Zcash fixes Orchard privacy bug with emergency upgrade

Zcash developers halted Orchard shielded-pool transactions after an independent researcher found a vulnerability in the pool’s zero-knowledge proof circuit. The protocol was restored through an emergency, two-step network upgrade, and developers report no evidence the flaw was exploited.

The issue was discovered on May 29 by security researcher Taylor Hornby during an audit for Shielded Labs and disclosed to core engineers at the Zcash Open Development Lab (ZODL). ZODL engineers confirmed the vulnerability and prepared a remediation that was deployed the following week.

The fix proceeded in two stages. The first release, Zebra 4.5.3, temporarily disabled Orchard actions to stop further shielded transactions. The second release, Zebra 5.0.0, activated the NU6.2 network upgrade to bring Orchard back online with a corrected proof circuit.

Developers said the bug could have allowed invalid state transitions inside the shielded pool, a risk to consensus integrity rather than a simple wallet error. The Zcash Foundation reported no unauthorized value creation and no impact to user privacy. Restoring correct consensus rules required miners, exchanges and node operators to upgrade and converge on the amended software.

The upgrade caused a short period of instability as nodes updated. A ZODL-affiliated contributor, Tatyana, described the incident as “a brief period of instability” and reported that network stability was fully restored by about 3:00 a.m. Eastern on June 2. Some users saw inconsistent block timestamps during the transition; one explorer showed block 3,364,601 but listed its timestamp several hours earlier, which prompted reports that the network was down.

Responses from the community differed. Helius CEO Mert Mumtaz disputed claims the network was offline, writing that it was “not down” and attributing some reports to explorer apps connected to out-of-sync nodes. A pseudonymous participant, Zerodarts, noted that “blocks are being mined” and urged services to update their nodes. Another community member, Railgoon, described a deliberate temporary freeze of Orchard by miners and developers to apply the patch before the hard fork and called the network “partially intentionally down” during the remediation.

The incident had a brief market effect. Market data showed Zcash’s ZEC fell to $599 from a daily high of $637, then recovered to about $614 by the time of reporting.

The vulnerability was found during an ongoing audit and remedied through coordinated action by core engineers and node operators. Developers say normal operation and Orchard shielded transactions have resumed with the corrected proof circuit in place.