Zcash loses over $5 billion after AI finds 4-year bug that could have created fake hidden coins
Zcash lost more than $5 billion in market value after its developers, using Anthropic’s Claude AI, discovered a long-running flaw in one of its privacy systems that could have enabled counterfeit tokens to be created without easy detection.
In response to this disclosure, data from CryptoSlate showed that ZEC fell more than 50% to as low as $255 before recovering to about $321 as of press time. This represents a sharp reversal for an asset that had climbed more than 1,000% over the past year as traders revived a broader bet on financial privacy.
The price decline caused the privacy-focused token’s market capitalization to fall from about $ 10 billion to roughly $ 4.5 billion during the reporting period. It has climbed to $5.3 billion as of press time.
Still, Zcash developers maintain that the vulnerability was found before attackers could use it, patched within days, and resolved through an emergency network upgrade.
However, the disclosure struck at a more difficult question for Zcash investors: how much assurance markets require when the affected system is built to conceal transaction amounts and wallet histories by design.
A private-money rally breaks on a public disclosure
Zcash was launched in 2016 as one of the earliest attempts to build private digital money. Unlike Bitcoin, whose ledger allows anyone to trace balances and transactions,
Zcash lets users move funds through shielded addresses that obscure amounts, senders, and recipients. This design has given the token renewed relevance as governments, exchanges, and analytics firms have expanded their ability to monitor public blockchains.
Data from Zechub shows that roughly 30% of circulating ZEC, equivalent to more than 5 million coins, now sits in shielded addresses.
The recent rally reflected that shift. Traders had treated ZEC as one of the clearest vehicles for a privacy trade, helped by rising anxiety over surveillance, artificial intelligence, and state access to financial data.
However, that momentum abruptly reversed after Shielded Labs published a detailed disclosure about a vulnerability in Orchard, Zcash’s most advanced shielded pool.
Shielded Labs said the flaw was discovered May 29 by Taylor Hornby, a security engineer it engaged in April to search for protocol vulnerabilities before malicious actors could find them.
Hornby used Anthropic’s Opus 4.8 artificial intelligence model while conducting a targeted review of Orchard’s cryptographic circuit.
The review found a bug that could have allowed an attacker to create counterfeit ZEC inside Orchard without detection. Shielded Labs said Hornby wrote a complete exploit and tested it in a local environment, where it generated unlimited counterfeit ZEC that appeared valid.
Hornby immediately disclosed the issue to Zcash Open Development Lab, which coordinated an emergency response.
Then, the network developers introduced a temporary network change to disable affected Orchard actions before rolling out a hard-fork upgrade that corrected the vulnerability and restored full functionality.
The bug sat inside Zcash’s shielded pool for years
The vulnerability was especially sensitive because Orchard has been active since May 2022. That means the flaw existed for about four years despite repeated reviews by cryptographers, engineers, and auditors.
For a layperson, the issue can be understood as a flaw in the rulebook that governs private Zcash transactions.
A shielded transaction includes a mathematical proof showing that it followed the protocol’s rules without revealing the amount or history of the coins. In Orchard’s case, one of those rules was written loosely enough that false information could still pass as valid.
Essentially, that flaw was in the implementation of the Orchard circuit, the set of instructions that determines whether a private transaction should be accepted.
In a transparent blockchain, a supply problem is easier to inspect because balances and transfers are visible. In a shielded pool, the system deliberately hides that information, and users rely on the correctness of the circuit to ensure that every private transaction follows the rules.
Mert Mumtaz, the co-founder and CEO of Helius, pointed out that most privacy protocols have this vulnerability, arguing that:
“In theory, with a zk privacy protocol (not just zcash), you could have a bug in a circuit that inflates supply provided someone extremely sophisticated finds it and somehow exploits it undetected (the difference between a regular defi exploit is that it’s harder to detect).”
This is one of the reasons why the market reaction to Zcash’s case was so severe.
While Zcash developers said there was no evidence that the bug had been exploited, and several Zcash backers argued that the quick disclosure and patch showed the network’s security process working.
For context, Gemini co-founder Cameron Winklevoss said:
“Zcash has unparalleled cryptographers, security engineers, and security researchers. And the community is heavily focused on continuous improvement and hardening the network. That’s why it engages world class security researchers to look for bugs. And that’s why the recent potential exploit was found. It wasn’t by accident and it’s a vote of confidence, not a cause for alarm.”
However, privacy coins face a narrower margin for doubt. Their value depends not only on secrecy but on confidence that secrecy has not weakened the monetary guarantees underneath it.
Due to this, BitMEX co-founder Arthur Hayes said he sold his entire ZEC position after reassessing the privacy thesis. Hayes said it was unlikely counterfeit ZEC had been created, but the inability to formally prove that point changed the way he viewed the trade.
He stated:
“The privacy from AI, govt, big tech narrative demands perfection not improbability.”
Shielded Labs acknowledged that uncertainty directly and conceded that there was no definitive way to determine through cryptography alone whether an exploitation occurred before the fix.
The proposed fix shifts the burden back to verification
Due to the current uncertainty in the market, Shielded Labs proposed a network upgrade that would create a new shielded pool and use turnstile accounting on coins migrating out of Orchard.
Market observers noted that this proposal is an attempt to answer the market’s central concern. If Zcash cannot prove from Orchard’s internal records alone that counterfeit coins were never created, it can try to force a migration path that reconciles value as coins move into a new system.
That process would be technically complex and socially sensitive. If no counterfeit ZEC exists, migration could help restore confidence. If a mismatch emerged, the community would face harder questions over which balances should be honored and how to protect users who held funds in the affected pool.
Meanwhile, Josh Swihart, founder of the Zcash-focused firm ZODL, said the more important long-term issue is how to prevent similar vulnerabilities from recurring. He pointed to formal verification, a process that uses mathematical proofs to confirm that a circuit’s implementation matches its intended rules.
Formal verification would reduce reliance on human review of a large and complex rulebook. Instead of asking auditors to catch every edge case by inspection, developers can create a concise specification and use computer-checked proofs to verify that the implementation follows it.
That approach is becoming more important as privacy systems become more sophisticated. Orchard was built for performance and contains special cases that make it harder to review manually. A simpler and formally verified circuit could reduce the surface area for this type of mistake.
Zcash developers and affiliated teams are now pursuing multiple security efforts, including continued work with Hornby, formal verification of Orchard’s circuit, and additional security hiring.
Shielded Labs also said a detailed proposal for supply-verification upgrades could follow shortly.
AI turns old bugs into immediate market risks
The Zcash disclosure highlights a fundamental shift in the economics of software security. While artificial intelligence did not create the Orchard vulnerability, it severely compressed the timeline between a hidden risk and its public discovery.
This acceleration poses a systemic challenge to the broader digital asset sector.
Cryptocurrency protocols rely on open-source code and complex financial logic to govern massive pools of capital, making them highly attractive targets. Decentralized finance (DeFi) applications, cross-chain bridges, and layer-1 blockchains have all suffered from foundational bugs missed during initial audits.
That threat is moving fast enough to alarm industry veterans. Last month, OpenZeppelin co-founder Manuel Aráoz urged investors to exit DeFi altogether, warning that AI agents are now capable of identifying vulnerabilities far faster than human reviewers.
The caution arrives as the DeFi sector faces mounting pressure, having lost over $1.1 billion to exploits in the past year.
Compounding these structural fears is Anthropic’s quiet unveiling of Claude Mythos. The vulnerability-seeking AI model was deemed too dangerous for public release by the San Francisco-based company, underscoring the potential for sudden, irreversible losses if such tools fall into the wrong hands.
In an interview with CryptoSlate, Deddy Lavid, chief executive of blockchain security firm Cyvers, emphasized the scale of the problem, estimating that the sector’s financial exposure to AI-driven exploits easily ranges from hundreds of millions to billions of dollars.
Ultimately, AI presents a double-edged sword for blockchain infrastructure. As these models become more sophisticated, they drastically lower the cost and effort required for attackers to find weaknesses, while simultaneously giving defensive researchers the tools to patch them faster.
This dual-use reality shaped the response from prominent crypto executives. Grayscale Chairman Barry Silbert framed the Zcash episode as clear evidence that digital assets have fully entered an “AI-enabled” threat environment.
Yet, industry advocates maintain that the fundamentals of protocol defense remain the same.
Gemini co-founder Tyler Winklevoss noted that software security has always been a continuous race between developers and malicious actors.
According to him, artificial intelligence has simply accelerated the pace for both sides. He stated:
“AI doesn’t change this game of cat and mouse, it just accelerates it. Every piece of software has to run this race. There’s no escaping it.”
