Zcash has restored Orchard, its latest shielded pool, after an emergency two-stage protocol response to a critical zero-knowledge circuit vulnerability. The Zcash Foundation and Zcash Open Development Lab said the issue was discovered through responsible security research, remediated through coordinated soft- and hard-fork upgrades, and resolved without evidence of exploitation, supply inflation, or privacy compromise.
Zcash Restores Orchard After Critical Circuit Bug
The Zcash Foundation released Zebra 4.5.3 and Zebra 5.0.0 on June 3, describing the updates as a coordinated response to a critical soundness bug in the Orchard Action circuit. The first release temporarily disabled Orchard actions through an emergency soft fork, while the second activated the NU6.2 network upgrade and re-enabled Orchard with a corrected circuit.
“We have recently released Zebra 4.5.3 and Zebra 5.0.0. These two releases work together to address a critical bug in the Orchard Action circuit: 4.5.3 implemented an emergency soft fork that temporarily disabled Orchard actions while the fix was being prepared, and 5.0.0 activated NU6.2, which re-enables Orchard using the corrected circuit. We strongly urge all node operators to upgrade to Zebra 5.0.0 as soon as possible, or to 4.5.3 if you are unable to upgrade to 5.0.0 before the NU6.2 activation height.”
The vulnerability was found on May 29 by Taylor Hornby, an independent security researcher and former Electric Coin Company security engineer conducting an Orchard protocol audit for Shielded Labs. ZODL core engineers Daira-Emma Hopwood, Kris Nuttycombe, and Jack Grigg confirmed the issue within hours and began evaluating remediation options. ZODL later said CEO Josh Swihart began coordinating the ecosystem response after engineers identified a path forward.
Technically, the bug affected the implementation of the Orchard zero-knowledge proof circuit in the halo2_gadgets crate. ZODL said the flaw involved the incomplete double-and-add loop in ecc::chip::mul, where a prover could cause the gadget to operate against a free constant rather than the intended base. Successful exploitation could have allowed invalid state transitions and potential double-spending within Orchard, but the turnstile mechanism prevented total ZEC supply inflation.
Emergency Upgrade Reopens Shielded ZEC Transfers
The emergency response unfolded in two phases. A soft fork activated at mainnet block height 3,363,426 at approximately 02:00 UTC on June 2, temporarily rejecting transactions and blocks containing Orchard actions. NU6.2 then activated at mainnet block height 3,364,600 on June 3, restoring Orchard using the corrected circuit and a new pinned verifying key.
“There is no evidence that the vulnerability was exploited. User funds remained safe throughout the rollout. The issue did not affect the privacy of funds held in any Zcash pool, and no impact to the total ZEC supply has been detected.”
The Zcash Foundation said Sapling and transparent transactions continued operating normally during the incident, while Orchard was suspended for roughly 24 hours. ZODL also said ZEC held on exchanges was unaffected and tradable throughout the rollout. Fixed releases include zebrad v5.0.0, zcashd v6.20.0, and updated versions of halo2_gadgets, orchard, zcash_primitives, and ZODL-maintained mobile wallet SDKs.
Zodl v3.5.1 is now available on the App Store for iOS and on GitHub for Android. Google Play is currently reviewing the update and should release it shortly.
With the Zcash network upgrade complete, updated wallet software is required to spend Orchard funds under the new… https://t.co/xuIGBOjQPK
— Zodl (fka Zashi) (@zodl_app) June 3, 2026
Rumors circulated on X that Zcash had stopped producing blocks, but Mert Mumtaz, CEO of Helius, said those claims were inaccurate and attributed some confusion to explorer applications connected to a bad node. ZODL also released Zodl v3.5.1 for iOS and Android via GitHub, noting that updated wallet software is required to spend Orchard funds under the new consensus rules.
“The network is not down. A few explorer apps are connected to a bad node, so the explorers are false. Network is fully functional.”
The Orchard remediation marks the second security-driven protocol upgrade in Zcash history since the network launched in 2016. The response required coordination among ZODL, the Zcash Foundation, miners, node operators, wallet providers, exchanges, infrastructure teams, and independent researchers, with Orchard transactions now restored under the NU6.2 consensus rules.
AI Transparency Note: This article was prepared with the assistance of an AI system based on the sources listed and was reviewed, edited, and approved by a human editor before publication. All quotes, data points, and factual claims are intended to be grounded in the cited source material; however, errors cannot be ruled out entirely.