Researcher who found Zcash bug with AI adds Monero to audit queue

Taylor Hornby, the security engineer who used Anthropic's Opus 4.8 AI model to find a critical bug in Zcash, says privacy coin Monero is next on his audit list. Asked on X whether he could look for flaws in Monero and other privacy-focused cryptocurrencies, Hornby replied, "Absolutely! I'll add Monero to my queue of things to audit."

Monero, which trades under the ticker XMR, is among the largest privacy-focused cryptocurrencies and hides transaction details by default. Zcash, by contrast, lets users choose between transparent and shielded addresses.

Hornby found the Zcash flaw on May 29. The bug, in the blockchain's Orchard privacy pool, had gone undetected since May 2022 and could have let an attacker mint unlimited, undetectable counterfeit ZEC. Shielded Labs, a nonprofit developer on the network, disclosed it on Thursday and pushed through an emergency fix by June 1.

Zcash fell 38% over the following 24 hours amid fallout and concerns about a hacker possibly stealing money from the shielded pool — without leaving any detectable trace — over the past few years.

Hornby, hired by Shielded Labs in April to find protocol bugs before attackers could, said he reported the flaw rather than exploit it because the Zcash developers were "like family" and he could "not live with that kind of betrayal." He plans to apply for a Zcash coinholder grant to fund further work.