Zcash entered this week as one of the strongest performers in crypto, up over 700% since September 2025 on the back of surging demand for privacy coins. By Friday morning, it had lost nearly half its value.
The crash was triggered by the disclosure of a critical vulnerability in Zcash’s Orchard shielded pool, the cryptographic system that powers the token’s most advanced privacy features. The flaw could have allowed an attacker to create unlimited counterfeit ZEC that would be completely undetectable within the shielded pool. No trace. No signature. No way to know it happened.
The bug had been sitting in the code since Orchard’s activation in May 2022. Four years. It survived review by some of the most capable cryptographers in the world. Conference presentations. Academic papers. Multiple audits. Nobody found it.
Then on May 29, a security researcher named Taylor Hornby used Anthropic’s Claude Opus 4.8 AI model, released just one day earlier, and found it in a single session. He wrote a complete working exploit. He tested it in a local environment. It generated unlimited counterfeit ZEC. He disclosed it privately that same evening.
ZEC crashed from approximately $736 to as low as $400, a decline of up to 50% over 36 hours. Arthur Hayes liquidated his entire ZEC position. Over $3 billion in market capitalisation evaporated. And the crypto industry got its first real demonstration of what happens when AI-powered code auditing meets zero-knowledge cryptography.
What the Bug Actually Did
The vulnerability lived inside the halo2_gadgets crate that powers Orchard’s zero-knowledge proofs. Specifically, two lines of code left an elliptic curve multiplication check under-constrained. That technical description translates to something terrifying in practical terms.
Zero-knowledge proofs are the mathematical systems that let Zcash verify transactions without revealing who sent what to whom. They’re the foundation of the token’s privacy guarantees. For these proofs to work securely, every mathematical constraint in the circuit must be airtight. If one check is missing or incomplete, invalid inputs can slip through verification.
The under-constrained elliptic curve check meant that mathematically invalid inputs could pass verification that should have rejected them. An attacker who understood the flaw could construct a transaction that created new ZEC from nothing. The forged tokens would appear identical to legitimate ones inside the shielded pool. No on-chain signature would distinguish them from real coins.
The implications are staggering. For four years, one day, and ten hours, anyone who understood the Orchard circuit well enough could have minted ZEC out of thin air. Silently. Undetectably. With no limit on how much they could create.
Why Nobody Knows If It Was Exploited
Here’s the detail that makes this vulnerability uniquely frightening: it is cryptographically impossible to determine whether anyone used it before the patch.
The privacy properties that make Zcash’s shielded pool valuable, the ability to transact without revealing amounts, addresses, or balances, also make it impossible to audit the pool’s total supply. You can’t look at the Orchard pool and count how many ZEC are in there. That’s the whole point of the privacy design.
Shielded Labs said the team is “not overly concerned” that counterfeiting occurred, noting that the vulnerability went undetected for four years even under scrutiny from world-class cryptographers. Their logic is that if the best cryptographers in the field couldn’t find it, a malicious actor probably couldn’t either.
That reasoning is plausible but unfalsifiable. There’s no way to prove a negative. And the market’s 42% selloff suggests that traders are not as comfortable with “probably fine” as Shielded Labs would like them to be.
Shielded Labs is proposing a network upgrade that would introduce transparent supply verification mechanisms, allowing the total ZEC supply to be audited without compromising individual transaction privacy. That upgrade would retroactively confirm whether counterfeiting occurred. Until it’s implemented, the question remains open.
How AI Changed the Game
The discovery’s significance extends far beyond Zcash. It represents a paradigm shift in how cryptographic protocols get reviewed.
Historically, zero-knowledge circuit audits required weeks or months of manual analysis by a handful of cryptographers with extremely specialised knowledge. These reviews are expensive, slow, and limited by the availability of human experts who can parse the mathematics. Even with the best teams, vulnerabilities can slip through because the circuits are enormously complex.
Hornby’s workflow demonstrated a fundamentally different approach. He paired Anthropic’s Opus 4.8 with a custom AI auditing framework designed specifically for zero-knowledge circuit review. The AI didn’t replace his expertise. It amplified it. Instead of manually tracing every constraint in the Orchard circuit, Hornby used the AI to systematically analyse the code, flag potential weaknesses, and verify whether those weaknesses were exploitable.
The result: a vulnerability that survived four years of expert human review was found in a single day with AI assistance.
The implications for the broader crypto industry are profound. Every zero-knowledge protocol, every privacy coin, every rollup that uses ZK proofs relies on the same kind of mathematical circuits that Zcash’s Orchard pool uses. If a four-year-old bug can hide in one of the most scrutinised ZK implementations in existence, similar bugs could exist in protocols that have received less attention.
Former OpenZeppelin CTO Manuel Aráoz had argued just days earlier that AI gives attackers an asymmetric advantage because defenders must find every bug while attackers need only one. Hornby’s discovery is a direct counterpoint. In this case, AI gave the defenders the advantage. The question is whether defenders will adopt AI auditing fast enough to stay ahead of attackers who will inevitably use the same tools offensively.
The Market Reaction
ZEC’s price collapse was among the most violent single-asset selloffs of 2026.
The token dropped from approximately $736 to as low as $400 within 36 hours, representing losses of up to 50%. Market capitalisation fell by over $3 billion. Trading volume spiked as holders rushed to exit positions before the full implications of the vulnerability became clear.
Arthur Hayes, whose fund Maelstrom had been one of the most prominent ZEC bulls, liquidated his entire position in response to the disclosure. His exit was public and immediate, sending a signal to the market that even the token’s most vocal institutional supporters weren’t willing to hold through the uncertainty.
The selloff is particularly painful because ZEC had been one of the best-performing tokens of the past nine months. The privacy coin rally that began in September 2025 had pushed ZEC up over 700%, driven by growing demand for financial privacy amid expanding surveillance, wealth tax discussions, and AI-driven monitoring. That rally made ZEC holders feel like they were on the right side of a secular trend. The vulnerability disclosure wiped out months of gains in hours.
The emergency hard fork patch was deployed between June 1 and June 3. The vulnerability is now fixed. But the trust damage extends beyond the technical fix. If the most audited privacy protocol in crypto had a four-year-old bug that could have created unlimited counterfeit tokens, what does that say about less audited protocols?
What This Means for Every Crypto Project
The Zcash vulnerability is a warning that applies to the entire industry.
Zero-knowledge proofs are the hottest technology in blockchain. Ethereum’s rollup roadmap depends on ZK proofs. Starknet, zkSync, Polygon zkEVM, and Scroll all use them. Privacy protocols from Aztec to Penumbra rely on them. The tokenisation infrastructure being built by BlackRock, DTCC, and Paxos increasingly incorporates ZK technology for privacy-preserving compliance.
If a critical bug can survive four years in Zcash’s circuits, which are among the most reviewed in the entire ZK ecosystem, similar bugs could exist in newer, less battle-tested implementations. The Orchard circuit had the attention of the field’s best cryptographers. Many newer ZK protocols have received a fraction of that scrutiny.
The takeaway isn’t that ZK technology is broken. The takeaway is that the auditing methods need to evolve as fast as the technology itself. Hornby demonstrated that AI-assisted auditing can find what human review misses. Every project using zero-knowledge proofs should be incorporating AI tools into their security review processes immediately. The bug that an AI could find tomorrow might be sitting in their code today.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Cryptocurrency investments carry significant risk. Always conduct your own research before making any investment decisions.
