Here’s the terrifying part: we still don’t know if someone got there first.
On 29 May 2026 — less than 24 hours after Anthropic released Claude Opus 4.8 to the public — a security researcher named Taylor Hornby used the new AI model to find a critical vulnerability in Zcash’s Orchard shielded pool. The bug had been sitting there, dormant or possibly exploited, since May 2022. For four years, it could have allowed any attacker who found it to mint unlimited counterfeit ZEC — perfectly, invisibly, indistinguishably from legitimate coins.
Hornby, who was hired by ZODL (Zcash Open Development Lab, the project’s coordinating development body), wrote a complete working exploit, tested it locally, confirmed it worked, and immediately disclosed it rather than deploying it on mainnet. By 1 June, Zcash’s developers had deployed an emergency fix. The damage was contained — in theory.
The Bug Nobody Found for Four Years
Zcash’s Orchard pool is the network’s most advanced privacy layer. It uses zero-knowledge proofs (ZKPs) — cryptographic techniques that allow a transaction to be verified as valid without revealing the sender, recipient, or amount — to create what are known as shielded transactions. The privacy is the point.
The vulnerability resided in a validation check within the Orchard circuit. In plain English: there was a specific rule designed to verify that transaction inputs were legitimate. The rule existed in the code. It appeared to enforce itself. In practice, a crafted transaction could feed false inputs into that check and have it pass anyway — generating ZEC from nothing, with the ZK proof system blessing the fraudulent transaction as valid.
Hornby’s exploit worked cleanly. Unlimited, undetectable counterfeit ZEC. He chose disclosure over exploitation.
The Question Nobody Can Answer
Here’s the detail that should unsettle every Zcash holder: because Orchard is a privacy pool, there is no way to determine cryptographically whether this vulnerability was exploited at any point between May 2022 and June 2026. The same privacy properties that make Orchard valuable — shielding transaction amounts and participants from any outside observer — also make historical exploitation undetectable.
ZODL CEO Josh Swihart was explicit: users should not rely on the team’s assessment that prior exploitation is unlikely. His post on the incident was titled “Never Again.”
ZEC fell 38–43% on the disclosure, dropping from a local high near $635 to a low of approximately $250 before a partial recovery. The market formed its own view on the “probably fine” framing.
Shielded Labs is now proposing a network upgrade — codenamed Ironwood — that would deploy a new shielded pool and enforce “turnstile accounting” on all existing Orchard coins. Every coin would be forced through a verifiable checkpoint designed to expose any counterfeited supply. The upgrade requires community governance support and a standard Zcash network upgrade process. A detailed proposal is expected in the coming days.
This Isn’t Just a Zcash Problem
What makes this story more than a single-token crisis is what it demonstrates about AI and crypto security as a combined system.
Claude Opus 4.8 was publicly released on 28 May. Within 24 hours, it had helped a skilled researcher crack a four-year-old vulnerability that had survived multiple rounds of expert human review. Dragonfly Managing Partner Haseeb Qureshi — whose firm is an early Zcash investor — struck an optimistic note: “While AI found this bug, AI will also deliver the fix for the whole category: formal verification. I’m very bullish on this as the path to harden all software across the industry.”
Others were less sanguine. Ben Goertzel, CEO of SingularityNET, told CoinDesk that similar vulnerabilities are not confined to crypto. “Software infrastructures of banks and other centralised institutions are also very likely to embody serious bugs to be found by AI tools in the near future as well,” he said. He was explicit that other cryptocurrencies are “certainly very much likely to possess similar vulnerabilities.”
Ronghui Gu, CEO of security firm CertiK, described the dynamic as an “AI token consumption war.” Profit-driven hackers can now burn massive amounts of computing power targeting a single smart contract. Security firms protecting hundreds of clients simultaneously cannot match that concentration without prohibitive cost.
And Anthropic’s Mythos model — already rumoured to be substantially more capable than Opus 4.8 at identifying and chaining together software vulnerabilities — has not yet shipped.
Formal Verification: The Only Real Answer
The consensus response from researchers, investors, and developers converges on one solution: formal verification. The process involves writing mathematical proofs that can be automatically checked — effectively guaranteeing that a piece of code does only what it claims to do. Ethereum co-founder Vitalik Buterin described it in May as potentially “one of the most important tools for cybersecurity” in an era of increasingly capable AI.
The obstacle is mundane: developers rarely use it because it requires extra time, core libraries frequently depend on constructs that resist easy verification, and the performance trade-offs are real. None of these are insurmountable problems. They are, however, problems nobody has been sufficiently motivated to solve at scale — until now.
The Zcash incident is the first concrete, documented proof of what happens when a leading AI model is pointed at a complex cryptographic system by a motivated researcher with legitimate access. That researcher was a white hat. He chose disclosure. The next person running Opus 4.8 — or Mythos, or whatever comes after — may not.
Every protocol that has not yet hired someone to try to break it using the latest AI tools is essentially running the same experiment Zcash ran for four years. They just haven’t seen the results yet.
