling of the incident and the proposed supply-verification improvements as positive developments. Some users acknowledged the short-term inconvenience caused by wallet and exchange upgrade requirements. However, many viewed the event as a major operational test that ultimately showed the network's ability to respond effectively under pressure. The incident highlights several broader themes that go beyond Zcash and are relevant to the wider crypto sector: * The growing role of AI in cybersecurity: Advanced AI tools are making it easier to find highly complex vulnerabilities. While this strengthens defensive work, it also raises concerns that malicious actors could use similar tools to find vulnerabilities more efficiently. * The tension between privacy and transparency: Systems designed to maximize privacy can make it difficult to determine whether certain exploits have occurred. This challenge has renewed discussion around how privacy-focused networks can improve supply verification without compromising their core principles. * The importance of effective crisis management: The quick deployment of both temporary and permanent fixes showed that multiple ecosystem participants could coordinate under pressure and implement protocol changes within a short period. * The influence of perception on asset prices: Market behavior is often driven by uncertainty and sentiment, not just technical factors. As a result, security concerns can quickly affect valuations even when fixes are already in place. From a technical perspective, Zcash has addressed the underlying vulnerability, maintained the integrity of its monetary base and outlined additional investments in security research. These factors may help rebuild confidence over time. Still, market sentiment toward privacy-focused digital assets continues to fluctuate, and future developments will likely remain closely watched. Planned initiatives include expanded formal verification work and ongoing AI-assisted security assessments. For users and investors, keeping software up to date and following announcements from official project channels remains essential. The situation also serves as a reminder to weigh both the potential benefits of privacy-enhancing technologies and the risks of complex cryptographic systems before taking financial exposure

Zcash Crashes Up To 50% In 2 Days After AI Exposes Critical Vulnerability

Security Engineer Used Claude Opus 4.8 To Find The Bug On May 29 On May 29, Shielded Labs security engineer Taylor Hornby discovered the Orchard circuit vulnerability using Anthropic's newly released Opus 4.8 model and immediately shared findings with engineers at the Zcash Open Development Lab. The flaw made it possible to mint counterfeit ZEC that would be completely undetectable within the shielded pool. "Taylor, with the help of Opus 4.8, wrote a complete exploit which, when he tested it in a local regtest environment, generated unlimited, undetectable counterfeit ZEC," Shielded Labs wrote. The bug has been present since Orchard's activation in May 2022 and was patched on June 1. Actual Exploitation Is Unlikely But Can't Be Confirmed Shielded Labs said the team is not "overly concerned" that counterfeiting occurred before the fix, noting the vulnerability went undetected for years even under scrutiny from the world's best cryptographers. However, the privacy properties of the Orchard pool make it impossible to definitively rule out exploitation. In response, Shielded Labs is exploring a network upgrade that would allow anyone to verify the integrity of the entire Zcash supply and prove no counterfeit coins exist in the Orchard pool. The proposal would also deploy a new shielded pool and enforce turnstile accounting on all existing Orchard coins. ZEC Chart Shows $250 Trendline Absorbed The Crash Wick ZEC is down 25% on the day after intraday wick reached $250 before recovering. The single candle wiped out months of gains from the March to May rally that peaked near $700. Every EMA now sits overhead as resistance between $366 and $538. RSI sits at 34.35 with a bull divergence signal near oversold territory. Holding above $300 and reclaiming the 200 EMA at $366 targets $429. Losing $250 on a daily close opens capitulation toward $200 then $150. Image: Shutterstock Market News and Data brought to you by Benzinga APIs To add Benzinga News as your preferred source on Google, click here.