Zcash was found to have a vulnerability in its issuance scheme by AI, causing ZEC to plummet by over 30% amid a crisis of confidence.

Felix
Felix
  • On June 5, Zcash founder disclosed a critical counterfeiting vulnerability in the Orchard privacy pool, found on May 29.
  • The flaw could have allowed unlimited forging of ZEC tokens, undetectable due to privacy features; it existed since May 2022 and was fixed on June 1.
  • Market panic caused ZEC price to drop over 30%, though no evidence of exploitation was found.
  • The vulnerability was discovered using advanced AI tools; it involved a weak constraint in the Orchard circuit.
  • Zooko and others argue exploitation was unlikely due to the flaw's obscurity and fast fix, but critics like Arthur Hayes sold all ZEC citing lack of cryptographic proof.
  • Shielded Labs plans an upgrade to enable supply verification and formal circuit verification to restore trust.
Summary

Compiled by: Felix, PANews

On June 5th, Zcash founder Zooko Wilcox disclosed on the X platform that security researcher Taylor Hornby discovered a critical forgery vulnerability in the Zcash Orchard privacy pool on May 29th. This vulnerability theoretically allows attackers to bypass system restrictions and mint an unlimited number of counterfeit ZEC tokens. Due to the cryptographic nature of the privacy pool, this attack is extremely difficult to detect using conventional methods. Furthermore, this vulnerability has existed since Orchard was enabled in May 2022.

Upon learning of the vulnerability, the Zcash Open Development Lab (ZODL) responded urgently and patched it on June 1st. Currently, the Zcash network has returned to normal operation, and official and on-chain data show that user funds, privacy data, and the total supply limit of 21 million Zcash tokens have not been substantially affected.

Despite Zooko's emphasis that the likelihood of forgery occurring before the vulnerability was patched (over four years ago), the market does not seem to have dispelled its concerns. Coingecko data shows that after the news was announced, the price of ZEC tokens plummeted, dropping more than 30% in 24 hours.

Using AI to write programs to identify vulnerabilities

The vulnerability was discovered using the latest AI-assisted security auditing technology as well as traditional security research methods.

Shortly after Anthropic released the Opus 4.8 model on May 28th, Taylor used it for a highly targeted review of Orchard circuits. Taylor wrote a complete exploit using Opus 4.8. When tested on his local regtest environment, the program was able to generate an unlimited amount of undetectable counterfeit ZEC. If he ran the same tool on the Zcash mainnet, it generated an unlimited amount of undetectable counterfeit ZEC in his mainnet Zcash wallet.

This vulnerability relates to an insufficiently constrained component in the Orchard circuit. Due to this insufficient constraint, an attacker could input arbitrary incorrect values ​​into elliptic curve multiplication, and the multiplication check would still pass.

What's particularly challenging is that, due to Orchard's privacy features and the nature of the vulnerability itself, cryptography alone cannot determine whether such exploitation occurred before the vulnerability was discovered and patched.

Has ZEC been maliciously over-issued?

Are users' funds safe? Has there been any malicious issuance? These are perhaps the market's biggest concerns. Zooko's assessment suggests that several factors can "prove" that there has been no malicious issuance.

First, this vulnerability had evaded scrutiny by numerous cryptographers for years. Second, this discovery was not accidental; the team deliberately sought out such vulnerabilities, ones attackers typically wouldn't be aware of. Furthermore, Taylor utilized state-of-the-art AI tools usually only available to white-hat security researchers, along with a sophisticated custom AI framework and hint system, completing the task before attackers could react. After the vulnerability was discovered, the ZODL and Zcash ecosystems quickly patched it, shortening the exploitable window.

Therefore, before the vulnerability is patched, few people have the ability or opportunity to discover and exploit it. This conclusion is also accepted by some people.

Helius CEO Mert believes that while it's impossible to directly prove whether the vulnerability has been exploited in the short term, triggering a turnstile or migrating to a new verifiable privacy pool in the future could prove the existence of forgery issues. Furthermore, the Zcash team's increasing use of advanced tools and hiring external security firms for audits has also improved security to some extent. Zcash's ability to discover and immediately fix this vulnerability is a result of ongoing security efforts and is even good news.

However, BitMEX co-founder Arthur Hayes holds the opposite view and announced that he has liquidated his ZEC holdings. Hayes stated that while the possibility of malicious minting is extremely low, it cannot be formally proven impossible through cryptographic methods. The claim of protecting privacy from AI, governments, and large tech companies requires perfection, not an extremely low probability . He also indicated that if the subsequent assumptions are proven false, he would not rule out buying back at a lower price.

A network upgrade is planned to "prove" that there is no forgery.

Opinions on the Zcash Orchard pool vulnerability are currently divided. However, to prove the integrity of the Zcash supply, Shielded Labs, a non-profit core development organization focused on the Zcash ecosystem, claims to be collaborating with other Zcash developers to explore a network upgrade plan designed to allow anyone to verify the integrity of the Zcash supply and "prove" that counterfeit Zcash does not exist in the Orchard pool. This plan involves deploying a new protected pool and enforcing a "turnstile accounting" mechanism on all tokens in the Orchard pool. Details of the proposal will be released next week.

In addition, Shielded Labs says it is launching a project to formally verify the Orchard circuits and will attempt to write mathematical proofs to demonstrate that there are no undiscovered vulnerabilities.

Whether Zcash can successfully weather this vulnerability crisis remains to be seen. However, the handling of this crisis will provide important reference for security practices in the field of crypto-privacy.

Related reading: Variant: Bitcoin, Ethereum, and ZCash are highly likely to become the primary store of value.

Share to:

Author: Felix

Opinions belong to the column author and do not represent PANews.

This content is not investment advice.

Image source: Felix. If there is any infringement, please contact the author for removal.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANewsCN
Recommended Reading
PA一线

PA一线

Mynth will cease operations on July 1st, and the Novaswap hosting infrastructure will be taken offline.
OmniTools

OmniTools

Concerned about AI evolving on its own, is Anthropic planning to stop training?
PA一线

PA一线

Report: Russian ruble stablecoins A7 and A5 account for approximately 43% of the global non-USD stablecoin market.
PA一线

PA一线

Arthur Hayes: I've sold all my ZEC shares; the privacy narrative demands perfect security, not just low-probability security.
PA一线

PA一线

Zcash founder reveals details of a serious forgery vulnerability in Orchard, stating that "the likelihood of it being exploited is low."
PA一线

PA一线

Zcash completes its most complex network upgrade in history, fixing a critical vulnerability in Orchard's privacy pool.

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe
PANews App
24/7 blockchain news tracking and in-depth analysis.
Download PANews App
App StoreGoogle Play
PANews APP
Binance will support the NEAR Protocol (NEAR) network upgrade and hard fork on June 10.
PANews Newsflash