Security engineer Taylor Hornby, who recently used Anthropic’s Opus 4.8 AI model to uncover a critical vulnerability in Zcash, has announced that privacy coin Monero will be next on his audit list.
Hornby, hired by Shielded Labs in April to identify protocol bugs before they could be exploited by attackers, said the discovery of the Zcash flaw came on May 29. The bug, located in Zcash’s Orchard privacy pool, had remained undetected since May 2022 and could have allowed an attacker to mint unlimited, undetectable counterfeit ZEC tokens. Shielded Labs disclosed the vulnerability on Thursday and implemented an emergency fix by June 1.
When asked on X whether he planned to search for flaws in Monero and other private cryptocurrencies, Hornby responded, “Absolutely! I’ll add Monero to my queue of things to audit.” Monero, which trades under the ticker XMR, is one of the largest privacy-focused tokens, hiding transaction details by default. This contrasts with Zcash, where users can choose between transparent or shielded addresses.
The Zcash bug’s impact was immediate: ZEC’s price dropped 38% within 24 hours amid fears that a hacker might have exploited the shielded pool without leaving a trace over the past two years. Hornby, however, said he reported the flaw rather than exploiting it because the Zcash developers were “like family” and he could not live with “that kind of betrayal.”
What the bug meant for Zcash
The Orchard privacy pool was designed to protect user anonymity, but the bug essentially broke that protection. If left unchecked, an attacker could have generated counterfeit ZEC coins without anyone noticing. Shielded Labs acted quickly, pushing through a fix within three days. Hornby’s role was to find such issues before they could be weaponized.
Monero’s audit ahead
Hornby now plans to turn his attention to Monero, a coin that many in the privacy community consider harder to trace than Zcash. He mentioned he will apply for a Zcash coinholder grant to fund further auditing work. Whether that grant covers Monero audits remains unclear, but Hornby seems determined to examine the code.
Broader implications
The Zcash incident has raised questions about how many other privacy protocols might have similar hidden bugs. The use of AI to find flaws is still relatively new, but Hornby’s success might encourage more security researchers to try similar approaches. For Monero, the upcoming audit could either strengthen its reputation or expose weaknesses. For now, the community waits.
