BlockThreat - Week 23, 2026
$3.6M stolen across 14 incidents and a reminder that even the hardest bugs are no longer staying buried for long.
We are starting the month with the same persistent noise of exploits. For months now, the incident count has remained consistently high and multi-million dollar losses have become routine. The more concerning signal is where many of the serious bugs are showing up: exotic protocols, bridges, proof systems, privacy pools, and other high-complexity infrastructure where one missed invariant can turn into an existential crisis. So let’s learn from one such dodged bullet this week and prepare for the next major incident.
Zcash’s Orchard Infinite Minting
Zcash patched a critical infinite mint vulnerability in its Orchard shielded pool after security researcher Taylor Hornby responsibly disclosed the bug. The flaw had reportedly been present since Orchard’s activation in May 2022 and was mitigated through a coordinated emergency response across the Zcash ecosystem.
This is the kind of vulnerability that has threatened or killed whole chains in the past. For context, infinite minting bugs have been showing up with uncomfortable regularity this year:
04/25/2026 - LiteCoin’s MimbleWimble Infinite Minting Hack #2 ($9M)
03/17/2026 - LiteCoin’s MimbleWimble Infinite Minting Hack #1 ($5M)
01/21/2026 - SagaEVM Infinite Minting Hack ($7M)
12/27/2025 - Flow Infinite Mint Hack ($3.9M)
The especially difficult part with ZK vulnerabilities is what remains unknowable after the fix. In a transparent system, investigators can track asset movements and gauge blast radius. In a shielded system, there may be no purely cryptographic way to prove that vulnerability was exploited and to what degree. This leaves the whole ecosystem with an uncomfortable question of whether the chain can ever be trusted again.
Bug Bounties Are NOT Optional
The timing around Zcash’s Orchard vulnerability should make protocol teams uncomfortable. On May 26 Zcash closed its bug bounty program citing the growing burden of AI slop reports. The responsible disclosure process remained open, but the paid incentive layer was removed. Three days later, Taylor Hornby disclosed a chain-killer bug during a paid audit.
The AI slop problem is real. Maintainers are drowning in speculative, duplicated, and hallucinated reports. But closing a bounty program does not make the vulnerabilities disappear. It changes the incentives around who looks, who reports, and how quickly a project learns about a critical issue before it is exploited.
For high-value chains and protocols, “bug bounties are too hard” is not a security strategy. Better triage, higher proof requirements, severity-gated rewards, trusted researcher tracks, and using the same AI systems to filter low-quality submissions are the kinds of changes that may save a project one day. The answer is not to close the door. The answer is to make the door harder to abuse and easier for real researchers to use.
From New Frontier to Critical
As I have mentioned before, AI bug hunting tools do not change the game as much as they change the timeline. Opus 4.8 was released on May 28. A day later, Taylor Hornby disclosed the critical vulnerability in Zcash.
That does not mean AI alone one-shotted the exploit. The important detail is that a more capable frontier model was paired with an expert researcher and an dedicated security harness. That combination compresses the time needed to revisit old assumptions, test new paths, and discover bugs that may have survived previous review.
Security audits have always been an economic approximation. We pay X expert auditors for Y hours and accept that their review reduces risk, not that it proves the absence of bugs. Everyone in security understands that the same auditors might find more critical vulnerabilities if they had more time, better tooling, or a narrower target. Audits are balancing acts between cost, time, and the level of assurance a project is willing to accept.
AI-assisted bug hunting adds a new dimension to that calculation. Every major frontier model release and every meaningful improvement in a security tooling can reset what a skilled attacker can discover within a fixed amount of time and token spend. A codebase that survived last month’s review may not have the same margin once a stronger model is dropped into a better loop.
Full Disclosure is Coming Back
The V12 (Zellic) and ThorChain dispute is another warning sign. V12 said it reported a critical bug to THORChain, which also just recently retired its bug bounty program and was hacked shortly after. According to V12, ThorChain silently patched the issue and then told the researchers that the bounty program was permanently retired. V12 responded by saying it had additional THORChain critical bugs and went full disclosure by sharing them with the public.
That should feel familiar to anyone who remembers the older fights between researchers and vendors in traditional security. Full disclosure became the pressure valve when researchers believed vendors were ignoring reports, slow-walking fixes, threatening researchers, or benefiting from free labor while refusing to engage with the security community. It was messy and dangerous, but it emerged from nonexistent trust in the early days of security.
We are now seeing signs of that same pattern returning. Microsoft’s recent fight with the Nightmare Eclipse / Chaotic Eclipse researcher is a good traditional security example with public 0day drops, vendor escalation, legal threats, community backlash, and an eventual partial walkback. The same old researcher/vendor conflict never really disappeared. It was only suppressed by better disclosure programs, legal safe harbors, bug bounties, and mutual trust we worked for years to build.
The problem is that full disclosure in Web3 has a very different blast radius. In traditional software, a public exploit may lead to a few hacked systems, emergency patching, and painful incident response. In Web3, a public exploit against a live protocol can mean immediate theft of real money by whoever weaponizes it first and gets the transaction onchain. There is no patch Tuesday, no endpoint agent rollout, no reliable way to claw back funds, and often no time for users to protect themselves except to quickly withdraw liquidity.
That makes the collapse of disclosure relationships especially dangerous. Bug bounty programs are getting shut down because teams are drowning in AI slop. Researchers are getting frustrated when high-severity work is patched without meaningful engagement or compensation. Attackers are getting faster with the time from vulnerability discovery to weaponized exploit is measured in hours.
This is the crisis line. If projects close bounty programs, treat researchers as adversaries, and rely on silent patches while researchers move back toward public disclosure, the next phase of Web3 security may look less like coordinated vulnerability disclosure and more like a public race to the mempool. Whoever understands the bug first gets paid. Everyone else gets the post-mortem.
Bring BlockThreat Inside Your Security Program
See the threats that matter to your stack before they become your incident.
BlockThreat Enterprise gives security teams organization-specific threat intelligence reports, monthly briefings, priority access, and optional tailored feeds based on the exploits, threat actors, techniques, and trends I track every day across Web3.
Trusted by teams behind major L1s, DeFi protocols, staking infrastructure, wallets, and security organizations responsible for billions of dollars in assets.
Use BlockThreat Enterprise to see around corners, understand what is coming for your stack, and prepare your team before emerging risks turn into active exploits.
Subscribe to BlockThreat Enterprise - $2,000/month
Limited availability: Enterprise subscriptions include direct engagement and tailored reporting, so only a small number of teams can be supported.
The research section is especially strong this week. From details of Zcash’s money-printing bug, ThorChain criticals, Starknet oracle failure, a Bitcoin L2 bug to the latest in Solana security research, post-quantum Ethereum signatures, AI-assisted bug hunting and a growing pile of tools for EVM, SVM, and agentic security workflows. The Hacks section includes detailed writeups, root cause analysis, and other indicators for all of the 14 incidents last week.
Let’s dive into the news!