Security researcher who found critical Zcash bug will audit Monero and other privacy coins
The security engineer who uncovered the high-profile Orchard Pool vulnerability in Zcash says he’s expanded his audit queue to include Monero and other privacy-focused cryptocurrencies.
Taylor Hornby—who has said he used the Claude AI Opus 4.8 model during his work—told followers on X that he will add Monero to his list of projects to audit. “Absolutely! I’ll add Monero to my queue of things to audit,” Hornby wrote in response to a request to look for bugs in XMR and similar privacy coins.
Hornby discovered the so‑called Orchard counterfeiting flaw on May 29. The bug, which had existed unnoticed since May 2022, could in theory have allowed an attacker to mint unlimited, undetectable ZEC. He responsibly reported the issue to the Zcash Open Development Lab (ZODL), and an emergency network fix was coordinated and deployed by June 2.
Because Zcash’s shielded privacy features obscure transaction history, the public notice stressed that while there was no evidence the flaw had been exploited, there is also no cryptographic way to prove it wasn’t abused during the interval it went undetected. That uncertainty sparked market fear and broader questions about the guarantees privacy features can offer—concerns that naturally extend to other privacy-centric projects like Monero.
Hornby said he chose to disclose the vulnerability rather than exploit it because of his close ties with Zcash developers and the project’s personal importance to him. He also indicated plans to apply for a Zcash coinholder grant and to accept voluntary donations to fund further security research.
The discovery triggered a wave of FUD in crypto markets: ZEC plunged as much as nearly 50% on the day of the disclosure. With Hornby signaling Monero as his next target for auditing, the sector may face renewed scrutiny—any negative findings in future audits could deepen skepticism about privacy coins and ripple through the broader crypto market.
To address the fundamental problem of unverifiable supply during the vulnerable period, Shielded Labs, ZODL and other stakeholders have advanced a proposal called Ironwood. The plan aims to allow users to independently verify ZEC’s circulating supply by running a node. “As soon as Ironwood activates, users can verify from the consensus rules that no more than the correct amount of ZEC can be circulating,” the initial proposal states.
Market reaction has softened since the emergency patch: at the time of writing ZEC is trading around $400, up roughly 4% in the past 24 hours.
Read more AI-generated news on: undefined/news
