Zcash patches critical Orchard privacy flaw after private disclosure; Foundation says no evidence of stolen funds

Zcash pushed an emergency software response this week to fix a critical flaw in Orchard, the cryptocurrency’s main modern shielded transaction pool, after an independent researcher privately disclosed the bug. The Zcash Foundation said the issue was fixed before any known exploitation and that there is “no evidence of unauthorized value creation.”

The flaw was discovered by independent security researcher Taylor Hornby and privately disclosed on May 29, 2026, according to the Foundation. It described the issue as a “soundness” vulnerability in the Orchard Action circuit. In plain terms, that meant the system could accept proofs or transactions it should have rejected. “A soundness vulnerability is one that could allow the system to accept something it should reject,” the Foundation said in a June 3 post.

Zcash’s response came in two stages. First, an emergency soft fork temporarily disabled Orchard by having Zebra, one of the network’s node software implementations, reject any transaction or block containing Orchard actions. The Foundation said Zebra v4.5.3 activated that change at about 02:00 UTC on June 2, 2026, at block height 3,363,426. During that mitigation window, only Orchard actions were turned off; the Foundation said Sapling, an older shielded pool, and transparent transactions continued to operate normally.

The permanent fix arrived a day later through Zebra v5.0.0, also called the NU6.2 network upgrade, which re-enabled Orchard with a corrected circuit at mainnet block 3,364,600 on June 3, 2026. The Foundation said a full network upgrade was necessary because the verifying key tied to Orchard is part of consensus rules and could not be changed through an ordinary software patch alone. The organization described it as only the second security-driven protocol upgrade in Zcash’s history since the network launched in 2016.

The more dramatic claims around the bug require careful qualification. Third-party reporting citing Shielded Labs said Hornby demonstrated a working exploit in a local or test environment that could create counterfeit ZEC inside Orchard. But the Foundation disputed the broader implication that the flaw could inflate Zcash’s total supply on mainnet. It said exploitation could have allowed invalid state transitions within Orchard, including double-spends inside that pool, while Zcash’s “turnstile accounting” — the mechanism that tracks value moving between transparent and shielded pools — protected the network’s overall supply cap. The Foundation’s position was explicit: “The vulnerability was caught before any known exploitation occurred. There is no evidence of unauthorized value creation.”

That distinction matters because Orchard is not a peripheral feature. It is Zcash’s newest shielded pool, introduced with the NU5 network upgrade in 2022, and it sits at the center of the network’s privacy system. A proof-system flaw there is a network-integrity problem, even if no abuse is known to have occurred.

The Foundation said it began privately coordinating a response with miners, exchanges, wallet providers and node operators on May 31, two days after Hornby’s disclosure. That behind-the-scenes coordination, followed by a temporary shutdown of Orchard and a hard-fork-style fix the next day, underscored the seriousness of the issue. For users, the key point is narrower: Zcash says the flaw was contained and patched before any known exploitation, while the rest of the network’s transaction options remained available during the emergency response.