Zcash's price dropped over 33% to below $265 after Shielded Labs disclosed a critical, four-year-old vulnerability that could have allowed counterfeit coin creation. Due to Zcash's privacy features—specifically its use of zero-knowledge proofs and shielded addresses—it is impossible to cryptographically determine if the bug was exploited. The vulnerability was patched earlier this week. The incident has reignited debates about the inherent trade-off between privacy and auditability in cryptocurrency systems. Nic Carter of Castle Island Ventures noted that such bugs are "part of the deal" for privacy coins, citing similar past incidents in Zcash (2018) and Monero (2017). Monero community members also expressed solidarity, acknowledging that privacy-first designs inevitably face such risks. However, some Bitcoin advocates argued that Zcash's supply cannot be fully audited, making similar vulnerabilities likely to recur. The bug was reportedly discovered using Anthropic's Claude Opus 4.8 AI model, raising concerns that AI could democratize bug-finding in complex zero-knowledge systems, potentially benefiting both attackers and defenders.

Key facts

• Zcash price dropped 33% to below $265 after critical bug disclosure.
• Four-year-old vulnerability could have allowed creation of counterfeit coins.
• Privacy features make it impossible to determine if bug was exploited.
• Bug discovered using AI model Claude Opus 4.8; fixed earlier this week.
• Similar privacy vs. auditability trade-offs seen in Zcash (2018) and Monero (2017).

KeyAudit data perspective