The exploit that nearly broke Zcash originated inside the zero-knowledge proof circuit that powers Orchard, Zcash's newest shielded pool, and the cryptographic core of its private transaction system.
Taylor Hornby, a security researcher at Shielded Labs, found it on May 29 during a targeted protocol security review.
Within hours, ZODL engineers confirmed the flaw, and Zcash executed an emergency soft fork, then a full consensus hard fork, to close it.
According to Shielded Labs, Hornby used Anthropic's Opus 4.8, released the day before on May 28, alongside a custom AI harness and prompts, to produce a complete local exploit in a regtest environment.
If applied to mainnet, the exploit could have generated unlimited counterfeit ZEC within Orchard without detection.
Zcash's official position is that there is no evidence of mainnet exploitation, no unauthorized value creation has been detected, and the 21 million ZEC supply cap stays intact, protected by the turnstile mechanism that tracks value moving between pools.
Shielded Labs holds a harder line, warning that Orchard's privacy properties make it cryptographically difficult to prove the supply was never tampered with, and proposing a further upgrade to route coins through turnstile accounting so anyone can verify integrity directly.
ZEC traded as high as $611 intraday before the disclosure and fell sharply, settling around $421 as the market priced the difference between “patched” and “proven clean.”
The broader frame is that AI-assisted exploits are moving from targeting DeFi protocols to directly affecting the money layer.
The bug that required a consensus upgrade
Orchard's proof circuit contained a soundness bug: a proof system accepted something it should have rejected, and fixing it required updating the pinned verifying key embedded in the circuit.
The update process constitutes a consensus-level change and demands coordinated network agreement between miners, exchanges, wallet providers, and infrastructure operators, all moving together on a compressed timeline.
The emergency soft fork was activated at 02:00 UTC on June 2 at block 3,363,426, temporarily disabling Orchard actions.
The NU6.2 hard fork followed on June 3 at 00:05 EDT at block 3,364,600, replacing the circuit and restoring full Orchard functionality. Zcash coordinated the response in secret and under market stress while the chain kept running, and the remediation timeline from discovery to hard-fork activation was less than 5 days.
AI at the money layer
Opus 4.8 launched with improved coding and reasoning benchmarks, and Shielded Labs says Hornby used it alongside a custom AI harness to conduct a targeted review of the Orchard circuit, producing a working local exploit that would have functioned on mainnet.
Zcash has not independently verified the specific role of AI in the research process, but the claim fits a pattern that extends well beyond Zcash.
In February 2026, Octane disclosed that its AI found a high-severity bug in Nethermind, an Ethereum execution client, that could have caused local block production to stop for roughly 38% of Ethereum validators. The vulnerability was patched before it was exploited and was rooted in client infrastructure.
A January 2026 arXiv paper on AI-agent exploit generation found a 63% success rate on a smart contract benchmark, app-layer research demonstrating the same compression of the vulnerability discovery loop that Orchard and Nethermind now show one level deeper.
| Layer | Old AI/security focus | 2026 examples | Why it matters |
|---|---|---|---|
| App layer | Smart contracts, DeFi protocols, bridges | AI-agent exploit generation benchmark with 63% success rate | Protocol-specific losses |
| Client infrastructure | Execution clients, validators, node software | Octane AI finding Nethermind bug affecting roughly 38% of validators | Could impair chain liveness |
| Proof / money layer | ZK circuits, supply accounting, validity rules | Zcash Orchard soundness bug | Could affect whether private money is valid |
| Operational control layer | Keys, wallets, access systems | TRM / Hacken trend toward keys, wallets, control planes | Attacks bypass contract code entirely |
TRM Labs' 2026 Crypto Crime Report counted $2.87 billion stolen across nearly 150 hacks in 2025, with adversaries concentrating attacks on keys, wallets, and control planes. These are the operational and cryptographic infrastructure beneath the contract code, where the Zcash and Nethermind disclosures sit.
The prove-the-negative problem
Public blockchains make money auditable by design, with every transaction visible, every balance derivable from the chain state.
Privacy coins invert that guarantee, and Zcash's entire value proposition is that Orchard balances and transaction amounts stay hidden from outside observers.
That inversion creates a tension when a soundness bug appears in the proof circuit, since the same privacy that protects users also makes it impossible to scan Orchard's history for evidence of counterfeit value.
Zcash Foundation's answer is the turnstile mechanism, which tracks aggregate value flows entering and leaving each shielded pool without revealing individual transactions.
Turnstile analysis found no evidence of unauthorized value creation in the window before remediation. Shielded Labs' proposed next upgrade would route existing Orchard coins back through turnstile accounting, creating an on-chain record that anyone could verify, converting a probabilistic assurance into a cryptographic one.
Until that upgrade completes, the window between “no detected exploitation” and “provably clean supply” persists.
If AI-assisted security reviews become standard practice for base-layer infrastructure, including proof circuits, consensus clients, validator logic, and supply-accounting mechanisms, the Zcash incident serves as a proof-of-process.
AI found a deep flaw, coordinated disclosure contained it, and a proposed follow-on upgrade closes the epistemic gap.
Octane's Nethermind disclosure follows the same template, and the chains that build coordinated response capacity around AI-assisted audits absorb these findings before adversaries can reach them.
Hacken's report for the first quarter logged $482.6 million in stolen funds across 44 incidents, with wallet compromises overtaking code bugs in value in major DeFi incidents.
AI-assisted adversaries operate without disclosure obligations, and that same infrastructure layer is where attacks are already concentrating. A researcher with Hornby's toolkit and malicious intent who finds a comparable flaw before the defenders do faces a target whose privacy properties prevent post hoc detection.
ZEC's sharp intraday move after disclosure reflects that the market has already priced in a patched bug in a privacy coin's proof circuit, leaving a residual confidence discount that no press release can fully close, because the assurance the system needs to provide is the hardest for a privacy system to give.
Consensus clients, proof circuits, and supply rules are the layer AI-assisted research reached in 2026, and every major chain's security posture now needs to account for a threat model that did not exist when those systems were designed.
The post AI-assisted Zcash flaw exposes the supply integrity gap an emergency fork could not fully close appeared first on CryptoSlate.
