AI-Assisted Zcash Flaw Exposes the Supply Integrity Gap an Emergency Fork Could Not Fully Close

The discovery of a critical flaw in Zcash's Orchard circuit marks a shift in the threat model for digital assets. Security researchers are no longer just targeting DeFi protocols; they are finding vulnerabilities in the base-layer systems that define valid money. An AI-assisted discovery of this Orchard flaw demonstrates that the next security crisis may originate within the cryptographic core of private transaction systems.

The vulnerability was identified by Taylor Hornby, a researcher at Shielded Labs, during a protocol security review on May 29. Using Anthropic's Opus 4.8—released May 28—alongside a custom AI harness and prompts, Hornby produced a complete local exploit in a regtest environment. The bug existed within the zero-knowledge proof circuit that powers Orchard, Zcash's newest shielded pool. If applied to the mainnet, the exploit could have allowed an attacker to mint unlimited counterfeit ZEC within Orchard without detection, bypassing the 21 million ZEC supply cap.

Zcash engineers confirmed the flaw within hours, triggering an emergency soft fork followed by a full consensus hard fork to close the vulnerability. While Zcash maintains there is no evidence of mainnet exploitation or unauthorized value creation, and that the 21 million supply cap remains intact, a fundamental verification gap remains.

The difficulty lies in the privacy properties of Orchard itself. Because Orchard hides balances, the network cannot easily prove that no supply tampering occurred. This creates a "patch-versus-proof" gap that persists until a follow-up upgrade can route coins through turnstile accounting to allow for direct integrity verification.

The market reacted to the uncertainty of the supply integrity. ZEC traded as high as $611 intraday before the disclosure and fell to around $421 as traders priced the difference between a patched system and a proven clean one.

This event signals that AI-assisted exploits are moving into the money layer. When the very mechanism used to ensure privacy also obscures the ability to audit the total supply, a patch is only the first step. The real challenge is restoring the ability to verify that the supply remains intact.

Watch for whether the proposed upgrade to turnstile accounting is implemented and if it successfully restores the ability to audit shielded balances.

Source