The engineer who uncovered the four-year Zcash vulnerability: Monero (XMR) also needs an audit

Discovering a critical vulnerability in Zcash Orchard shielded pools, security engineer Taylor Hornby announced that Monero (XMR) has been added to the next audit target, with plans to expand security reviews for privacy coin projects in the future.
(Background: ZEC plummeted 48% below $250: Opus 4.8 uncovered Zcash's infinite minting bug, Arthur Hayes liquidated his holdings)
(Additional context: Zcash was offline for over 4 hours: after an emergency fork, block height 3,364,601 was stuck, worsening governance crisis)

Summary of key points

• Hornby announced Monero has entered the audit queue, expanding the scope of privacy coin security reviews
• Previously, using Opus 4.8 with a custom framework, he uncovered a four-year latent infinite minting vulnerability in Zcash in less than a day
• Hornby chose to report the vulnerability rather than profit from it, planning to apply for Zcash community funding to continue security research

The day after Anthropic released Opus 4.8 at the end of May, Hornby put it into Zcash auditing. His custom framework, "zcash-full-stack-auditor," combined with this latest model, identified a critical flaw lurking in Orchard shielded pools within 24 hours: the variable-base scalar multiplication gadget used in elliptic curve operations in Orchard circuits lacked sufficient constraints, allowing an attacker to forge inputs that bypass zero-knowledge proof verification, enabling unlimited, undetectable fake ZEC minting.

Hornby is the founder of Defuse Security and a member of the Zcash Foundation board. In April, he was hired as a part-time security consultant by non-profit organization Shielded Labs, with a three-month contract to find protocol vulnerabilities before attackers do. On the night of May 29, he reported the issue to ZODL core engineers. Shielded Labs immediately initiated emergency patches; on June 2, a soft fork via Zebra 4.5.3 halted all Orchard transactions; on June 3, NU6.2 hard fork fixed the bug and permanently closed the vulnerability.

Previous audits using Opus 4.7 with generic prompts failed to detect this bug. The difference lies in Hornby’s custom framework, which offers highly targeted hint strategies—not just model upgrades, but a combination of human input and tools.

ZEC plummets and moral dilemma

After the vulnerability was disclosed, ZEC suffered a heavy blow, dropping 48.51% within 24 hours to a low of $250, with liquidation volume exceeding $116 million, affecting over 19,000 traders. Arthur Hayes liquidated all his ZEC holdings, citing that "privacy assurance requires certainty, not possibility."

Despite having conditions that could have allowed profit from the vulnerability, Hornby chose to report it rather than exploit it, stating, "I cannot accept such betrayal."

Zcash founder Zooko Wilcox said the actual likelihood of the vulnerability being exploited was extremely low, but due to Orchard’s privacy architecture, cryptographically, it’s impossible to prove whether anyone minted fake coins over the four years.

Monero now on the audit list

Hornby is now turning his attention to Monero (XMR), announcing that it has been added to the audit queue, with plans to conduct security reviews on more privacy coin projects in the future. He is also preparing to apply for Zcash community funding to support ongoing security research.

The Monero community is also active; concurrently, Trail of Bits has been commissioned to audit the FCMP++ (Full-Chain Membership Proofs) integration plan. But Hornby’s involvement signifies another independent audit effort, using the same AI-assisted methodology that uncovered the Zcash bug, to analyze Monero’s cryptographic foundations.

Frequently Asked Questions

Who is Taylor Hornby? Why is he auditing Zcash?

Hornby is the founder of Defuse Security and a member of the Zcash Foundation board. In April, he was hired as a part-time security consultant by Shielded Labs, using Anthropic Opus 4.8 combined with his custom framework to audit Zcash circuit vulnerabilities.

What is the Zcash Orchard vulnerability?

The elliptic curve multiplication component in Orchard circuits lacked sufficient constraints, allowing an attacker to forge inputs that bypass zero-knowledge proof verification, enabling unlimited, undetectable fake ZEC minting. The vulnerability had been latent since May 2022, and was fixed on June 3, 2026.