The privacy coin Zcash (ZEC) has plummeted by 60% after the disclosure of a critical vulnerability.
The bug could have allowed attackers to mint an infinite amount of counterfeit coins.
The flaw, which sat undetected in the Orchard pool since May 2022, was recently exposed by a security researcher utilizing Anthropic's Claude Opus 4.8 AI model.
HOT Stories Why Did Zcash Crash 43%? Breaking Down Latest Move Bitcoin (BTC), Ethereum (ETH), Stellar (XLM) and Toncoin (TON) Price Analysis for June 5: Bulls Must Overtake Control
Claude's powerful model
On May 29, security engineer Taylor Hornby discovered the critical counterfeiting vulnerability in Zcash’s Orchard pool during a targeted review using the newly released Opus 4.8 model.
The vulnerability involved an under-constrained element of the Orchard circuit, allowing arbitrary false inputs to pass elliptic curve multiplication checks.
With the help of the AI, Hornby built a working exploit that successfully generated unlimited, undetectable counterfeit ZEC in a local test environment.
ZODL engineers and the Zcash ecosystem acted quickly, successfully patching the vulnerability via an emergency hard fork between June 1 and June 3.
When privacy can be a downside
Given that privacy coins obscure balances, there is no way to scan the chain for abuse or cryptographically prove whether the vulnerability was actually exploited. A similar class of bug previously hit Zcash in 2019 and also went undetected for years.
Shielded Labs believes that prior exploitation is unlikely due to the bug's complexity and the speed of the patch, but they cannot definitively prove the integrity of the supply using only cryptography.
Developers are exploring a network upgrade that involves a new shielded pool and "turnstile accounting" to verify the Zcash supply and prove the non-existence of counterfeit coins. The team is also initiating a project to formally verify the Orchard circuit with a mathematical proof and is opening a search for a new Head of Security and a Cryptographer.
Community reaction
BitMEX co-founder and prominent cryptocurrency figure Arthur Hayes has announced the liquidation of his entire Zcash (ZEC).
However, there were those who started defending Zcash. Tyler Winklevoss emphasized that software vulnerabilities are inevitable. He has stated that security is a "never-ending race between the good guys and the bad guys".
Meanwhile, Digital Currency Group founder Barry Silbert fiercely defended the development team, expressing that he is "proudly on Team Zcash". Silbert criticized individuals who framed the situation negatively (without directly naming Hayes).
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
