According to reporting by The Block and Gizmodo, independent researcher Taylor Hornby discovered a critical soundness bug in Zcash's Orchard shielded-pool circuit on May 29, 2026. Per those reports and coverage summarized by Lets Data Science, Hornby used Anthropic's Claude Opus 4.8 together with a custom AI tool to produce a working exploit that minted counterfeit ZEC in a local test environment. Following private disclosure, developers pushed an emergency soft fork on June 2 that disabled Orchard and then deployed the NU6.2 hard fork on June 3 to re-enable Orchard with a corrected circuit, per the Zcash Foundation. According to the Zcash Foundation, there is no evidence of exploitation or unauthorized value creation. ZEC experienced an intraday drop of roughly 37%, then recovered much of the loss, per market reports.
What happened
According to The Block and Gizmodo, independent security researcher Taylor Hornby discovered a critical soundness vulnerability in the Orchard shielded-pool circuit of Zcash on May 29, 2026. Per those outlets and coverage compiled by Lets Data Science, Hornby used Anthropic's Claude Opus 4.8 alongside a custom AI-assisted tool to develop a working exploit that minted counterfeit ZEC in a local test environment.
Technical details (reported facts)
Per The Block and statements summarized by the Zcash Foundation, the flaw was an under-constrained element in the Orchard zero-knowledge proof circuit (in the halo2_gadgets code) that allowed mathematically invalid inputs to pass an elliptic-curve check intended to reject them. The vulnerability dated back to Orchard's launch in May 2022, according to reporting.
Emergency response (reported facts)
According to the Zcash Foundation and multiple outlets, the issue was privately disclosed and the ecosystem coordinated an emergency two-stage response: a soft fork on June 2 that disabled Orchard, followed by the NU6.2 hard fork on June 3 that re-enabled Orchard with a corrected circuit. Coverage and the Zcash Foundation reported no evidence of exploitation or unauthorized value creation. Market reports attribute an intraday ZEC price drop of about 37% before partial recovery.
Editorial analysis: technical context: AI models are increasingly used as automated audit assistants, providing pattern recognition and code-synthesis capabilities that can shorten the path from vulnerability hypothesis to exploit proof-of-concept. Industry reporting frames this incident as another example where frontier models accelerated discovery and exploit development in a high-complexity cryptographic codebase.
Industry context
implications for practitioners: Companies and auditors using large models for security work should treat model-assisted findings as powerful but requiring traditional verification. Observed patterns in similar incidents show that AI can surface subtle mathematical constraints that human reviewers might miss, while also making exploit prototyping faster.
What to watch
Monitor post-mortem disclosures from the Zcash Foundation and the Orchard code maintainers for a detailed vulnerability timeline and patch diff. Observers should also track audit tooling updates that integrate model-assisted discovery with reproducible, reviewed test harnesses.
Scoring Rationale #
The incident is notable for combining a critical cryptographic vulnerability with AI-assisted discovery and a fast, coordinated protocol fix; it matters to security engineers and blockchain practitioners.
Practice with real FinTech & Trading data
90 SQL & Python problems · 15 industry datasets
[Active Verified Users by Income TierEasy](/problems/sql/active-verified-users-by-income)
[Technology Stocks with High BetaMedium](/problems/sql/technology-stocks-with-high-beta)
[Portfolio Performance ScorecardHard](/problems/sql/portfolio-performance-scorecard)
250 free problems · No credit card
See all FinTech & Trading problems