Liebs00

NEAR Intents just set a new all-time high: $223.9M in daily swap volume. 550,000+ unique users in the last 30 days. Hyperliquid perps now live with Confidential perps next! Intent-based execution across 35+ chains and 135+ assets is driving real adoption and revenue for the ecosystem. This is what shipping looks like.

👉For 4 years, 1 day, and 10 hours, anyone who understood the Orchard circuit could have minted ZEC out of thin air, silently, with no on-chain signature. The bug was disclosed this week. It was found by an AI-driven audit running Opus 4.8, not by an attacker. 1. Call the bug what it is Two lines in halo2's variable-base scalar multiplication gadget used assign_advice() where copy_advice() was required. As a result, the diversified-address integrity check pk_d = [ivk]·g_d could be satisfied for arbitrary inputs. A malicious prover could spend the same note multiple times with different nullifiers, i.e. counterfeit ZEC inside the Orchard pool, undetectable on-chain because the privacy of the ZK proof hides exactly the inputs that would reveal the attack. We do not know whether it was exploited. We will probably never know. 2. Four years. Multiple audits. Top-tier reviewers. Orchard was reviewed by some of the strongest cryptographers in the field before activation. They missed it. Earlier automated audits with Opus 4.7 missed it. Opus 4.8 catches it in roughly 1 in 4 runs when prompted generically. The bug is hard. And ZK inflation bugs are not new. Zcash itself shipped a counterfeiting vulnerability in Sprout (BCTV14) that survived years before being silently neutralized during Sapling. Similar soundness issues have appeared in circom, halo2, and rollup verifiers since. The pattern is consistent: when the protocol is private, exploitation is undetectable. You patch the bug and hope. 3. What Zcash did right This was a textbook decentralized incident response: ▶️Audit: a full AI-assisted soundness audit of halo2 + Orchard, scoped end-to-end. ▶️Discover: the agent flagged the missing constraint and worked out the algebra to turn it into an exploit. A working RPC-level PoC in ~6 hours, mostly waiting on tokens. ▶️Coordinate: a soft fork disabling Orchard, prepared and distributed without leaking the bug, activated 2 days and 15 hours after acknowledgement. Coordinating a soft fork across miners, exchanges, and nodes without disclosing why is genuinely hard. They did it. ▶️Disclose: timeline, code lines, math, open questions. No spin. Worth naming explicitly: Zcash's turnstile invariant caps the value that can ever leave a shielded pool by the value that entered it. Privacy and verifiability inside the same protocol. That is not an accident. That is good engineering, and it is what kept the worst case bounded. 4. The economics of security just changed AI does not change whether bugs like this exist. It changes the cost of finding them. I wrote about this https://t.co/AeurraJXhB: a missing constraint in a 4-year-old production ZK circuit used to require a top-tier cryptographer with months of context. It now requires a few tokens, an API key, and a well-framed prompt. The defender benefits. The attacker benefits more, they only need to find it once, and they never disclose. Orchard is the optimistic version of this story: defense got there first. The pessimistic version is the one we cannot rule out, because the chain is private by design. 5. The only real exit You do not patch your way out of this asymmetry. You raise the floor. Formal verification of consensus-critical circuits, every assign_advice audited by SAT solvers and AI for under-constraint, as the reporter himself recommends. Proof-grade engineering that used to be too expensive is now cheap enough to be mandatory. Hardware roots of trust, secure enclaves, certified secure elements, WYSIWYS. Cryptographic guarantees the user can actually verify, not promises a host can lie about. Continuous AI-assisted audit of every consensus-critical commit, re-run immediately on the release of any new frontier model. Zcash didn't just patch a bug. They demonstrated the new defensive playbook: AI-driven audits, decentralized coordination, radical transparency, verifiable invariants. That is the direction the rest of the industry needs to follow. And those who don't raise the bar for security will be rekt in this new world. Stay safe. Stay honest about your trust assumptions.

✨ 2 very unique Mysten / Sui papers made it at the prestigious Science of Blockchain Conference (SBC 2026) this year, jointly coauthored with Stanford, IBM, and a16z: “Partial Fraction Techniques for Cryptography” https://t.co/hLXCcUf7mw, also presented at EuroCrypt ‘26. In the paper we developed key-value commitment schemes using the familiar product linearization property of fractions and dynamic threshold encryption using a novel linear independence of products property. “Efficient Batch Threshold Encryption using Partial Fraction Techniques” https://t.co/jMlKQkx0RF, will also appear at CRYPTO ‘26. Our updated paper gets inspiration from, as well as outperforms many state-of-the-art solutions in this frenzied research topic. Mysten Labs, Sui & Walrus continue to be an amazing place where abstract ideas turn into powerful tools

almost all privacy protocols have a variant of this same thing this same FUD comes back every 5 months as new people learn how privacy pools work (and curiously it mostly comes from xmr ppl who are also vulnerable to counterfeit bugs lol) in theory, with a zk privacy protocol (not just zcash), you could have a bug in a circuit that inflates supply provided someone extremely sophisticated finds it and somehow exploits it undetected (the difference between a regular defi exploit is that it's harder to detect) the new information since last week is that the team has ramped up redteaming their own circuits with a ton of new advanced tools and teams specifically for this purpose and patched the bug in the process (I actually thought people would find this bullish but I'm retarded clearly) on zcash, you can catch this with a turnstile such that the total supply is not inflated and the attacker is stopped but that would effect withdrawals from that specific shielded pool until social consensus you can probabilistically claim there was no exploit though not definitively because the turnstile would've triggered and probabilistically an attacker would've sold by now or the several other run ups, and the fact that the very best security people from all over couldn't find an issue for years, but nothing has changed as this was always the case it's also why "just adding privacy" on a different chain (without audit ability) is not as easy as it sounds because you want the very best people working on this at all times and that was the point of this I get this makes some people uneasy, so there will be a network upgrade to allow anyone to verify the integrity, coming up (see zooko's post) this is why project tachyon is going to be such a banger. not just because it will be quantum proof but because it will be a new pool (which will definitively prove this wasn't exploited), but because it will be formally verified, simpler, and provably sound anyway, im shielding and chilling see: https://t.co/qhbBDy2Kk4