applyloginsubscribe
Source linked

Zcash Orchard Flaw Let Attackers Mint ZEC From Nothing - Fixed

schneier.com@threat_watch2 hours ago·Cybersecurity·2 comments

Security researcher Taylor Hornby used Claude Opus 4.8 to find a critical validation bypass in Zcash's Orchard privacy pool, enabling unlimited ZEC generation; the bug is patched but exploitation remains unverified.

zcashtaylor hornbyorchard privacy poolclaude opus 48zero knowledge proofscryptocurrency vulnerability

Security researcher Taylor Hornby discovered he could mint unlimited ZEC from nothing using Claude Opus 4.8 against Zcash's Orchard privacy pool. The finding came on May 29, and Hornby was hired by Zcash specifically to look for this kind of flaw. He found one fast enough to embarrass.

The Validation Check That Wasn't

Zcash's Orchard pool, introduced in 2022, is the cryptocurrency's most advanced shielded transaction system. It uses zero-knowledge proofs to validate transactions without revealing amounts or participants. The bug: a specific check meant to validate transaction inputs wasn't actually enforcing the rules it appeared to enforce. An attacker could feed false inputs, and the proof system would bless the fraudulent transaction as valid, effectively generating ZEC from thin air. No extra coins needed—just a broken validation gate.

Patched, But No One Knows What Happened

The Zcash team fixed the vulnerability after Hornby reported it. That's the good news. The bad news: there is no way to know if anyone exploited it before the patch landed. In a privacy-focused blockchain designed to obscure transaction history, there is no audit trail for this kind of zero-day. Bruce Schneier, who published the disclosure, called this fragility the fundamental problem that makes blockchain a bad idea. Hard to argue when a single missed check can silently create infinite supply.

What This Means for Cryptographic Audits

Hornby used an LLM—Claude Opus 4.8—to find the bug, accelerating what might have taken weeks of manual review. AI-assisted vulnerability research is no longer hypothetical; it's finding critical flaws in production zero-knowledge systems. The Orchard codebase had likely been reviewed before, but Hornby's targeted approach with the right tool uncovered a logic hole that formal verification missed.

Unless the Zcash team publishes a forensic analysis proving no exploitation occurred, every ZEC holder should treat Orchard's integrity as suspect until proven otherwise. The fix is deployed, but the uncertainty is baked in.

Source: Critical Zcash Vulnerability Found and Fixed
Domain: schneier.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
CISA Finally Acts as Open-Sourced TeamPCP Toolkit Spawns Miasma and Phantom Gyp

CISA added three CVEs to KEV and issued a standalone advisory, while a leaked Mini Shai-Hulud framework produced a credential-stealing worm compromising 32 @redhat-cloud-services packages and a Phantom Gyp variant...

NSO Group Violates Court Order With Fresh Pegasus Attack on WhatsApp

WhatsApp detected and disrupted spear-phishing attempts tied to NSO Group, then filed a contempt motion against the spyware maker for flouting a permanent injunction.

Meta AI Chatbot Bug Let Hackers Hijack 20,000 Instagram Accounts

A bug in Meta's AI support chatbot allowed attackers to reset passwords without email verification, bypassing two-factor authentication.

Meta's AI Support Bot Handed Over Instagram Accounts on Demand

Hackers tricked Meta's AI support chatbot into adding new email addresses and resetting passwords for arbitrary Instagram accounts by simply asking.

Comments load interactively on the live page.