{"id":613576,"date":"2026-06-05T13:20:00","date_gmt":"2026-06-05T13:20:00","guid":{"rendered":"https:\/\/buglecall.org\/?p=613576"},"modified":"2026-06-05T13:20:00","modified_gmt":"2026-06-05T13:20:00","slug":"zec-crashes-as-zcash-admits-critical-counterfeiting-vulnerability-exposed-by-claude-3","status":"publish","type":"post","link":"https:\/\/buglecall.org\/?p=613576","title":{"rendered":"ZEC Crashes As Zcash Admits &#8216;Critical Counterfeiting Vulnerability&#8217; Exposed By Claude"},"content":{"rendered":"<p><span class=\"field field--name-title field--type-string field--label-hidden\">ZEC Crashes As Zcash Admits &#8216;Critical Counterfeiting Vulnerability&#8217; Exposed By Claude<\/span><\/p>\n<div class=\"clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item\">\n<p><a href=\"https:\/\/cointelegraph.com\/news\/zec-tanks-30-after-ai-security-review-discovers-critical-zcash-vulnerability\"><em>Authored by Martin Young via CoinTelegraph.com,<\/em><\/a><\/p>\n<p><em><strong>The price of ZEC fell on Thursday after further details were disclosed of a critical counterfeiting vulnerability in Zcash\u2019s Orchard pool that could theoretically allow a bad actor to mint an unlimited amount of ZEC.<\/strong><\/em><\/p>\n<p><a data-image-external-href=\"\" data-image-href=\"\/s3\/files\/inline-images\/c-man-falling.jpg?itok=jctfuP5d\" data-link-option=\"0\" href=\"https:\/\/cms.zerohedge.com\/s3\/files\/inline-images\/c-man-falling.jpg?itok=jctfuP5d\"><img fetchpriority=\"high\" decoding=\"async\" data-entity-type=\"file\" data-entity-uuid=\"4d2f5375-e485-4877-b1fb-f4ead26a5ffe\" data-responsive-image-style=\"inline_images\" height=\"334\" width=\"500\" class=\"inline-images image-style-inline-images\" src=\"https:\/\/assets.zerohedge.com\/s3fs-public\/styles\/inline_image_mobile\/public\/inline-images\/c-man-falling.jpg?itok=jctfuP5d\" alt=\"\" \/><\/a><\/p>\n<p>According to a post on X, security engineer Taylor Hornby, who was engaged by <strong>Shielded Labs,\u00a0<a href=\"https:\/\/x.com\/zooko\/status\/2062644925590900980?s=20\">discovered<\/a>\u00a0the bug on May 29 and\u00a0<a href=\"https:\/\/cointelegraph.com\/news\/zcash-orchard-vulnerability-emergency-upgrade\">disclosed it<\/a>\u00a0to the Zcash Open Development Lab (ZODL),<\/strong> which deployed an emergency response to fix the vulnerability with a hard fork activated on June 3.\u00a0<\/p>\n<p>However, there are new concerns about the extent to which the vulnerability, which has existed since May 2022, has been used,\u00a0<a href=\"https:\/\/cointelegraph.com\/markets\/zcash-is-running-its-own-bull-market-zec-price-paints-88-rally-setup\"><u>leading Zcash<\/u><\/a>\u00a0to fall more than 30% over the past 24 hours to $410 at the time of writing. Its market capitalization has shrunk by more than $3 billion.<\/p>\n<p>However, BitMEX co-founder Arthur Hayes\u00a0<a href=\"https:\/\/x.com\/CryptoHayes\/status\/2062723034369458520\"><u>said<\/u><\/a>\u00a0on Friday it is unlikely that ZEC has been illegally minted this way, though he acknowledged \u201cit cannot be formally cryptographically proved impossible.\u201d<\/p>\n<p><strong>\u201cSadly, due to the Orchard Pool exploit, I had to dump our entire ZEC bag,\u201d <\/strong>he said.<\/p>\n<p><em><strong>\u201cThe Holy Trinity is dead,\u201d <\/strong><\/em>he added, referring to Zcash and the two other tokens he sold this week, Hyperliquid (HYPE) and Near Protocol (NEAR).<\/p>\n<p><a data-image-external-href=\"\" data-image-href=\"\/s3\/files\/inline-images\/bfmE868.jpg?itok=bLaK9_ny\" data-link-option=\"0\" href=\"https:\/\/cms.zerohedge.com\/s3\/files\/inline-images\/bfmE868.jpg?itok=bLaK9_ny\"><img decoding=\"async\" data-entity-type=\"file\" data-entity-uuid=\"29508274-41ac-455a-8574-d6eae791ddfa\" data-responsive-image-style=\"inline_images\" height=\"268\" width=\"500\" class=\"inline-images image-style-inline-images\" src=\"https:\/\/assets.zerohedge.com\/s3fs-public\/styles\/inline_image_mobile\/public\/inline-images\/bfmE868.jpg?itok=bLaK9_ny\" alt=\"\" \/><\/a><\/p>\n<p><em>ZEC crashes almost 50% in 24 hours after two months of solid gains.\u00a0<\/em><\/p>\n<h2>Claude assists in bug discovery\u00a0<\/h2>\n<p><strong>Taylor used Claude Opus 4.8, which was released on May 28, a day before the discovery, to assist in a highly targeted review of the Orchard circuit, the cryptographic component underlying Zcash\u2019s Orchard shielded pool.<\/strong><\/p>\n<p>The critical bug allowed false inputs into an elliptic curve multiplication check, which means the math that is supposed to cryptographically verify transactions could be fooled.<\/p>\n<p>Taylor built and tested a working\u00a0<a href=\"https:\/\/cointelegraph.com\/news\/coordinated-crypto-stealer-campaign-trapdoor-detected-targeting-developers\"><u>exploit<\/u><\/a>, which generated unlimited counterfeit ZEC.\u00a0<\/p>\n<p><em><strong>\u201cIf he had run the same tool on Zcash mainnet it would have generated unlimited, undetectable counterfeit ZEC in his mainnet Zcash wallet,\u201d<\/strong><\/em> the security researchers\u00a0<a href=\"https:\/\/x.com\/zooko\/status\/2062644925590900980\"><u>said<\/u><\/a>\u00a0on Friday.\u00a0<\/p>\n<p>The primary concern is that there is no cryptographic way to prove whether anyone had previously exploited it before it was patched, due to Orchard\u2019s privacy properties.\u00a0<\/p>\n<p>However, Shielded Labs was \u201cnot overly concerned\u201d because the bug was subtle enough to evade years of expert review, and the discovery was a deliberate, highly skilled effort using cutting-edge tools and AI.<\/p>\n<p><strong>The firm is working with\u00a0<a href=\"https:\/\/cointelegraph.com\/news\/foundry-digital-launched-zcash-mining-pool\"><u>Zcash<\/u><\/a>\u00a0developers on a proposed network upgrade to allow anyone to verify the integrity of the ZEC supply and to prove the nonexistence of counterfeit tokens in the Orchard pool, they stated.\u00a0<\/strong><\/p>\n<h2>Not the first counterfeiting vulnerability for Zcash<\/h2>\n<p>Mert Mumtaz, co-founder and CEO of Solana tooling firm Helius,\u00a0<a href=\"https:\/\/x.com\/mert\/status\/2062658091431182492\"><u>said<\/u><\/a>\u00a0that almost all privacy protocols have a variant of this same vulnerability.\u00a0<\/p>\n<p><em><strong>\u201cThis same FUD comes back every five months as new people learn how privacy pools work,\u201d <\/strong><\/em>he said.\u00a0<\/p>\n<p>He explained that it is a theoretical risk in most zero-knowledge privacy protocols from circuit bugs that are hard to exploit or detect.<\/p>\n<p>This is not the first time a similar vulnerability in Zcash has been discovered. In 2018, a counterfeiting vulnerability in the cryptography underlying zk-proofs was discovered by the Electric Coin Company, which\u00a0<a href=\"https:\/\/electriccoin.co\/blog\/zcash-counterfeiting-vulnerability-successfully-remediated\/\"><u>remediated it<\/u><\/a>\u00a0with no losses in 2019.\u00a0<\/p>\n<\/div>\n<p>      <span class=\"field field--name-uid field--type-entity-reference field--label-hidden\"><a title=\"View user profile.\" href=\"https:\/\/cms.zerohedge.com\/users\/tyler-durden\" lang=\"\" class=\"username\" xml:lang=\"\">Tyler Durden<\/a><\/span><br \/>\n<span class=\"field field--name-created field--type-created field--label-hidden\">Fri, 06\/05\/2026 &#8211; 09:20<\/span><img decoding=\"async\" src=\"https:\/\/assets.zerohedge.com\/s3fs-public\/styles\/inline_image_mobile\/public\/inline-images\/c-man-falling.jpg?itok=jctfuP5d\" title=\"ZEC Crashes As Zcash Admits &apos;Critical Counterfeiting Vulnerability&apos; Exposed By Claude\" \/><\/p>","protected":false},"excerpt":{"rendered":"<p>ZEC Crashes As Zcash Admits &#8216;Critical Counterfeiting Vulnerability&#8217; Exposed By Claude Authored by Martin Young via CoinTelegraph.com, The price of ZEC fell on Thursday after further details were disclosed of a critical counterfeiting vulnerability in Zcash\u2019s Orchard pool that could theoretically allow a bad actor to mint an unlimited amount of ZEC. According to a&hellip; <a class=\"more-link\" href=\"https:\/\/buglecall.org\/?p=613576\">Continue reading <span class=\"screen-reader-text\">ZEC Crashes As Zcash Admits &#8216;Critical Counterfeiting Vulnerability&#8217; Exposed By Claude<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":613560,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":[],"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[20,23],"tags":[],"class_list":["post-613576","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-economic-empowerment","category-national-security","entry"],"_links":{"self":[{"href":"https:\/\/buglecall.org\/index.php?rest_route=\/wp\/v2\/posts\/613576","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buglecall.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buglecall.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buglecall.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buglecall.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=613576"}],"version-history":[{"count":0,"href":"https:\/\/buglecall.org\/index.php?rest_route=\/wp\/v2\/posts\/613576\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buglecall.org\/index.php?rest_route=\/wp\/v2\/media\/613560"}],"wp:attachment":[{"href":"https:\/\/buglecall.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=613576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buglecall.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=613576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buglecall.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=613576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}