Zcash Quietly Patched a Double-Spend Bug in Its Core Privacy Pool. No Coins Were Stolen.

[security]

Zcash developers executed a secret, two-stage emergency network upgrade over five days last week to close a critical vulnerability that could have allowed bad actors to spend funds they did not own inside the protocol's flagship Orchard privacy pool. The Zcash Foundation disclosed the incident publicly on Wednesday, June 3, 2026.

The flaw was discovered May 29 by Taylor Hornby, an independent security researcher conducting an ongoing protocol audit for Shielded Labs. Hornby found a soundness bug in the Orchard Action circuit — the zero-knowledge proof machinery underpinning Zcash's most advanced shielded pool. A soundness bug means the system can be tricked into accepting invalid state transitions; in practical terms, an attacker could have double-spent funds within Orchard. Total ZEC supply was never at risk: Zcash's built-in "turnstile" mechanism, which enforces hard limits on how value moves between pools, would have blocked any attempt to create coins out of nothing.

Hornby disclosed the vulnerability to ZODL core engineers that evening. Within hours, developers Daira-Emma Hopwood, Kris Nuttycombe, and Jack Grigg confirmed it and began a coordinated, confidential response. Details were withheld from the public to limit the window for exploitation.

The fix unfolded in two steps. Private coordination with miners and exchanges began the evening of Sunday, May 31. A first soft-fork attempt encountered deployment problems; a second succeeded at approximately 02:00 UTC on Monday, June 2, activating at block 3,363,426. That change caused nodes to reject any transaction or block containing Orchard actions — effectively pausing the Orchard pool while the real fix was completed. On Wednesday, June 3, at 00:05 EDT, the full NU6.2 network upgrade activated, restoring Orchard with a corrected circuit.

A hard fork was required because repairing a zero-knowledge proof circuit means updating the cryptographic verifying key. That change cannot be made through a software patch alone — it requires every node on the network to agree to new consensus rules simultaneously.

The Zcash Foundation confirmed no exploitation occurred. There is no evidence of unauthorized coins entering circulation. ZODL founder Josh Swihart summarized the scale of the operation: "Given the time available and the number of parties involved (the devs at ZODL and Zcash Foundation, miners, exchanges, others), this was the most ambitious network upgrade in Zcash's history."

After the NU6.2 activation, block explorers briefly appeared to show the network had stalled, feeding speculation of broader downtime. Developers and block explorer operators clarified that the explorers had gone temporarily stale while upgrading their own nodes — the chain itself never stopped producing blocks.

ZEC's market reaction ran counter to what a security disclosure typically produces. The token was trading near $629 on Wednesday, up more than 10% on the day of disclosure. It has risen more than 53% over the prior 30 days and 1,084% year-on-year, per Decrypt.

Node operators running Zebra must upgrade to version 5.0.0 immediately. Operators who cannot upgrade before the NU6.2 activation height should run Zebra 4.5.3 at minimum to stay on the correct chain. Both releases are available on the Zcash Foundation's GitHub.