A soundness vulnerability in Zcash's Orchard shielded pool theoretically allowed double-spending and silent supply inflation. The fix required two coordinated protocol upgrades executed within five days, with no exploitation confirmed and total ZEC supply intact throughout.

Key Takeaways

• On-Chain Footprint: Orchard pool frozen for roughly 24 hours via soft fork.

• Historical Parallel: Only Zcash’s second emergency protocol upgrade since 2016.

• Macro Overlap: ZEC gained 7% while broader crypto market declined.

• Systemic Milestone: No unauthorized ZEC was created despite the flaw.

To understand the severity of what Zcash patched this week, it helps to understand what zero-knowledge proofs are supposed to guarantee. In Zcash’s shielded pools, transactions are validated cryptographically without revealing sender, receiver, or amount.

The system accepts a transaction only if its zero-knowledge proof is valid, meaning the underlying math confirms the transaction is legitimate without exposing any of its contents. Soundness is the property that makes this work: a sound system only accepts proofs for true statements. A soundness bug breaks that guarantee.

The vulnerability discovered by independent security researcher Taylor Hornby on May 29 was precisely this kind of flaw, located in the Orchard Action circuit, the cryptographic component at the core of Zcash’s newest and most advanced shielded pool.

In practical terms, a successful exploit could have allowed an attacker to submit transactions that the network would accept as valid despite containing invalid state transitions. That opens two attack vectors: double-spending funds within the Orchard pool, and silently minting unauthorized ZEC out of thin air within the shielded environment.

Zebra 4.5.3 and 5.0.0: Emergency Soft Fork and NU6.2 Activation

? Zebra 5.0.0 is out – all node operators should upgrade now.

⚡ NU6.2 activated, re-enabling Orchard with a corrected circuit.

? Total ZEC supply confirmed intact throughout.

Read the full update:…

— Zcash Foundation ?️ (@ZcashFoundation) June 3, 2026

The second vector is particularly significant for a privacy coin. Because Orchard transactions are encrypted by design, inflated balances created through a soundness exploit would be invisible to external observers. There would be no on-chain footprint to detect. The attack could theoretically run unnoticed until the counterfeit ZEC attempted to cross into a transparent pool, at which point Zcash’s turnstile mechanism, which tracks total value across all pools and enforces supply invariants, would flag the discrepancy. That backstop existed, but it would have caught the damage after the fact rather than preventing it.

The Response: Two Upgrades, Five Days

Hornby disclosed the vulnerability to ZODL engineers on the evening of May 29. Within hours, engineers Daira-Emma Hopwood, Kris Nuttycombe, and Jack Grigg confirmed the issue and began coordinating a response. The challenge was significant: fixing a zero-knowledge proof circuit requires updating the verifying key, a change that cannot be deployed through a standard software patch. A full protocol upgrade was unavoidable.

The response came in two stages. The first priority was containing the vulnerability before the fix was ready. On June 2, Zebra 4.5.3 executed an emergency soft fork at mainnet block height 3,363,426, rejecting any block containing Orchard actions. This effectively froze the vulnerable pool, removing the attack surface while the circuit fix was finalized. Nodes running 4.5.3 were configured not to penalize peers still relaying Orchard-containing data, preserving network connectivity during the transition window.

The permanent fix followed on June 3. Zebra 5.0.0 activated the NU6.2 hard fork at block height 3,364,600, deploying the corrected Orchard Action circuit and re-enabling the pool. The hard fork routed Orchard proofs to a per-circuit verifying key structure, permanently closing the vulnerability the soft fork had temporarily contained. NU6.2 activated at 00:05 EDT on June 3, marking only the second security-driven protocol upgrade in Zcash’s history since its 2016 launch.

The Outcome: Supply Intact, Privacy Preserved

Zcash’s turnstile mechanism confirmed throughout the incident that total ZEC supply remained unchanged and no unauthorized value was created. User privacy was not compromised at any point. Sapling transactions and transparent addresses continued operating normally while Orchard was frozen, meaning the practical impact on users was limited to a temporary suspension of Orchard-specific functionality.

ZEC is trading at $607 at the time of writing, up 7% on the day, in a session where BTC fell 2% and ETH fell 3%. A vulnerability discovered, contained, and permanently patched within five days, with no exploitation and no supply impact, is a materially different outcome than the same flaw going undetected or being exploited before disclosure.

The coordinated response between an independent researcher, protocol engineers, miners, exchanges, and node operators is what made that outcome possible.