The Zcash Foundation disclosed Wednesday that it quietly patched a critical flaw in the privacy cryptocurrency's core transaction system, executing a rare emergency network upgrade after a security researcher uncovered a bug that could have allowed bad actors to spend funds they didn't have.
The vulnerability, discovered May 29 by independent security researcher Taylor Hornby, resided in the Orchard Action circuit—the cryptographic machinery underpinning Zcash's most advanced privacy pool. The Orchard pool, introduced in 2022, is considered the crown jewel of Zcash's privacy architecture, requiring no trusted setup and holding a significant share of circulating ZEC tokens.
Hornby disclosed the flaw to Zcash Open Development Lab (ZODL) engineers that same evening. Within hours, a team of protocol developers confirmed the issue and began a carefully orchestrated, confidential response designed to prevent exploitation before a fix could be deployed.
The coordinated repair unfolded over five days. Developers first issued an emergency soft fork—essentially a temporary rule change—that shut down Orchard transactions entirely while the patch was being finalized. Private coordination with miners and exchanges began the evening of May 31. An initial activation attempt ran into deployment snags, but a second attempt succeeded early Monday morning, halting all Orchard activity at block 3,363,426.
The permanent fix arrived Wednesday, when a full network upgrade—dubbed NU6.2—restored Orchard functionality using a corrected circuit. Such a hard fork was necessary because repairing a zero-knowledge proof system requires updating a cryptographic verifying key, a change that cannot be made through ordinary software patches.
Officials said the total supply of ZEC was never at risk. Zcash's built-in "turnstile" mechanism, which tracks value across all transaction pools, confirmed no unauthorized coins were created. There is no evidence the bug was ever exploited.
“Given the time available and the number of parties involved (the devs at ZODL and Zcash Foundation, miners, exchanges, others), this was the most ambitious network upgrade in Zcash's history,” ZODL founder Josh Swihart wrote on X.
The Foundation urged all node operators to upgrade immediately to Zebra 5.0.0, the software release that activates the corrected network rules.
Following the upgrade, block explorers appeared to show that the network hadn’t produced blocks in hours, fueling speculation of downtime. However, experts and the block explorers themselves have said that the network was running as normal, but that explorers were temporarily impacted as they upgraded their own network nodes.
“Block explorers are just readers. They pull data from a node, parse it, and display it. If the node is upgrading or resyncing, the explorer goes stale,” block explorer CipherScan wrote on X. “The chain itself kept producing blocks the entire time. Miners didn't stop. Transactions kept confirming.”
The price of Zcash (ZEC) doesn’t appear to have been impacted at all by the disclosure of the emergency upgrade, with the privacy-centric coin continuing its latest upward swing. ZEC is currently up more than 10% over the last 24 hours at a recent price near $629, pushing its 30-day rise above 53%.
ZEC is now up 1,084% over the last year, pumping last fall to a recent high of nearly $700—a price that it has come close to matching in recent weeks. Even so, ZEC remains well off its all-time peak of $3,191 set in 2016.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
