A critical vulnerability lurking in the Zcash privacy cryptocurrency for four years has been uncovered with the help of an AI system — but the same privacy architecture that defines the coin means there may be no way to determine whether anyone ever exploited it.
Security researcher Taylor Hornby identified the flaw on 29 May in Zcash's Orchard shielded pool, according to a report by Security Affairs. Hornby had been contracted by the Electric Coin Company, the organisation behind Zcash, specifically to hunt for this class of vulnerability. He used Claude Opus 4.8, Anthropic's large language model, as part of the auditing process.
A Supply-Inflation Bug Hiding in Plain Sight
The vulnerability would have allowed an attacker to mint counterfeit Zcash tokens without detection. Because Zcash uses zero-knowledge proofs to shield transaction details — the very feature that gives it privacy-preserving capabilities — forged coins would be indistinguishable from legitimately mined ones on the blockchain. The bug sat in the Orchard protocol, the latest iteration of Zcash's privacy technology, since its introduction roughly four years ago.
The Zcash team has since deployed a patch. However, the question of whether the flaw was previously weaponised remains open and, given the cryptographic design, potentially unanswerable.
Why This Matters Beyond Cryptocurrency
The discovery carries weight for the broader open-source and security communities in several ways.
AI as a practical auditing partner. This is not a theoretical exercise. A major language model played a direct role in finding a real, high-severity cryptographic flaw. For security teams and independent auditors, it signals that AI-assisted code review is moving from experimental to operational. That said, human expertise was clearly central: Hornby directed the investigation and interpreted the results. AI amplified the process; it did not replace judgment.
The privacy-detectability paradox. Zero-knowledge proofs are celebrated for protecting user confidentiality, but that same opacity can conceal exploitation. For developers working with privacy-enhancing technologies, this is a structural trade-off that demands careful architectural thinking — not just during implementation, but in designing monitoring and integrity-checking mechanisms.
Open-source cryptographic trust. A four-year-old inflation bug in a high-profile, well-funded privacy coin raises uncomfortable questions about the adequacy of prior security audits across similar projects. Any team maintaining or depending on open-source cryptographic libraries should treat this as a prompt to revisit their own review cycles.
An Open Question With No Clean Answer
Whether the Zcash supply was ever tampered with during those four years is a question that may never be resolved. The Electric Coin Company has not published a definitive retroactive supply integrity analysis. For holders and exchanges, this ambiguity itself is consequential.
For developers and sysadmins involved in blockchain infrastructure, financial technology, or compliance tooling, the episode underscores a practical lesson: long-lived bugs in cryptographic systems are not hypothetical risks. They are real, they persist, and the tools to find them are becoming more accessible. The question is whether organisations are investing in systematic, ongoing audits rather than one-off reviews.
The combination of AI-assisted analysis and human cryptographic expertise may represent the most promising path forward. But as this case demonstrates, even with the right tools, some answers arrive too late to be definitive.
一個潛伏在隱私加密貨幣 Zcash 中長達四年的嚴重漏洞,在人工智能系統的協助下被揭露——然而,正是定義了該貨幣的隱私架構,意味著可能永遠無法確定是否曾有人利用過它。
根據 Security Affairs 的一份報告,安全研究員 Taylor Hornby 於 5 月 29 日在 Zcash 的 Orchard shielded pool 中發現了此漏洞。Hornby 是受 Zcash 背後的組織 Electric Coin Company 僱用,專門搜尋此類漏洞。他使用了 Anthropic 的大型語言模型 Claude Opus 4.8 作為審計過程的一部分。
隱藏在顯眼處的供應量通脹漏洞
該漏洞本可允許攻擊者鑄造偽造的 Zcash 代幣而不被察覺。由於 Zcash 使用零知識證明來隱藏交易細節——這正是賦予其隱私保護能力的特性——偽造的貨幣在區塊鏈上將與合法挖出的貨幣無法區分。此漏洞存在於 Zcash 隱私技術的最新迭代版本 Orchard 協議中,自大約四年前引入以來一直存在。
Zcash 團隊隨後已部署了修補程式。然而,關於此漏洞先前是否曾被武器化的問題仍然懸而未決,並且鑒於其密碼學設計,這個問題可能永遠無法解答。
超越加密貨幣的重要性
這項發現對更廣泛的開源和安全社群具有多方面的重要意義。
人工智能作為實際的審計合作夥伴。 這並非理論演習。一個主要的語言模型在發現一個真實、高嚴重性的密碼學漏洞中發揮了直接作用。對於安全團隊和獨立審計師而言,這表明人工智能輔助的代碼審查正從實驗階段轉向實際運營。話雖如此,人類的專業知識顯然仍是核心:Hornby 主導了調查並解讀了結果。人工智能放大了這一過程;它並未取代判斷力。
隱私與可偵測性的悖論。 零知識證明因保護用戶私隱而備受推崇,但同樣的不透明性也可能掩蓋利用行為。對於從事隱私增強技術的開發人員來說,這是一個結構性的權衡,需要謹慎的架構思考——不僅在實施期間,還需在設計監控和完整性檢查機制時予以考慮。
開源密碼學的信任問題。 在一個高知名度、資金充足的隱私幣中出現一個存在四年的通脹漏洞,這引發了令人不安的問題,即先前在類似專案中的安全審計是否足夠。任何維護或依賴開源密碼學 library 的團隊都應將此視為一個契機,重新審視自己的審查週期。
一個沒有明確答案的開放性問題
在過去四年中,Zcash 的供應量是否曾被篡改,這個問題可能永遠無法得到解答。Electric Coin Company 尚未發佈明確的回溯性供應完整性分析報告。對於持有者和交易所而言,這種模糊性本身就具有重大影響。
對於參與區塊鏈基礎設施、金融科技或合規工具開發的開發人員和系統管理員而言,這一事件凸顯了一個實際的教訓:密碼學系統中長期存在的漏洞並非假設性的風險。它們是真實的,持續存在,而發現它們的工具正變得更加普及。問題在於,各機構是否正在投資於系統性、持續性的審計,而非一次性檢查。
人工智能輔助分析與人類密碼學專業知識的結合,可能代表了最有希望的前進道路。但正如本案例所示,即使擁有合適的工具,有些答案來得太遲,無法獲得明確的結論。