Nexo Earn with Nexo
Machine intelligence exposes flaw in Zcash protocol, says creator Eli Ben-Sasson

Machine intelligence exposes flaw in Zcash protocol, says creator Eli Ben-Sasson

An AI model caught a soundness bug in Zcash's Orchard circuit that went undetected by humans for four years, triggering emergency patches and a sharp ZEC sell-off

Share

Add us on Google
by Editorial Team

A critical vulnerability in Zcash’s privacy protocol sat undetected for four years. It took an AI model to finally spot it.

Eli Ben-Sasson, co-founder of Zcash, revealed that researcher Taylor Hornby, working with Anthropic’s Claude Opus 4.8, identified a soundness bug in the Orchard shielded payment circuit on May 29. The flaw could have allowed unlimited counterfeiting of ZEC, the protocol’s native token, without detection.

What went wrong, and how AI caught it

The bug traced back to an under-constrained circuit element within Zcash’s Orchard zero-knowledge proof system. That element allowed arbitrary false inputs to be fed into elliptic curve multiplication operations, effectively bypassing the mathematical checks that are supposed to guarantee transaction integrity.

Advertisement

Orchard has been live since its activation in 2022. That means this vulnerability existed in production for roughly four years, surviving multiple rounds of human auditing.

Hornby’s use of Claude Opus 4.8 as part of a targeted audit represents something genuinely new. Ben-Sasson endorsed this approach, calling for broader adoption of AI-assisted discovery and formal verification methods across the protocol.

The emergency response

Once the bug was confirmed, the Zcash development community moved fast. An emergency soft fork went live on June 1, just three days after discovery. A full hard fork, designated NU6.2, followed on June 3, completing the patch.

No evidence of mainnet exploitation was found. The ZEC supply cap remained intact, and forensic analysis confirmed no one had abused the flaw before the patch landed.

Market fallout and investor reaction

ZEC dropped between 30% and 48% following the disclosure, as traders processed the implications of a four-year-old bug capable of unlimited counterfeiting.

For context, Zcash launched in 2016 and has undergone multiple network upgrades and third-party security reviews since then. Orchard itself was introduced as an improvement over the earlier Sapling circuit, designed to offer better privacy and efficiency.

Ben-Sasson’s advocacy for formal verification — using mathematical proofs to guarantee that code behaves as intended — is the right instinct. In the interim, AI-assisted auditing may be the most practical layer of defense available.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.
MARKETS

Machine intelligence exposes flaw in Zcash protocol, says creator Eli Ben-Sasson

Machine intelligence exposes flaw in Zcash protocol, says creator Eli Ben-Sasson

An AI model caught a soundness bug in Zcash's Orchard circuit that went undetected by humans for four years, triggering emergency patches and a sharp ZEC sell-off

by Editorial Team

Share

Add us on Google

A critical vulnerability in Zcash’s privacy protocol sat undetected for four years. It took an AI model to finally spot it.

Eli Ben-Sasson, co-founder of Zcash, revealed that researcher Taylor Hornby, working with Anthropic’s Claude Opus 4.8, identified a soundness bug in the Orchard shielded payment circuit on May 29. The flaw could have allowed unlimited counterfeiting of ZEC, the protocol’s native token, without detection.

What went wrong, and how AI caught it

The bug traced back to an under-constrained circuit element within Zcash’s Orchard zero-knowledge proof system. That element allowed arbitrary false inputs to be fed into elliptic curve multiplication operations, effectively bypassing the mathematical checks that are supposed to guarantee transaction integrity.

Advertisement

Orchard has been live since its activation in 2022. That means this vulnerability existed in production for roughly four years, surviving multiple rounds of human auditing.

Hornby’s use of Claude Opus 4.8 as part of a targeted audit represents something genuinely new. Ben-Sasson endorsed this approach, calling for broader adoption of AI-assisted discovery and formal verification methods across the protocol.

The emergency response

Once the bug was confirmed, the Zcash development community moved fast. An emergency soft fork went live on June 1, just three days after discovery. A full hard fork, designated NU6.2, followed on June 3, completing the patch.

No evidence of mainnet exploitation was found. The ZEC supply cap remained intact, and forensic analysis confirmed no one had abused the flaw before the patch landed.

Market fallout and investor reaction

ZEC dropped between 30% and 48% following the disclosure, as traders processed the implications of a four-year-old bug capable of unlimited counterfeiting.

For context, Zcash launched in 2016 and has undergone multiple network upgrades and third-party security reviews since then. Orchard itself was introduced as an improvement over the earlier Sapling circuit, designed to offer better privacy and efficiency.

Ben-Sasson’s advocacy for formal verification — using mathematical proofs to guarantee that code behaves as intended — is the right instinct. In the interim, AI-assisted auditing may be the most practical layer of defense available.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.