Zcash developers pulled off a rare emergency network upgrade this week after discovering a critical soundness bug in the Orchard shielded pool, the blockchain’s newest privacy layer. The vulnerability could have allowed invalid state transitions within the pool, which in plain English means someone could have theoretically created fake value out of thin air.

The Zcash Foundation confirmed no evidence of exploitation, no unauthorized token creation, and no impact on user privacy.

How the fix went down

The vulnerability was first identified on May 29 by researcher Taylor Hornby from Shielded Labs during a routine audit. What followed was a coordinated two-phase emergency response between the Zcash Open Development Lab (ZODL) and the Zcash Foundation.

Phase one landed on June 2. A temporary soft fork activated at mainnet block height 3,363,426 (around 02:00 UTC), effectively disabling all Orchard transactions network-wide.

Phase two came the next day. The NU6.2 hard fork activated at block 3,364,600 on June 3 at approximately 00:05 EDT, deploying the corrective code and restoring full Orchard functionality. The entire window from disclosure to fix spanned roughly five days.

ZODL acknowledged the network “briefly became unstable” as miners upgraded their software to Zebra version 4.5.3 during the transition.

What the bug actually was

The issue lived in the Orchard Action circuit, one of the zero-knowledge proof components that validates shielded transactions without revealing sender, receiver, or amount information. A soundness flaw in this circuit meant the proofs weren’t as airtight as they needed to be.

In a worst-case scenario, the bug could have allowed someone to construct a transaction that passed verification despite being mathematically invalid, potentially leading to the creation of ZEC tokens that shouldn’t exist.

The protocol’s “turnstile” mechanism acts as a cross-pool accounting check, ensuring that the total value entering and leaving shielded pools stays balanced. The Foundation confirmed the turnstile detected no unauthorized value creation during the period the bug was live.

For context, this isn’t Zcash’s first brush with a critical cryptographic flaw. In 2019, the team disclosed a counterfeiting vulnerability in the older Sprout shielded pool that had gone undetected for years. That bug, similarly, was never exploited.

Market reaction and investor implications

The market’s response was enthusiastic rather than panicked. ZEC surged above $620 during the upgrade window, posting gains between 5% and 14% even as the broader crypto market declined.