How One Guy Used Claude Code to Discover a Billion-Dollar Bug

Taylor Hornby, a safety researcher who works with Shielded Labs, found a bug on May 29, 2026 – simply someday after Anthropic launched Opus 4.8- that resulted in billions of {dollars} faraway from the mission’s market capitalization.

The flaw affected a shielded pool inside the protocol’s design that powered non-public Zcash transactions, and was severe sufficient to set off an emergency response throughout the complete ecosystem. It resulted in a sudden sell-off that noticed ZEC’s value crash by roughly 60%, thereby erasing greater than $4 billion in market cap.

The brief model of the story is comparatively easy: a lacking constraint in Zcash’s Orchard circuit might have allowed a malicious prover to spend the identical shielded word many instances over whereas producing completely different nullifiers. In apply, this implies an attacker might have inflated ZEC inside the Orchard pool with out leaving an on-chain fingerprint.

The scary half is that this bug has existed since Orchard went dwell, and this occurred in May 2022. Therefore, the overall publicity window lasted for round 4 years, earlier than it was in the end patched shortly after Hornby found it.

AI Helped Find The Critical Vulnerability

This story isn’t simply concerning the flaw, however the way in which it was discovered.

Hornby mentioned he used a {custom} “zcash-full-stack-auditor” agent framework with Claude Opus 4.8. It was designed to work at most effort and was pointed on the halo2 implementation, together with the Orchard circuit. The AI was trying to find soundness and zero-knowledge safety points.

The researcher reported that round 6 p.m. on May 29, one of many audit brokers flagged a vulnerability that it believed might be used to double-spend Orchard notes. Hornby then used Claude to assist write proof-of-concept code towards a comparable circuit, earlier than testing the problem towards the true Orchard circuit.

Testing the Exploit with Claude

Hornby later constructed a full check in Zcash’s native regtest mode, the place the exploit doubled the worth of an Orchard word till the check pockets stability exceeded 10 million ZEC. These transactions had been by no means broadcast to mainnet or testnet, after all, however the check itself was important as a result of regtest applies the very same validation guidelines, that means that it might have been achieved on mainnet with the identical diploma of success.

Per the official disclosure, the total PoC took roughly six hours to develop utilizing Claude Code’s assist. Hornby mentioned the mannequin wanted comparatively little steering past a few hints.

Of course, it’s vital to perceive that this doesn’t imply that AI independently “hacked Zcash.”

Taylor Hornby is a famend specialist safety researcher. That audit was focused, and the instruments had been custom-built.

Still, the case reveals how some frontier AI fashions are starting to considerably cut back the time required to examine extremely advanced, technical programs.

The publish How One Guy Used Claude Code to Discover a Billion-Dollar Bug appeared first on CryptoPotato.