The Zcash Foundation pushed out emergency upgrades this week to patch a critical bug in the Orchard shielded pool — a flaw that could have let an attacker create value without detection. No funds were lost and the total ZEC supply remained intact, the Foundation said.
The bug and the fix
The vulnerability lived in the Orchard Action circuit, a zero-knowledge system. If exploited, it could have allowed unauthorized value creation that shielded transactions would normally hide. The Foundation responded with two Zebra releases: version 4.5.3, which disabled Orchard via an emergency soft fork at block height 3,363,426, and version 5.0.0, which activated the NU6.2 hard fork at block 3,364,600 and re-enabled Orchard with a corrected circuit. Transparent and Sapling transactions were never affected.
No exploitation, but confusion on chain
The flaw was caught before anyone appears to have used it. Still, the situation caused some head-scratching. Reports that the Zcash network had stopped producing blocks were wrong — mining pools kept hashing under the new rules. What tripped up observers was that some blockchain explorers lagged behind the fork, making it look like the chain had stalled.
Price bucks broader sell-off
ZEC price rose about 5% in 24 hours to $596, defying a wider crypto market slump. Market cap sat around $9.9 billion, good for 13th place. The price strength appears tied to a rotation into privacy assets, growing institutional interest, and speculation about a ZEC ETF hitting the market.
The Foundation has urged all node operators to update to Zebra 5.0.0 to stay on the corrected chain. Next up: making sure the hard fork sticks and that the privacy-focused network keeps running smoothly.
