Morning Minute: Massive ZCash Exploit Found by Claude, Extent Unknown

The ZCash team hired a hacker to find an exploit in the ZCash protocol, and he exposed a glitch that has been out there for four years

By Tyler Warner

Edited by Stephen Graves

Morning Minute is a daily newsletter written by Tyler Warner. The analysis and opinions expressed are his own and do not necessarily reflect those of Decrypt. And check out our new daily news show covering all of the top stories in 5 minutes, downloadable on Apple Pod or Spotify.

Today’s top news:

Bitcoin holds steady while other majors dip; BTC at $62.5kBTC ETFs see net inflows for first day since May 14ZEC exploit vector confirmation sends the token down 43%First Fannie Mae-backed Bitcoin mortgage completedPump Fun launches Pump Fun Go as new bounty marketplace

On May 29, a security researcher named Taylor Hornby discovered a critical vulnerability in Zcash’s Orchard privacy pool that would have allowed an attacker to mint an unlimited amount of counterfeit ZEC.Hornby, who was hired by the ZCash team for this exact reason, found it using Anthropic’s Claude Opus 4.8. By June 1, the Zcash ecosystem had deployed an emergency fix, solving the issue—tho it was exploitable for the past 4 years.What the vulnerability was: The Orchard pool, Zcash’s most advanced shielded transaction layer, active since May 2022, uses zero-knowledge proofs to validate transactions without revealing amounts or participants. The bug in plain terms: a specific check that was supposed to validate transaction inputs wasn’t actually enforcing the rules it appeared to enforce. An attacker who discovered it could feed false inputs into that check and have it pass anyway—generating ZEC from nothing, with the ZK proof system blessing the fraudulent transaction as valid.Hornby, with Opus 4.8’s assistance, wrote a complete working exploit. He tested it in a local environment and it worked: unlimited, undetectable counterfeit ZEC, indistinguishable from legitimate coins. He immediately disclosed it to ZODL, Zcash’s coordinating development body, rather than running it on mainnet.

What makes the exploit impact unknown: Because Orchard is a privacy pool, there is no way to cryptographically determine whether this vulnerability was exploited between May 2022 and June 2026. The privacy properties that make Orchard valuable are the same properties that make exploitation undetectable.Now the team that hired Hornby says that prior exploitation is unlikely. The bug evaded years of scrutiny from world-class cryptographers, the discovery required cutting-edge AI tools available only to white-hat researchers, and the remediation window was narrow. But they were explicit: users should not rely on their assessment alone.What happens next: Shielded Labs is proposing a Network Upgrade that would deploy a new shielded pool and enforce “turnstile accounting” on all coins from the Orchard pool. This would essentially force every existing Orchard coin to pass through a verifiable checkpoint that would expose any counterfeited supply. This requires broad community governance support and a standard Zcash network upgrade process. A detailed proposal is expected next week. Shielded Labs is also formally initiating a project to mathematically verify the entire Orchard circuit from scratch, and is hiring a Head of Security and a Cryptographer.

Why this matters beyond Zcash: This is the clearest real-world demonstration yet of what Anthropic’s most capable AI model can do in the hands of an expert security researcher. Hornby used Opus 4.8 released publicly on May 28, and within 24 hours of its release, he found a four-year-old critical bug that had survived multiple rounds of expert human review.And this was just Opus 4.8. Mythos is coming soon. And there will be better models coming after that. Every crypto protocol has to be on notice—try to hack/exploit your own protocol with hired Whitehat hackers. Or roll the dice and wait for the Blackhats to do it for you.The clock is ticking, and the near-term fate of the broader crypto space is likely hanging in the balance.