Zcash fixes Orchard bug after emergency network upgrade
Zcash temporarily disabled Orchard transactions after discovering a critical vulnerability in its latest shielded pool, then restored them through an emergency network upgrade. The flaw affected Orchard’s zero-knowledge proof circuit and could have allowed invalid state transitions, but there was no evidence of exploitation, unauthorized value creation, or privacy compromise. The fix used a two-step rollout: Zebra 4.5.3 disabled Orchard actions, and Zebra 5.0.0 activated NU6.2 to re-enable Orchard with a corrected circuit. The coordinated response required miners, exchanges, and node operators to upgrade, and it briefly caused confusion across the ecosystem as some explorers showed stale or inconsistent block data. The issue was found on May 29 by security researcher Taylor Hornby during a protocol audit. Some community members said the network was not down, only partially disrupted or affected by bad nodes and delayed explorer updates. ZEC briefly dipped from a daily high of $637 to $599 before recovering.
