Micro cap with crypto treasury strategy Cypherpunk slides on discovery of 'major bug'

Shares of micro-cap Cypherpunk Technologies, which, like Strategy, has a crypto treasury strategy, almost halved on Friday. Markets were reacting to the disclosure of a critical vulnerability that could have allowed counterfeit Zcash tokens to enter circulation. Cypherpunk's treasury strategy is centered on the privacy-focused cryptocurrency.

Shares of Cypherpunk, which invests in Zcash and counts Winklevoss Capital, the investment firm of crypto billionaires Cameron and Tyler Winklevoss, among its shareholders, plunged more than 47% on Nasdaq on Friday, hitting their lowest level since March. In premarket trading on Monday, the stock recouped part of those losses, jumping 13%.

The selloff began after the Zcash blockchain project disclosed a critical four-year-old vulnerability. The flaw could have allowed malicious actors to mint counterfeit tokens undetected, tech news site Decrypt reported. The vulnerability has now been remediated, Zcash said in a post on X. There is also no evidence that anyone exploited it, Cypherpunk noted on its own X account. The company also reaffirmed its plans to continue investing in the cryptocurrency.

That did little to reassure market participants, Decrypt noted. Zcash belongs to a class of privacy-focused cryptocurrencies designed to provide users with anonymity and privacy during operations. As a result, exploitation of vulnerabilities can go completely undetected.

The vulnerability was discovered by security researcher Taylor Hornby using Anthropic’s Claude Opus 4.8 AI agent, according to BeInCrypto, an industry news site. Hornby launched the audit on May 29 and identified the flaw within a day. Notably, Anthropic had released the model just a day earlier.

BeInCrypto reports that Hornby now plans to audit Monero, another privacy-focused cryptocurrency. After that information went public, Monero’s price fell 10%.

“The Holy Trinity is dead,” Arthur Hayes, cofounder and former CEO of crypto exchange BitMEX, wrote on X. He was referring to the three leading privacy-focused cryptocurrencies: Monero, Zcash, and Dash. Hayes said he had sold his entire Zcash position after the vulnerability was disclosed, though he did not rule out buying the token again in the future.

“Some newcomers to the space, they might be a little perturbed by it, but it’s basically part of the deal,” Nic Carter, founding partner of blockchain and crypto investment firm Castle Island Ventures, told Decrypt.

Cameron Winklevoss also wrote that there will always be bugs in any system, but what matters is that specialists find them before bad actors do.