Organized by: Felix, PANews
On June 5, Zcash founder Zooko Wilcox disclosed on platform X that security researcher Taylor Hornby discovered an extremely serious forgery vulnerability in the Zcash Orchard privacy pool on May 29. This vulnerability theoretically allows attackers to bypass system restrictions and mint forged ZEC tokens in unlimited quantities, and due to the cryptographic characteristics of the privacy pool, this type of attack is very difficult to detect by conventional means. Moreover, this vulnerability has existed since the Orchard was enabled in May 2022.
The Zcash Open Development Lab (ZODL) responded urgently upon learning of the situation and patched the vulnerability on June 1. Currently, the Zcash network has resumed normal operation, and official and on-chain data indicate that user funds, privacy data, and the total supply cap of 21 million coins have not been materially affected.
Although Zooko emphasized that the likelihood of forgery occurring in the more than four years before the vulnerability was fixed is low, the market does not seem to have alleviated its concerns. Coingecko data shows that after the announcement, the price of the ZEC token plummeted, dropping more than 30% in 24 hours.
Using AI to Write Programs to Identify Vulnerabilities
The discovery of the vulnerability utilized the latest AI-assisted security auditing technologies alongside traditional security research methods.
On May 28, shortly after Anthropic released the Opus 4.8 model, Taylor used it to conduct a highly targeted review of the Orchard circuit. Taylor wrote a complete exploit program using Opus 4.8. When tested in his local regtest environment, this program was able to generate an unlimited and undetectable amount of forged ZEC. If he ran the same tool on the Zcash mainnet, it would generate unlimited and undetectable forged ZEC in his mainnet Zcash wallet.
This vulnerability is related to an insufficiently constrained element in the Orchard circuit. Due to the insufficient constraints of this element, attackers can input any incorrect value into the elliptic curve multiplication, and the multiplication check can still pass.
Especially tricky is that due to the privacy features of Orchard and the nature of the vulnerability itself, it can't solely be determined through cryptography whether such an exploit occurred before the vulnerability was discovered and patched.
Has ZEC Been Maliciously Minted?
Are user funds safe? Has there been malicious minting? This may be the market’s most concerned question. Zooko assessed that several factors could “prove” that there has been no malicious minting.
Firstly, the vulnerability has evaded scrutiny from numerous cryptographers for many years. Secondly, this discovery was not accidental, but rather the result of the team deliberately seeking such vulnerabilities, and attackers typically “would not” be aware. Additionally, Taylor employed the latest AI tools exclusively available to white hat security researchers, along with a complex custom AI framework and prompt system, completing the task ahead of potential attackers. After the vulnerability was discovered, ZODL and the Zcash ecosystem quickly patched it, shortening the window of exploitability.
Therefore, before the vulnerability was fixed, very few people had the ability and opportunity to discover and exploit this vulnerability. This conclusion is also acknowledged by some individuals.
Helius CEO mert believes that while it is impossible to directly prove in the short term whether the vulnerability has been exploited, it can be proven whether there are forgery issues if a future turnstile is triggered or if a migration to a new verifiable privacy pool occurs. Furthermore, the Zcash team has been increasingly using advanced tools and hiring external security companies for audits, which has improved security to some extent. The Zcash ability to discover and immediately fix the vulnerability is the result of ongoing security work and even a positive development.
However, BitMEX co-founder Arthur Hayes holds an opposing view and has publicly stated that he has liquidated his ZEC holdings. Hayes stated that despite the extremely low probability of malicious minting, it cannot be formally proven impossible through cryptographic methods. Protecting privacy from AI, government, and big tech companies demands perfection, not a very low probability. He also indicated that if future hypotheses are disproven, he does not rule out repurchasing at a lower price.
Proposing a Network Upgrade to “Prove” No Forgery Exists
Currently, views on the Zcash Orchard pool vulnerability incident vary in the market. However, to prove the integrity of the Zcash supply, the nonprofit core development organization focused on the Zcash ecosystem, Shielded Labs, stated it is collaborating with other Zcash developers to explore a network upgrade plan aimed at allowing anyone to verify the integrity of the Zcash supply and “prove” that no forged Zcash exists in the Orchard pool. This plan involves deploying a new protected pool and enforcing a “turnstile accounting” mechanism on all tokens in the Orchard pool. Details of the proposal will be announced next week.
Additionally, Shielded Labs stated it is starting a project aimed at formally verifying the Orchard circuit, attempting to write mathematical proofs that “prove” there are no undiscovered vulnerabilities within it.
Whether Zcash can successfully navigate this vulnerability crisis remains uncertain. However, the handling process of this crisis event will provide important references for security practices in the field of encryption privacy.
Related Reading: Variant: Bitcoin, Ethereum, and ZCash are Highly Likely to Become Major Forms of Value Storage
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
