# Сопутствующие статьи по теме Security

Новостной центр HTX предлагает последние статьи и углубленный анализ по "Security", охватывающие рыночные тренды, новости проектов, развитие технологий и политику регулирования в криптоиндустрии.

Zcash Suffers Historic Collapse As Billions Vanish From Market Value

Zcash, a privacy-focused cryptocurrency, suffered a historic collapse in price, losing over 50% of its value in 24 hours and erasing billions from its market cap. The dramatic sell-off was triggered by the disclosure of a major vulnerability in the Zcash Orchard privacy pool that had remained undetected since May 2022. A security researcher, using AI, developed a proof-of-concept to generate counterfeit ZEC. While the bug was patched by June 2, Zcash's privacy design makes it impossible to verify if any fake coins were minted before the fix, fueling market panic and uncertainty. This event highlights the trade-off between privacy and transparency. In response, Shielded Labs is exploring a network upgrade to allow supply verification. Despite the crisis, proponents argue that the discovery by world-class security researchers demonstrates the network's commitment to proactive hardening and resilience.

bitcoinist06/07 14:01

Zcash Suffers Historic Collapse As Billions Vanish From Market Value

bitcoinist06/07 14:01

Zcash Flaw Sparks Monero Audit Interest as Privacy Coin Debate Heats Up

A significant security flaw in Zcash's Orchard privacy pool was disclosed by non-profit developer Shielded Labs, causing ZEC's price to drop 38% in 24 hours before a modest recovery. The vulnerability, discovered on May 29th by security researcher Taylor Hornby using Anthropic's Opus 4.8 AI model, could have allowed an attacker to create an unlimited supply of counterfeit ZEC tokens undetected. This event has intensified the privacy coin debate. In response, Hornby announced plans to audit Monero (XMR), a leading privacy-focused cryptocurrency that, unlike Zcash, defaults to hiding all transaction data. Hornby expressed confidence in finding vulnerabilities in such privacy coins. The disclosure has cast fresh security scrutiny on the sector.

TheNewsCrypto06/06 14:52

Zcash Flaw Sparks Monero Audit Interest as Privacy Coin Debate Heats Up

TheNewsCrypto06/06 14:52

Claude Opus 4.8 Finds a $4.5 Billion Bug: The AI Era is Mass-Producing Hackers

A researcher discovered a critical "infinite mint" vulnerability in the Zcash cryptocurrency's Orchard protocol using Claude Opus 4.8, leading to a swift fix but also a 50% market drop, erasing billions in value. This incident highlights a new era where powerful, accessible AI models are dramatically lowering the barrier to finding software vulnerabilities. Previously, the security community feared specialized models like Claude Mythos Preview, capable of finding decades-old zero-day exploits. The Zcash case, however, involved a publicly available, general-purpose model. This shift makes advanced security auditing—and attack capabilities—accessible to far more people, not just experts. The mass democratization of vulnerability discovery brings a dual challenge: a flood of low-quality, AI-generated false reports that overwhelm maintainers, and the real, rapid uncovering of deep, dangerous bugs. Open-source projects, often understaffed and unfunded, are particularly vulnerable to this "attention DDoS." The article cites examples like curl shutting down its bug bounty program due to the unsustainable workload. Our perceived digital safety has often been luck, relying on the high cost and effort required to find deeply hidden flaws in complex systems, as seen with historical vulnerabilities like Heartbleed or Baron Samedit. AI changes this cost structure, effectively "mass-producing flashlights" to illuminate every corner of our codebase. While large companies operate extensive security chains involving external white-hat hackers and massive defensive operations, the global cybersecurity workforce faces a severe shortage, especially of experienced personnel capable of analyzing complex threats and coordinating fixes. The core dilemma emerges: AI makes *finding* bugs cheap and scalable, but *fixing* them remains a slow, expensive, and human-intensive process. The article concludes that AI won't destroy the internet but acts as a bright light, revealing that our digital existence is not inherently secure but is precariously maintained by ongoing human effort. The true cost in the AI era may not be discovery, but whether there will be enough people left willing and able to do the hard work of repair.

marsbit06/06 09:22

Claude Opus 4.8 Finds a $4.5 Billion Bug: The AI Era is Mass-Producing Hackers

marsbit06/06 09:22

From Ethereum to AI's 'CROPS': What Exactly Is This 'Slow Variable' That Vitalik Has Repeatedly Emphasized?

Recently, Vitalik Buterin has frequently emphasized the concept of "CROPS," first outlined in the Ethereum Foundation's March mandate as core principles guiding its focus: Censorship Resistance, Capture Resistance, Open Source, Privacy, and Security. CROPS represents Ethereum's commitment to providing foundational capabilities for user sovereignty—enabling asset ownership, identity expression, and coordination without reliance on centralized platforms or surrendering ultimate control. This framework is gaining new urgency with the rise of AI, particularly AI agents managing digital assets and automating transactions. While AI offers convenience, it risks centralizing user data, intent, and control if dependent on opaque, centralized services. Vitalik argues for "CROPS AI"—AI that is open, privacy-preserving, secure, and capable of local execution to maintain user agency. He highlights convergence between "CROPS Ethereum access layers" and "CROPS AI," such as using zero-knowledge proofs for private remote LLM calls and Ethereum RPC reads, ensuring users can access services without exposing sensitive information. Ultimately, CROPS is not just an abstract ideal but a practical guide for Ethereum's development and AI integration. It addresses the critical long-term question: as digital systems grow more powerful, how can users retain control over their privacy, assets, and autonomy? In an AI-driven era, these principles may define Ethereum's enduring value—prioritizing verifiable, secure, and user-centric design over short-term optimizations like speed and cost alone.

marsbit06/06 08:07

From Ethereum to AI's 'CROPS': What Exactly Is This 'Slow Variable' That Vitalik Has Repeatedly Emphasized?

marsbit06/06 08:07

From Ethereum to AI's 'CROPS': What Exactly is This Set of 'Slow Variables' That Vitalik Repeatedly Emphasizes?

In recent discussions, Vitalik Buterin has frequently emphasized the concept of "CROPS," a framework defining core values for Ethereum's development. CROPS stands for Censorship Resistance, Capture Resistance, Open Source, Privacy, and Security. Initially outlined in the Ethereum Foundation's "EF Mandate," it represents a commitment to user sovereignty, ensuring that the network resists external control, remains open, protects privacy, and prioritizes security. The relevance of CROPS extends beyond Ethereum's foundational principles, becoming crucial in the context of AI integration. As AI agents begin handling wallet operations and automated transactions, the risk increases that users may cede control over their digital assets, privacy, and intentions to centralized AI service providers. A "CROPS AI" would therefore emphasize local execution where possible, privacy-preserving remote model calls (e.g., using zero-knowledge proofs), and transparent, verifiable processes to maintain user agency. Vitalik highlights a significant convergence between "CROPS Ethereum access layer" and "CROPS AI." Both address the same fundamental challenge: how users can access powerful services—be it blockchain data via RPCs or AI models—without exposing sensitive information or relinquishing ultimate control. This intersection points toward a future digital entry point that is more private, secure, and user-controlled. Ultimately, CROPS is not merely an abstract ideal but a practical guidepost. It steers development—from protocol resilience and wallet design to AI agent safety—towards a future where users retain self-sovereignty even as digital systems grow more complex and powerful. In an era of accelerating AI adoption, these "slow variables" of censorship resistance, openness, privacy, and security may define Ethereum's enduring value.

marsbit06/05 12:40

From Ethereum to AI's 'CROPS': What Exactly is This Set of 'Slow Variables' That Vitalik Repeatedly Emphasizes?

marsbit06/05 12:40

Zcash Bug Could Have Minted Unlimited ZEC Undetected

A critical vulnerability in Zcash's Orchard shielded pool, discovered by researcher Taylor Hornby on May 29, 2026, could have allowed an attacker to create an unlimited amount of undetectable counterfeit ZEC. The flaw, involving an under-constrained element in the Orchard circuit, existed from the pool's 2022 activation until an emergency fix was deployed by June 2, 2026. Hornby identified the bug using AI-assisted auditing tools and confirmed its exploitability in a test environment. Due to Orchard's privacy features, which hide transaction amounts and history, there is no cryptographic way to prove whether the vulnerability was exploited before the fix. While Shielded Labs assesses prior exploitation as unlikely, this uncertainty has sparked a debate on proving supply integrity in privacy-preserving systems. In response, Shielded Labs and other developers are exploring a network upgrade, potentially involving a new shielded pool and formal verification of the circuit rules to prevent future vulnerabilities and allow verification of the ZEC supply's integrity. ZEC's price fell nearly 45% following the disclosure.

bitcoinist06/05 12:31

Zcash Bug Could Have Minted Unlimited ZEC Undetected

bitcoinist06/05 12:31

Privacy Coin Crisis of Confidence! ZEC Plunges Over 56% in a Single Day

Zcash (ZEC), a leading privacy-focused cryptocurrency, experienced a severe crash on June 5th, plummeting over 56% in a single day and erasing nearly two months of gains. The flash crash was triggered by the disclosure of a critical zero-knowledge proof vulnerability within Zcash's Orchard privacy pool, which had existed since the pool's launch in May 2022. The flaw theoretically allowed an attacker to forge unlimited ZEC undetectably due to the pool's privacy features. The vulnerability was discovered on May 29th by independent security researcher Taylor Hornby during a proactive audit commissioned by Shielded Labs, utilizing AI-assisted analysis. The Zcash development team responded swiftly, implementing an emergency soft fork to disable Orchard transactions on June 2nd and executing a permanent hard fork fix (NU6.2) on June 3rd. Despite the technical fix, a major crisis of confidence emerged. The core issue is that Orchard's privacy design makes it cryptographically impossible to prove whether the vulnerability was exploited over the past four years, casting permanent doubt on the historical supply integrity of ZEC. While Shielded Labs argues exploitation was unlikely, the inability to provide definitive proof has severely damaged market trust. This sentiment was exacerbated when BitMEX co-founder Arthur Hayes, a prominent ZEC supporter, announced he was selling his entire position. He stated that privacy assets require "perfect security" rather than "probable safety." The combined effect of the disclosure and Hayes's exit ignited widespread panic selling, leading to massive liquidations and significant price decline. Analysts note the event highlights a fundamental tension within privacy coins: the conflict between verifiable supply and cryptographic privacy.

链捕手06/05 10:15

Privacy Coin Crisis of Confidence! ZEC Plunges Over 56% in a Single Day

链捕手06/05 10:15

Behind ZEC's Over 30% Plunge: An 'Unlimited Minting' Vulnerability with No Way to Prove if It Was Ever Exploited

A critical vulnerability was discovered in Zcash's Orchard privacy pool, allowing for the theoretical creation of undetectable counterfeit ZEC. Researcher Taylor Hornby found the flaw on May 29th, 2024, within the Orchard circuit's cryptographic constraints, which could let an attacker bypass asset conservation rules. Although a rapid emergency fix was deployed within days via a coordinated soft and hard fork, a core uncertainty remains: due to Orchard's privacy features, it is impossible to cryptographically prove whether this "unlimited mint" flaw was exploited in the nearly four years since the pool's 2022 launch. This uncertainty, rather than the patched flaw itself, triggered a market panic, causing ZEC's price to drop over 30%. While the Zcash Foundation stated no evidence of exploitation was found, independent entity Shielded Labs emphasized the impossibility of definitively proving no counterfeit ZEC was ever created. The incident highlights the unique trust challenge in privacy systems. To address this, developers are proposing a new network upgrade with enhanced auditing to allow verifiable proof of supply integrity. Notably, the researcher utilized the newly released AI model Claude Opus 4.8 as a tool during the security review, signaling the growing role of advanced AI in uncovering complex cryptographic vulnerabilities.

marsbit06/05 06:51

Behind ZEC's Over 30% Plunge: An 'Unlimited Minting' Vulnerability with No Way to Prove if It Was Ever Exploited

marsbit06/05 06:51

Single-Day Plunge of 30%, Arthur Hayes Suddenly Liquidates: Why Did ZEC Get Exploded by Security Issues?

On June 5th, Zcash founder Zooko Wilcox disclosed a critical soundness vulnerability in the project's latest Orchard privacy pool. This flaw, found in the elliptic curve multiplication constraints, could allow an attacker to create unlimited counterfeit ZEC within the shielded pool, with transactions appearing valid. The vulnerability was discovered in late May by security researcher Taylor Hornby, who utilized Anthropic's new Opus 4.8 AI model for a targeted audit. The Zcash ecosystem had already performed an emergency network upgrade to patch the issue. However, the detailed disclosure triggered severe market panic, causing ZEC's price to plummet over 30% in a single day. Notably, prominent investor Arthur Hayes announced he had sold his entire ZEC position following the news. The incident starkly challenges the "technological trust" narrative central to privacy coins. Despite years of top-tier cryptographic audits, the bug persisted until uncovered with advanced AI-assisted research. This highlights the growing gap between theoretical perfection and practical implementation in privacy technology. The event serves as a industry-wide warning: in an AI-driven security landscape, the assumption that "undiscovered equals safe" is obsolete. It underscores the urgent need for continuous, proactive security practices combining AI audits, formal verification, and rapid response mechanisms.

foresightnews_api06/05 04:34

Single-Day Plunge of 30%, Arthur Hayes Suddenly Liquidates: Why Did ZEC Get Exploded by Security Issues?

foresightnews_api06/05 04:34

Ethereum Foundation Researcher: Quantum Day Is Approaching, Plans to Complete Quantum-Resistant Migration by 2029

Ethereum Foundation researcher Justin Drake discusses the implications of a recent quantum computing breakthrough by Google’s quantum AI team, which demonstrated a 10x efficiency improvement in Shor’s algorithm against the secp256k1 elliptic curve used in Bitcoin and Ethereum. Notably, Google kept key algorithmic details confidential, using zero-knowledge proofs to verify the result without disclosure—a first in academia. Shortly after, the core optimization was independently reproduced, and an open-source competition (ecdsa.fail) emerged, further improving the algorithm by 8.4%. Meanwhile, startup Oratomic published research suggesting that neutral-atom quantum architectures could break secp256k1 with only 10,000 physical qubits, accelerating the timeline for "Q-Day"—the day quantum computers can break widely used cryptography. Drake estimates a 50% probability of Q-Day by 2032 and a 10% chance by 2030, contrasting with the U.S. government’s more conservative 2035 forecast. He warns against panic but stresses timely migration to post-quantum cryptography. Ethereum plans to complete its migration by 2029, covering consensus, data, and execution layers with hash-based systems. The Foundation is also developing leanVM, a formally verifiable zkVM, and has launched two $1 million initiatives to advance SNARK-friendly cryptography.

foresightnews_api06/05 04:07

Ethereum Foundation Researcher: Quantum Day Is Approaching, Plans to Complete Quantum-Resistant Migration by 2029