The Zcash Orchard vulnerability has been successfully remediated, with transactions in the network’s latest shielded pool re-enabled after a coordinated security upgrade across developers, miners, exchanges, node operators, wallet providers and infrastructure teams.
The issue affected Orchard, Zcash’s newest shielded pool. User funds remained safe throughout the response, privacy was not affected, and no unauthorized value creation has been detected. Sapling and transparent Zcash transactions continued operating during the rollout, while ZEC held on exchanges remained tradable.
The fix took place in two stages. The first stage was a soft fork that temporarily disabled Orchard by blocking the creation of new Orchard outputs and the spending of existing Orchard funds. That step limited disclosure risk because a direct patch could have revealed too much about the vulnerability before the network was protected.
The second stage was a hard-fork network upgrade that updated the zero-knowledge proof circuit and fully restored Orchard functionality. Zcash Open Development Lab said Orchard transactions were suspended for about 24 hours during the rollout.
Soundness Bug Could Have Affected Orchard Accounting
The issue was a soundness vulnerability in the Orchard shielded pool. In Zcash, soundness means the protocol should only accept valid transactions and valid state changes. A soundness bug can allow the system to accept something it should reject.
In this case, successful exploitation could have allowed invalid state transitions inside Orchard, potentially affecting accounting guarantees for the pool. ZODL said the bug involved the implementation of the Orchard zero-knowledge proof circuit in the halo2_gadgets crate. The affected components included older versions of halo2_gadgets, orchard, zcash_primitives, zcashd and zebrad.
No evidence of exploitation was found. Zcash’s turnstile mechanism, which tracks balances across value pools such as Sprout, Sapling, Orchard, transparent and lockbox, helped confirm that the total ZEC supply remained intact.
The incident followed the earlier temporary Orchard suspension, when Zcash participants paused Orchard activity while the security-focused protocol update rolled out.
Researcher Found Bug During Ongoing Audit
The vulnerability was discovered on May 29 by independent security researcher Taylor Hornby during ongoing Orchard security audit work supported by Shielded Labs. ZODL engineers confirmed the issue within hours and began coordinating a response with independent participants across the ecosystem.
Private coordination with miners and exchanges began on May 31. Updated software was distributed on June 1, followed by the soft-fork activation. A second patch was needed after the first activation attempt ran into coordination issues, and the soft fork activated roughly two hours later than planned. The hard-fork upgrade completed successfully at 00:10 EDT on June 3.
ZODL described the event as the second security-driven protocol upgrade in Zcash history since launch in 2016. The case is also a reminder that privacy protocols can require fast, coordinated action without becoming centralized systems. No single organization could complete the fix alone because the vulnerability required a consensus change.
Zcash’s security response now becomes part of the wider privacy-coin story. The network has already been drawing attention for its quantum-resistance roadmap and rising shielded supply. The Orchard incident adds a more immediate test: whether the ecosystem can discover, disclose, patch and coordinate under pressure without losing funds, privacy or supply integrity.
The outcome was clean on the facts that matter most. Orchard is back online. User funds remained safe. Privacy was unaffected. The 21 million ZEC supply cap remains intact. The vulnerability was found by audit work, contained through a temporary suspension and resolved through a protocol upgrade before any known exploitation.
Be the first to comment