Taylor Hornby, a security researcher with Shielded Labs, discovered a critical bug on May 29, 2026—one day after Anthropic released Opus 4.8—that led to a multibillion-dollar decline in the affected project’s market capitalization.
The vulnerability impacted a shielded pool used by the protocol to support private Zcash transactions and was severe enough to prompt an emergency response across the ecosystem. The revelation triggered a rapid sell-off that drove ZEC’s price down by roughly 60%, wiping out more than $4 billion in market value.
In short, the issue stemmed from a missing constraint in Zcash’s Orchard circuit that could have allowed a malicious prover to spend the same shielded note multiple times while producing different nullifiers. In practical terms, an attacker could have inflated ZEC balances within the Orchard pool without leaving an obvious on-chain trace.
Worse, the bug had been present since Orchard launched in May 2022, leaving an exposure window of nearly four years before Hornby identified and reported the problem and it was patched.
AI Assisted the Discovery
Equally notable is how the bug was found. Hornby reported using a custom “zcash-full-stack-auditor” agent framework together with Claude Opus 4.8. The setup was configured for intensive automated analysis and focused on the halo2 implementation, including the Orchard circuit, searching specifically for soundness and zero-knowledge security weaknesses.
According to Hornby, around 6 p.m. on May 29 one of the audit agents flagged a potential vulnerability that could enable double-spending of Orchard notes. Hornby then used Claude to help develop proof-of-concept code against a similar circuit and subsequently tested the issue against the actual Orchard implementation.
Building and Testing the Proof-of-Concept
Hornby constructed a full test in Zcash’s local regtest mode, where the exploit effectively doubled the value of an Orchard note until the test wallet balance exceeded 10 million ZEC. Those transactions were never broadcast to mainnet or testnet; however, regtest enforces the same validation rules as mainnet, demonstrating that the exploit could have succeeded under real conditions.
The official disclosure states that the complete proof of concept took roughly six hours to develop with Claude Code’s assistance. Hornby noted the model required relatively minimal guidance beyond a few targeted hints.
It is important to clarify that this does not imply AI independently “hacked Zcash.” Hornby is an experienced security researcher, the audit was highly targeted, and the tooling was custom-built for the task. The AI served as an assistive tool that accelerated analysis and code generation rather than acting autonomously.
Still, the incident highlights how advanced AI models are beginning to shorten the time needed to probe highly complex technical systems, enabling researchers to find serious flaws more quickly. That capability can improve security when responsibly applied, but it also underscores the importance of prompt disclosure and coordinated responses to mitigate risks across cryptographic ecosystems.