news

Zcash Restores Orchard After Emergency Upgrade Fixes Critical Vulnerability

Nidhi Saini
Published: June 3, 2026
(Updated: June 4, 2026)
6 min read
Zcash Restores Orchard After Emergency Upgrade Fixes Critical Vulnerability

STAY UPDATED WITH COTI

Follow COTI across social media platforms to get the latest news, updates and community discussions.

X IconFollow on XTelegram IconJoin Telegram
Make us preferred on Google

Summary:

  • Zcash developers temporarily disabled Orchard transactions after discovering a critical vulnerability in the network's newest shielded pool.
  • The issue affected Orchard's zero-knowledge proof circuit and could have allowed invalid state transitions.
  • The Zcash Foundation said there is no evidence the bug was exploited and no unauthorized creation of ZEC occurred.
  • A two-step emergency upgrade successfully patched the vulnerability and restored Orchard functionality.
  • The incident briefly caused network instability as miners upgraded, but normal operations have since resumed.

Privacy-focused cryptocurrency Zcash has successfully completed an emergency network upgrade after developers discovered a critical vulnerability in Orchard, the blockchain's latest shielded transaction pool. The issue prompted developers to temporarily suspend Orchard-related transactions while a fix was prepared and deployed across the network. Although the vulnerability was considered serious, ecosystem participants emphasized that there is no evidence it was ever exploited and that user funds remained safe throughout the process. In a detailed post published in June 3, the Zcash Foundation explained that the flaw affected Orchard's zero-knowledge proof circuit, a core component responsible for validating shielded transactions while preserving privacy. According to the Foundation, the vulnerability could have allowed invalid state transitions within the Orchard pool if abused.  However, the organization stressed that investigators found no signs of unauthorized value creation and no indication that the flaw had been used by attackers. Most importantly for users, privacy protections remained intact. The Foundation stated that "There is no evidence of unauthorized value creation." It also confirmed that Zcash's supply verification system continued to show that the network's total ZEC supply remained unchanged during the incident.

Source

The discovery highlights an ongoing reality for blockchain networks. Even mature protocols with years of operational history must regularly audit and update complex cryptographic systems as new vulnerabilities are identified. For Zcash, whose primary value proposition centers on privacy-preserving transactions, maintaining the integrity of these systems is particularly important.

How the Vulnerability Was Discovered and Fixed

The issue was first identified on May 29 by independent security researcher Taylor Hornby during an ongoing protocol audit conducted on behalf of Shielded Labs. According to the Zcash Foundation, Hornby responsibly disclosed the vulnerability to engineers at the Zcash Open Development Lab (ZODL) on the same evening it was discovered. Within hours, core engineers reviewed the findings and confirmed that the issue was legitimate. What followed was several days of private coordination involving developers, infrastructure providers, miners, exchanges, and other ecosystem participants. Details of the flaw were intentionally kept confidential while a solution was prepared in order to reduce the risk of exploitation before the network could be upgraded.

The response was carried out in two stages. The first step involved the release of Zebra 4.5.3, which temporarily disabled Orchard actions across the network. This acted as an emergency safeguard while developers finalized a permanent solution. Private coordination with miners and exchanges began on May 31. An initial activation attempt encountered deployment challenges, requiring engineers to prepare a second patch and target a new activation block. The Foundation explained:

"A first soft-fork activation attempt encountered coordination challenges during patch deployment; ZODL engineers quickly produced a second patch targeting block height 3,363,426, which successfully activated at approximately 02:00 UTC on June 2." Source

The temporary soft fork prevented any transactions containing Orchard actions from being accepted by the network. The second stage arrived shortly afterward. On June 3, the NU6.2 hard fork upgrade activated successfully, restoring Orchard functionality while incorporating a corrected version of the affected proof circuit. According to the Foundation, this marks only the second security-driven protocol upgrade in Zcash's history since the project launched in 2016. That fact alone underscores both the seriousness of the vulnerability and the relatively rare nature of such emergency interventions within the network.

READ MORE: Coinbase Returns to India With Direct Rupee Transfers After Regulatory Approval

Brief Network Disruptions Highlight Challenges of Coordinated Blockchain Upgrades

While the upgrade process was ultimately successful, it was not entirely seamless. As miners and node operators worked to adopt the new consensus rules, parts of the network experienced temporary instability. The disruption led to confusion among some community members after certain blockchain explorers appeared to show delayed block production. Reports quickly circulated on social media suggesting the network had stopped producing blocks altogether. One widely referenced explorer displayed block 3,364,601 as the latest mined block while showing inconsistent timestamps, leading some users to believe the chain had stalled. ZODL-affiliated contributor Tatyana later addressed those concerns in a community forum update. According to the post, the network encountered: "a brief period of instability" as miners upgraded and synchronized around the revised consensus rules.

The issue was temporary, and normal operations resumed after participants completed the upgrade process. By approximately 3:00 a.m. Eastern Time on June 2, the network had stabilized and block production returned to normal. Notably, the disruption affected only Orchard-related functionality. Other parts of the network continued operating throughout the incident. The Foundation confirmed that Sapling shielded transactions and transparent transactions remained functional from start to finish. That distinction is important because it demonstrates how the vulnerability was isolated to a specific subsystem rather than affecting the broader blockchain. The event also serves as a reminder of the operational challenges involved in maintaining decentralized networks. Unlike traditional software systems controlled by a single company, blockchain upgrades require coordination among independent participants spread across different organizations and jurisdictions. Even when a fix is available, achieving network-wide adoption can take time. Market participants appeared to react cautiously to the news. According to CoinGecko data, ZEC briefly fell from an intraday high of approximately $637 to just below $600 during the period of uncertainty. The token later recovered part of those losses and traded around $614 after the successful completion of the upgrade.

While price movements often accompany security-related headlines, the broader outcome was largely viewed as positive within the community. The vulnerability was identified through proactive auditing before any known exploitation occurred. Developers coordinated a fix, deployed emergency upgrades, and restored full functionality without impacting user privacy or altering the network's monetary supply. For a privacy-focused blockchain built on complex cryptographic technology, that outcome matters. The incident may not have resulted in financial losses, but it offered a real-world test of how the Zcash ecosystem responds under pressure. In this case, researchers, developers, miners, exchanges, and infrastructure providers worked together to resolve a potentially serious issue before it could affect users. As blockchain networks continue to evolve and adopt increasingly sophisticated privacy features, audits and coordinated security responses will remain an essential part of maintaining trust. For now, Orchard is back online, the vulnerability has been patched, and Zcash's developers say the network remains secure.

READ MORE: US Seized Nearly $1 Billion in Iranian Crypto, Treasury Secretary Says

Related Topics

#Zcash#Zcash Update#Orchard

About the Project

Altcoins

About the Author

Nidhi Saini

Nidhi Saini

Nidhi Saini is a writer and co-founder of CotiNews, with over four years of experience working in Web3 marketing. She brings a practitioner’s perspective to her writing, shaped by years spent understanding how blockchain products are positioned, communicated, and adopted. As a co-founder, she is also involved in shaping the platform’s editorial direction, ensuring the publication stays thoughtful, credible, and grounded.

View all articles

Disclaimer

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official stance of CotiNews or the COTI ecosystem. All content published on CotiNews is for informational and educational purposes only and should not be construed as financial, investment, legal, or technological advice. CotiNews is an independent publication and is not affiliated with coti.io, coti.foundation or its team. While we strive for accuracy, we do not guarantee the completeness or reliability of the information presented. Readers are strongly encouraged to do their own research (DYOR) before making any decisions based on the content provided. For corrections, feedback, or content takedown requests, please reach out to us at

contact@coti.news

Stay Ahead of the Chain

Subscribe to the CotiNews newsletter for weekly updates on COTI V2, ecosystem developments, builder insights, and deep dives into privacy tech and industry.
No spam. Just the alpha straight to your inbox.

We care about the protection of your data. Read our Privacy Policy.