What to know:

• Security engineer Taylor Hornby, who recently used Anthropic’s Opus 4.8 AI model to uncover a critical bug in Zcash, says he will next audit Monero and other privacy-focused cryptocurrencies.
• The Zcash flaw, hidden in the Orchard privacy pool since May 2022, could have allowed unlimited counterfeit ZEC to be minted undetected and prompted an emergency fix by June 1 after its discovery on May 29.
• Hornby, hired by nonprofit developer Shielded Labs to find protocol bugs before attackers do, disclosed the vulnerability instead of exploiting it and plans to seek a Zcash coinholder grant to fund further work.

In this article

BTCBTC$61,215.43◢2.53%

Monero, which trades under the ticker XMR, is among the largest privacy-focused cryptocurrency and hides transaction details by default compared to Zcash, where users can either either transparent or shielded addressed.

Hornby found the Zcash flaw on May 29. The bug, in the blockchain’s Orchard privacy pool, had gone undetected since May 2022 and could have let an attacker mint unlimited, undetectable counterfeit ZEC. Shielded Labs, a nonprofit developer on the network, disclosed it on Thursday and pushed through an emergency fix by June 1.

Zcash fell 38% over the following 24 hours amid fallout and concerns about a hacker possibly stealing money from the shielded pool – without leaving any detectable trace – over the past few years.

Hornby, hired by Shielded Labs in April to find protocol bugs before attackers could, said he reported the flaw rather than exploit it because the Zcash developers were “like family” and he could “not live with that kind of betrayal.”

He plans to apply for a Zcash coinholder grant to fund further work.