Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It.

Claude Opus 4.8 helped uncover a four-year-old critical flaw in Zcash that could have enabled undetectable creation of counterfeit coins.

On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He found one fast enough to be embarrassing.

The Orchard pool is the newest and most advanced shielded transaction system in the cryptocurrency Zcash. Introduced in 2022, it allows users to send and receive ZEC while keeping transaction details private. It uses zero-knowledge proofs to validate transactions without revealing amounts or participants. The bug: a specific check that was supposed to validate transaction inputs wasn’t actually enforcing the rules it appeared to enforce. An attacker could have exploited the flaw to feed false inputs into that check and generate ZEC from nothing, with the zero-knowledge proof system blessing the fraudulent transaction as valid.

“The vulnerability was present from Orchard’s activation in May 2022 until the emergency fix was deployed on June 1, 2026,” wrote Shielded Labs, the independent research and development organization behind Zcash. “Due to the privacy properties of Orchard and the nature of the bug, there is no definitive way to determine, using only cryptography, whether such exploitation occurred.”

Just one day after Anthropic released Opus 4.8, Hornby used the model to review Zcash’s Orchard privacy pool and uncovered a critical flaw. The bug, present since Orchard launched in May 2022, could have allowed an attacker to create unlimited counterfeit ZEC that would appear completely legitimate and remain undetectable.

Hornby developed a working proof-of-concept exploit in a test environment and immediately reported the issue to ZODL engineers, who deployed an emergency fix on June 1, 2026.

The researchers disclosed the flaw to ZODL, Zcash’s coordinating development body. ZODL addressed the flaw on June 1 with the release of an emergency fix. ZEC dropped 43% on the news, wicking as low as $250.

The uncomfortable part isn’t the bug itself. It’s that nobody can know whether someone else found it first.

“Because Orchard is a privacy pool, there is no way to cryptographically determine whether this vulnerability was exploited between May 2022 and June 2026.” reports Yahoo Finance. “The privacy properties that make Orchard valuable are the same properties that make exploitation undetectable.”

The Zcash team says prior exploitation is unlikely because the bug evaded years of expert review and required cutting-edge AI tools to discover. That is a reasonable argument, but it should not be taken as proof.

The proposed fix is a network upgrade called “turnstile accounting.” Shielded Labs wants to deploy a new shielded pool and force every existing Orchard coin through a verifiable checkpoint that would expose any counterfeited supply.

“Our assessment is that exploitation of this vulnerability was unlikely. However, we do not believe that users should rely on our assessment, or anyone else’s. Shielded Labs is exploring —with the help of other Zcash developers—a proposed Network Upgrade to allow anyone to verify the integrity of the Zcash supply and to prove the non-existence of counterfeit Zcash in the Orchard pool.” continues Shielded Labs. “The proposal involves deploying a new shielded pool and enforcing turnstile accounting on all coins from the Orchard pool.”

If counterfeit ZEC exists, it would show up as a discrepancy at that checkpoint. This requires community governance support and a standard Zcash network upgrade process; a detailed proposal is expected next week. Shielded Labs is also starting a project to mathematically verify the entire Orchard circuit from scratch, and is hiring a Head of Security and a Cryptographer.

The case highlights a key concern for security researchers: advanced AI models can uncover critical flaws in well-reviewed systems very quickly. Using Anthropic’s Opus 4.8, a researcher found a four-year-old Zcash bug within 24 hours of release. This suggests many cryptographic systems not tested against modern AI may still hide unknown vulnerabilities, with no clear way to assess their safety.

Opus 4.8 is the model that’s publicly available. Anthropic’s Mythos model isn’t. If a public release found this in 24 hours, the question every protocol team should be asking right now is who else has access to better tools, and what have they already found.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)