Ledger CTO Claims Zcash Orchard Vulnerability Exists for Over 4 Years, AI Audit Opus 4.8 Discovers Infinite ZEC Forgery Risk
Ledger CTO Charles Guillemet stated that there is a serious vulnerability in the Zcash Orchard privacy pool that has lasted for 4 years, 1 day, and 10 hours. Anyone who understands the circuit can silently generate an unlimited amount of forged ZEC, which cannot be detected through on-chain signatures.
This vulnerability was discovered by an AI-driven audit using Anthropic Opus 4.8, rather than being exploited by attackers. The issue originates from a misuse of assign_advice() in the halo2 variable base scalar multiplication gadget, which should have been copy_advice(), allowing arbitrary inputs to bypass address integrity checks.
The Zcash team responded quickly: AI-assisted comprehensive audit, soft fork to disable Orchard, and transparent disclosure. The Turnstile invariant limits the worst-case outflow of funds.
Source: Public Information
ABAB AI Insight
Charles Guillemet, as Ledger CTO, has long focused on ZK circuit security and hardware trust roots. His comments continue a rigorous examination of the trust assumptions in privacy protocols, similar to his past analyses of historical vulnerabilities like Zcash Sprout.
In terms of capital pathways, Zcash is attempting to rebuild market trust through AI-assisted audits, decentralized coordination, and transparent disclosures, but the privacy design still poses long-term risks due to its undetectable characteristics. Funds are increasingly concentrated in protocols that offer strong privacy protection alongside verifiable mechanisms (like Turnstile), while projects that rely solely on "audit pass" face higher premium demands.
This incident marks the double-edged sword effect of AI in the field of crypto security: significantly lowering the cost of discovery while increasing the attack surface. Currently, ZK and privacy protocols are at a critical stage of transitioning from manual audits to continuous AI audits and formal verification.
Essentially, this is a technological substitution: AI is reshaping the economics of crypto security audits, as Opus 4.8 can quickly identify constraint defects that have gone unnoticed for years, shifting pricing power from relying on a few top human cryptographers to protocols that combine AI continuous auditing with hardware trust roots.
ABAB News · Cognitive Law
The stronger the privacy, the more thorough the audit must be; unverifiable supply integrity is always a sword hanging over one's head. AI has caused the cost of discovering vulnerabilities to plummet; defenses must run faster than attacks, or they can only remedy after the fact. Truly secure protocols never rely on "no one has discovered it" but instead establish ironclad rules that anyone can verify.