Summary6 min read

Unchained Podcast Summary

Episode: How Claude Found Zcash's Counterfeiting Bug

Host: Laura Shin
Date: June 10, 2026

Episode Overview

This episode dives into the confluence of artificial intelligence (AI), blockchain security, and the recent high-profile counterfeiting bug found in Zcash’s privacy pool. Laura Shin brings together prominent voices in the crypto space—Chris Perkins, Austin Campbell, Rob, and Rahm Aliwalia—to discuss the accelerating impact of AI on crypto security, the implications of the Zcash vulnerability discovery, and broader themes like privacy’s future, sectoral rotation in tokens, and the looming challenge of quantum computing for blockchain systems.

Key Discussion Points and Insights

1. The Evolving Nature of Security in Crypto

AI as Double-Edged Sword for Security:
- Chris Perkins notes that modern AI tools are rapidly uncovering vulnerabilities—“like really terrible vulnerabilities”—but he’s optimistic that as these are fixed, "the foundation will be much, much stronger than it ever was." (00:00)
- He foresees a future where vulnerabilities in code become “relegated to history” due to AI-aided security advances.
- Quote (Chris Perkins, 00:48):
  
  “I think AI is actually going to help security more than hurt security through that vector of attack.”
Social Engineering as the Rising Threat:
- While technical bugs are getting easier to fix, Chris argues social engineering—deepfakes, social graphing—is an escalating problem due to evolving AI capabilities.
- He predicts we'll eventually “turn over the keys…to these agents,” trusting AI to guard against human-centric attacks. (01:17)

2. Sectoral Rotation and Fundamentals

Rotation in Crypto Assets:
- Rob asks about tactical plays in BTC and Hyper Liquid, questioning why not simply “buy the dip on a high momentum asset.” (02:19)
- Austin Campbell frames the moment as a “sectoral rotation”—projects with weak fundamentals (e.g., Cardano) are losing relevance, while those delivering tangible value (e.g., Hyper Liquid) stand out. (02:40)
- “We're hitting this scissor moment with crypto…where we can move onwards and away from ideas or ecosystems that didn't work.” (03:34)
- He underscores this as a period for building and for market “scissoring away things that need to be left for dead.”

3. No More Uniform 'Alt Season'—Dispersion Ahead

End of Uniform Cycles:
- Chris Perkins asks directly: “Are we talking alt season, fellas?” (04:11)
- Austin is explicit: “I do not think there is a uniform alt season anymore. I think there will be significant dispersion” (04:24)
- This marks a shift, underscoring “fundamentals matter” and the rise of the crypto+AI fusion as an investable theme. (04:31)

4. The Zcash Counterfeiting Bug: AI on Defense

How AI Exposed a Critical Privacy Coin Vulnerability:
- Austin details how Taylor Hornby used a customized Claude Opus 4.8 AI agent to uncover a severe counterfeiting bug in Zcash’s Orchard shielded pool—live and undetected since 2022. (05:46)
- Emergency upgrade patched the flaw; devs consider migrating to the new “Ironwood” pool.
- Market reaction: “Zcash rebounded 42% after the emergency upgrade, but is significantly off its highs.” (05:46)
- Quote (Austin Campbell, 05:46):
  
  “AI sort of creating this hyperloop in terms of speed between both attackers and defenders.”
Two Major Implications Raised:
1. Hyperloop of Threats:
- “Crypto getting significantly more dangerous, but we're now seeing people using more AI for defense…threat and counter threat is a ladder.” (06:40)
1. Opacity in Privacy Protocols:
- For privacy coins, “the only way to figure [out if there was an exploit] is to have people withdraw through the public turnstile and see how much comes out…if there's Zec left in the pool…something bad happened.” (07:15)
- Detecting exploits in privacy protocols is inherently harder.

5. Investor Confidence and the 'Bad News Bears'

Confidence Crisis in Privacy Coins:
- Rob frames the Zcash bug as a broader problem: “Markets are built on confidence…this is just all around bad.” (08:15)
- He draws parallels to the post-Enron regulation wave, warning that such events extend bear markets as investors fear hidden issues.
Investor Risk Tolerance:
- Chris agrees: “They’re very, very uncomfortable taking other types of risks, like getting your assets hacked…” (09:20)
- He emphasizes the paramount importance of security, warning against complacency as “some of us have got too immune to it.” (09:40)
- However, he offers optimism:
  
  “I think AI is gonna solve these vectors…auditing really [will] evolve in real time.” (10:08)

6. The Case for Simplicity—Bread and Butter Security

Complexity vs. The Lindy Effect:
- Austin voices concern for hard-to-detect bugs, especially in privacy and social engineering—where “AI may be evolving rapidly, but humans are evolving less rapidly.” (10:52)
- He touts the safety of Bitcoin’s simple, well-scrutinized code: “Your confidence that there are not critical bugs in there goes up with every single day that that thing continues.” (11:36)
- The recent wave of hacks (Drift, Bybit, KelpDAO) in more complex systems underpins this stance:
  
  “To some extent, we're just returning to the very bread and butter basics.” (12:09)

7. Quantum Risk: The Next Secular Challenge

Quantum’s Shadow Over Crypto Security:
- Rob points out that even Bitcoin’s Lindy effect must reckon with “quantum risk considerations,” which have “not been battle tested.” (12:28)
- Austin warns quantum could have “potentially worse” implications for less-scrutinized, complex chains. He gives credit to Ethereum for being “ahead on quantum defense compared to Bitcoin,” but cautions all communities to take the threat seriously. (12:55)
- Quote (Austin Campbell, 13:00):
  
  “…if somebody cracks Quantum, they're not going to tell you about it, they're just going to do it. So it pays to be prepared.”

Notable Quotes & Memorable Moments

Chris Perkins (00:48):
“AI is actually going to help security more than hurt security through that vector of attack.”
Austin Campbell (05:46):
“AI sort of creating this hyperloop in terms of speed between both attackers and defenders.”
Rob (08:15):
“Markets are built on confidence…this is just all around bad. There's no way to tell it any other way.”
Chris Perkins (09:40):
“We need to be highly sensitized to [security]. And again, but I'm bullish long term. I think AI…is gonna solve these vectors.”
Austin Campbell (12:09):
“To some extent we're just returning to the very bread and butter basics.”

Important Timestamps

00:00–01:50 – AI’s impact on crypto security; emergence and mitigation of vulnerabilities
02:19–04:40 – Sectoral rotation, end of uniform “alt season,” and the importance of fundamentals
05:46–08:15 – Zcash bug: AI’s role in discovery, privacy protocol limitations, and market/industry reactions
08:15–10:08 – Investor confidence, historical parallels, and the psychological impact of security failures
10:52–12:09 – Simplicity as a defense, Bitcoin’s Lindy effect, and the persistent problem of social engineering
12:28–13:41 – Quantum risk, Bitcoin vs. Ethereum on quantum-readiness, and the need for proactive defense

Concluding Themes

AI will both sharpen and counter cyber threats, leading to a rapid arms race between attackers and defenders.
The crypto sector is transitioning: weaker projects are being abandoned in favor of those with strong fundamentals and builder activity.
Zcash’s bug reflects deeper challenges for privacy coins—security, transparency, and the durability of user trust.
As quantum computing looms, established security assumptions—even in Bitcoin—will need to be reevaluated.
Ultimately, the case for simplicity and continual security vigilance grows stronger amid increasing code complexity and adversarial innovation.

This episode serves as a nuanced exploration of crypto’s evolving threat landscape, spotlighting how AI might become both its biggest threat and defense—and marking a pivotal moment of introspection for all privacy protocols and crypto security frameworks.

Loading summary

Transcript17 lines

[00:00]
Chris Perkins
The other thing that's been weighing on crypto that probably we should be talking about is this idiosyncratic challenge around security. So we saw it with zcash and you know, we've heard about it with quantum and Bitcoin. And the fact of the matter is is that right now, as AI tools from to your point are coming online, they're discovering vulnerabilities like, like really like terrible vulnerabilities. We saw that with zcash. But here's the good news, is that this idea of vulnerabilities existing in code is going to be relegated to history at some point because as we fix them, they're going to get solved. The foundation will be much, much stronger than it ever was. I think AI is actually going to help security more than hurt security through that vector of attack. Now we have another problem. It's called social engineering. And I think social engineering is actually going to get much, much tougher because deep fakes social graphing. And so I think that's going to be the bigger challenge. But the good news for deep Buy is I think we're going to be much stronger as we go through. And I think. But we're in this max uncertainty point for the next few months as issues are being discovered, vulnerabilities being discovered, they're getting patched. There's this cat and mouse game generally feeling pretty good about the medium term. Now on the social graphing vulnerability, how do you deal with that? We're old, we've been in the Internet for a while. I think at some point we're going to have to just turn over the keys. Not the crypto keys, don't do that, but keys to the car, the proverbial keys to the car to these agents. And I think the agents are going to be probably a lot more thoughtful about fighting off this social graphing. I'm sorry, this, this social engineering that, that, that our adversaries are very good at. So that's also really contributing to, to some of the challenges that we're seeing in crypto. It also helps with the emergence of intermediaries more and intermediaries who are saying, guys, you know, defi is a little dangerous right now. Leave it over to me, I'll take care of all of your vulnerabilities. Like, you know, I'm the throat you can choke. And that's another reason why maybe ETFs vs going native defi right now is having a moment again medium term. I think those defi issues are going to be in a much Better spot. Yes, sir.
[02:20]
Rob
Question for you both. So let's say there's a tactical opportunity around Bitcoin for all the reasons we've discussed above. Despite that, why wouldn't someone position around Hyper Liquid anyway buy the dip on a high momentum asset in a momentum asset class.
[02:40]
Austin Campbell
I was going to say you're kind of getting to something. We've been chatting sort of circles around for a while, which is a sectoral rotation in crypto overall because let me actually take that two different ways here. One, I agree with you. Hyper Liquid is probably one of the most investable tokens out there right now. If we're leaving like Bitcoin, you have a project that's generating fees. The team uses them for buybacks. It's grabbing significant headlines. We've talked about it on here repeatedly. Like Hyper Liquid for some definition of business is a very real business. Right. And there's a lot going on there. On the other hand, at the same time we have like Cardano, which has very few users, the founder is basically giving up on a live stream and like bouncing out of the thing and everybody is now exiting stage left. I think we're hitting this scissor moment with crypto where you've been around long enough, the regulators are no longer constantly attacking you. If you're not building things or delivering what is your purpose for existing. And I think what we're really seeing is the scissoring away of many things that need to be left for dead and where we can move onwards and away from ideas or ecosystems that didn't work but reinforcement. As Chris said, in a bear market you get builders who start doing things of projects that might actually bring value forward. And so to me it's part of a rotation story. The complicated situations are like zcash, which we could get into a little more in a minute. But like Chris, what was your turn?
[04:11]
Chris Perkins
As you say, as you say, rotation. Are we talking all season, fellas? Is that we're talking about. We've seen a ton of bitcoin dominance for last months, but is that what you're talking about, Austin? Right?
[04:24]
Austin Campbell
Yeah, I. I am specifically saying I do not think there is a uniform alt season anymore. I think there will be significant dispersion
[04:32]
Chris Perkins
within alts violent agreement there. It's about fundamentals. What are the themes that are really emerging right now? Intersection of crypto and AI1 may be founded by Rom's favorite founder. We could talk about later. I'm sure he'll bring it up
[04:49]
Austin Campbell
on track them both.
[04:52]
Chris Perkins
But. But like even Think about trade xyz and what are they? What is it? What are all eyes on? You know, maybe this is like, you know, space, I'm sorry, SpaceX, which is also an AI company. If they nail that pre IPO price right, all eyes are on it in a way, that's the intersection of crypto and AI. And so this is a theme that is shining bright right now. Keep your eyes on it. But you're right, fundamentals matter. What could go wrong? They could miss the IPO and everyone say, ah, it's too early, we're not ready. This is not, you know, it's not happening. But like if they, if they land, if they hit the landing on that, hit the landing on anthropic, that can completely rewire equity capital markets. Why am I paying a banker to set the price when the market's already doing it for me? And I'm not going to leave cash on the table. I'm going to start direct listing. So anyway, those are the things I'm looking at, fundamentals.
[05:47]
Austin Campbell
So I want to talk fundamentals for a moment on something where AI collided with crypto, which is Claude finding a bug in zcash. So to set that up, Taylor Hornby, a researcher, used a custom AI agent based on Claude Opus 4.8 to find a critical counterfeiting bug in Zcash's Orchard shielded pool. Live and probably undetected since 2022. An emergency upgrade patched it. The devs are now weighing a new shielded pool. They are calling it Ironwood. Zcash rebounded 42% after the emergency upgrade, but is significantly off its highs in the 600 to 700 range. There have been a couple of takes here. The AI security angle Chris was from Jared Watts. After seeing the zcash vulnerability, I got inspired to try doing some bug bounty work using AI over the weekend. It's worth running several rounds of long running agents to find vulnerabilities in your own software every time a new model releases on the privacy angle. Crypto lady M. If Zack Falters, who steps up as the next privacy flag bearer? The fundamental demand for privacy isn't going anywhere. And Arthur Hayes of course dumped his entire position there along with hype and near. He moves first and explains second. Maybe there are some Andrew left similarities there. But to me, what was interesting about this is two things. One, AI sort of creating this hyperloop in terms of speed between both attackers and defenders. We've seen crypto getting significantly more dangerous, but we're now seeing people using more AI for defense, you know, as we all know, threat and counter threat is a ladder where each side is climbing up with each other. So I'm curious, let's zoom out. Even from crypto, what are the implications for financial services writ large with this sort of activity? But number two, specifically to zcash, you've got a pool. People don't know if it was exploited or not. The only way to figure that out is to have people withdraw through the public turnstile and see how much comes out of there. And if there's Zec left in the pool after all that went in came out, you know, something bad happened. What do you think the implications are there for privacy protocols going forward? Because it is going to be harder to locate and detect bugs in those.
[08:15]
Rob
This is all around bad. This is the bad news section. Bad news bears section of the podcast. So markets are built on confidence. After the dot com bust, markets are about to rally. And then Enron and WorldCom were found to be fraudulent and had a bad auditor. And Arthur Anderson, which went away. And then all this regulation came. Sarbanes, Oxley and all the rest. So what would have been a two year bear market became a four year bear market. Confidence matters that much. And that was just two names in the public markets. Investors said, well, gee, if those two companies are cooked in the books, then maybe markets writ large have issues. That's why the Z cash issue around privacy coins. And it's just bad. And we had another hack a couple months ago. This is just all around bad. There's no way to tell it any other way. It's going to take time for investors to discount the risks around Mythos and what that means for these assets.
[09:21]
Chris Perkins
I couldn't agree more. Investors will be very happy to underwrite and take market risk. They get paid to do that. Sometimes the asset goes down, sometimes it goes up, but they get it. The problem that they have is that they're very, very uncomfortable taking other types of risks, like getting your assets hacked. Like operational risk, like regulatory risk, reputational risk. And so this really underscores that risk. That makes them very, very uncomfortable. Taking it does. Rob, you're spot on. Like when you lose confidence, you start. People's minds start wondering like, well, if it could happen to zcash, it could happen elsewhere. So security has to remain in the forefront in this asset class. I think some of us have got too immune to it. We can't. We need to be highly sensitized to it. And again, but I'm bullish long term. I think AI Is gonna, is like it's gonna, it's gonna solve these vectors. Like it has to solve these vectors because agents are so good at optimization. They're better than humans. And by the way, I talked to a dinner last week with these auditing companies. They're almost 100% agents now. They are going crazy. They're finding things like they've never found before. They're working with companies and so the good guys are doing good things. And I think the auditing really evolve in real time.
[10:53]
Austin Campbell
I don't think just the auditing companies. Right. Like for instance, I know the team over at Open Zeppelin and they're looking at contract standards based on all of these things as well. There's going to be a revision of many of the security practices in this space. The thing I remain worried about long term are two categories of bugs. One, ones where it's very hard to find them, which I think is the implication for a lot of the privacy protocols. And the other is ones that are largely based on human and social engineering. Chris, as you were pointing out earlier, because AI may be evolving rapidly, but humans are evolving somewhat less rapidly than AI. And so if we can get better attackers out of that, it's going to be a problem. If you get better defenders, that's a good thing. And maybe an area where people are under allocated. Another point I would make is coming full circle. I think this is good for Bitcoin. If you have something that's been around a long time without being exploited, is a relatively simple code base that is completely public. Your confidence that there are not critical bugs in there goes up with, with every single day that that thing continues to some extent. Part of what I'm looking at here is, is this just an argument in favor of simplicity given the rapidly emerging threat environment? Like we've seen hacks with KelpDao, we've seen hacks, you know, with Drift, we saw the Bybit exploit, which was a form of social engineering as well. We have not seen a core hack of Bitcoin. Right. So to some extent we're just returning to the very bread and butter basics.
[12:29]
Rob
In this environment, the indie effect matters. Great point. Question for you though. We've got to refactor, given all the quantum risk considerations, and that is a new framework that hasn't been battle tested. So Bitcoin's got to go through this valley of darkness. And I agree with the Lindy effect. The point you're making, except for this one fact, how do you kind of square the that tension?
[12:56]
Austin Campbell
I would tell you, whatever the implication for Quantum for Bitcoin is, it is potentially worse on less monitored chains with less eyes and more complex code bases, right? Again, if we're thinking about how to break stuff, the hardest thing to break is going to be the one where everybody is paying attention to it. Now, ETH is probably ahead on quantum defense compared to bitcoin. I myself have told the bitcoin community I think they need to take this a little bit more seriously than they are. And you better have a plan in place. Because the problem is if somebody cracks Quantum, they're not going to tell you about it, they're just going to do it right? And so it pays to be prepared. But rom to your point, it may be one of those like I don't love it here, but it might be worse everywhere else type situations.
[13:42]
Chris Perkins
So Austin, you're bullish ETH now?
[13:44]
Austin Campbell
I did not say I was bullish eth. I'm just saying I'm going to give them credit where credit is due on the quantum resistance thing. Thing. If you like this segment, please like subscribe and tune in every Monday at 4:30pm Eastern Time. I'm Austin Campbell, the host of Bips and Bips, along with my friends Rahm Aliwalia and Chris Perkins and our slate of exceptional guests. Every week we're going to discuss macro, crypto and the collision of worlds, covering topics that move markets and shape the financial landscape.
[14:13]
Rahm Aliwalia
Heads up everyone. We've now fully transitioned Bits and BIPS to its new dedicated channels. So if you're not yet subscribed to the new Bits and Bips channels on X, YouTube, Spotify, Apple Podcasts or wherever you get your podcasts, go there and subscribe now. For the next few weeks, we'll play segments of the full interviews on Unchained as a reminder, but for now, you'll only hear those short segments of bits and pips on Unchained. No more full episodes. You can get links to all of the dedicated channels with the full episodes at Unchained Crypto.com/bits and bips spelled B I P S. Thanks again. If you hold crypto on your phone, your biggest vulnerability isn't your wallet, it's your carrier. AT&T Verizon and T Mobile have been breached again and again, and sim swaps are still one of the easiest ways for attackers to drain accounts. That's where Kape comes in. America's privacy first mobile carrier, same premium service, but Kape rotates the identifier on Your Sim every 24 hours. Deletes your call and text metadata after a day and protects against SIM swaps with a 24 word recovery phrase that only you control. You also get two middle to end encrypted secondary numbers for banking and signups, so you stop handing your real number to every app that asks. Go to Cape Co Unchained and and use code unchained for 33% off your first six months.