A critical flaw in Zcash's Orchard privacy pool, present for four years, was recently discovered by security researcher Taylor Hornby using Claude Opus 4.8. The vulnerability could have allowed for the undetectable creation of counterfeit Zcash coins, as reported by Security Affairs.The bug, which existed from Orchard's activation in May 2022 until an emergency fix on June 1, 2026, involved a flawed validation check for transaction inputs. This flaw could have enabled attackers to inject false inputs, generating counterfeit ZEC that would be validated as legitimate by the zero-knowledge proof system. Due to the privacy features of the Orchard pool, it is impossible to definitively determine if the vulnerability was exploited during its existence. The Zcash team believes exploitation was unlikely given the complexity of the bug and the time it remained undetected, but is proposing a network upgrade called "turnstile accounting." This upgrade would involve deploying a new shielded pool and verifying all existing Orchard coins through a checkpoint to expose any counterfeit supply.The discovery highlights the potential for advanced AI models to uncover previously unknown vulnerabilities in cryptographic systems, raising concerns about the security of systems not yet tested against such tools.Source: Security Affairs
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds