Taylor Hornby, the security engineer who discovered a vulnerability that could have allowed unlimited counterfeiting of ZEC tokens, has announced plans to audit Monero and other privacy-focused cryptocurrencies.
Hornby found the flaw in Zcash’s Orchard shielded pool on May 29, using Anthropic’s Claude Opus 4.8 AI model to assist his review. The bug had been sitting there, undetected, since the Orchard pool’s activation in May 2022. That’s four years of a live vulnerability that could have been used to mint fake ZEC indistinguishable from the real thing.
What happened with Zcash
Hornby was engaged by Shielded Labs in April 2026 specifically to conduct protocol audits. Within a matter of days after beginning his AI-assisted examination, he identified the critical flaw in the zero-knowledge proof system underpinning Zcash’s most private transaction pool.
He reported the vulnerability to the Zcash Open Development Lab (ZODL), which moved quickly. An emergency soft fork was completed by June 1, and a full network upgrade, dubbed NU6.2, was implemented the following day on June 2.
