Zcash developers completed a two-step emergency upgrade after a severe vulnerability surfaced in the network’s Orchard shielded pool, a core privacy component that enables zero-knowledge transactions. The issue, first disclosed by Shielded Labs, exposed the protocol to a theoretical risk of unlimited counterfeit ZEC minting. The group confirmed that a fix had been deployed and stated that an actual exploit was unlikely.

Josh Swihart, founder of Zcash Open Development Lab (ZODL), outlined the response in a Sunday post on X, detailing how the team coordinated a rapid fix under strict disclosure constraints. The response relied on a soft fork followed by a hard fork, a sequence designed to neutralize risk before public disclosure of technical details.

Two-step upgrade contains risk and restores functionality

The first step introduced a soft fork that disabled Orchard transactions. Swihart wrote that the measure aimed to “mitigate the risk of an exploit without revealing the full scope of the issue before responsible disclosure.” This approach allowed developers to limit exposure while maintaining operational continuity across the network.

The second step followed with a hard fork, identified as Network Upgrade 6.2 (NU6.2), which activated on June 3. This upgrade addressed the underlying flaw and restored Orchard functionality. Zcash Core confirmed that the upgrade remediated a privately disclosed issue in the Orchard circuit tied to halo2_gadgets, a component of the network’s cryptographic system.

Orchard serves as the main shielded transaction pool in Zcash. It allows users to send and receive ZEC with full privacy through zero-knowledge proofs. The integrity of this system depends on strict validation rules that ensure only legitimate transactions enter the blockchain.

Internal coordination and time pressure shaped response

Swihart described the early hours of the incident in detail.

“At exactly 10 am Eastern Time last Saturday, I received a Signal call from Daira-Emma, the head of ZODL protocol R&D. An issue had been discovered, and I would need to be read in,” he wrote.

Within minutes, a small group of core engineers gathered on a secure call to review the vulnerability and define a response plan.

A security researcher named Taylor disclosed the flaw to a limited group of cryptography specialists. By the time Swihart joined the call, a fix already existed. The team agreed on a two-step rollout that prioritized containment.

The soft fork required coordination with mining pools and infrastructure operators. Swihart noted that the initial timeline proved too optimistic. Deployment delays and validation checks extended the process beyond the intended window. The network experienced a 25-block reorganization before the patched chain established dominance.

“It wasn’t until after 2:00 a.m. Eastern Time… that we confirmed the soft fork was the winning chain,” Swihart wrote. The team announced the update immediately after confirmation.

Mining pools and exchanges demand verification

Mining pools and exchanges requested independent code reviews before applying patches. Swihart stated that teams needed assurance that the update did not introduce new risks.

“Even with fresh relationships, the pools and later exchanges wanted to review the code and compile for themselves,” he wrote.

ViaBTC and Foundry played key roles during the upgrade. Swihart credited both groups for round-the-clock coordination during deployment. The hard fork that followed the soft fork benefited from extended preparation time. Developers increased the activation window after feedback from mining pools.

The hard fork activated at 00:05 Eastern Time on June 3, about 24 hours after the soft fork. Swihart described the rollout as smoother than the initial phase despite fatigue across the team.

Market reaction triggers sharp drop and partial recovery

The vulnerability disclosure triggered a sharp market reaction. ZEC fell more than 50%, dropping from around $630 to approximately $303. Traders questioned the long-term reliability of the protocol’s privacy infrastructure.

Arthur Hayes, co-founder of BitMEX, announced that he had liquidated his entire ZEC position after the disclosure. His move reflected broader uncertainty among investors who had backed Zcash for its zero-knowledge capabilities.

ZEC has since recovered part of its losses. The token rose to $433, according to TradingView data. This marks a 41.5% rebound from the June 5 low.

Developers emphasize resilience and future upgrades

Swihart framed the incident as a stress test for Zcash’s response systems.

“We resolved the issue, battle-tested our incident support processes, built stronger relationships with others who support the network, tested our own resilience, and unified as a community of builders to agree on a path forward,” he wrote.

The team has also aligned on future improvements, including the proposed Ironwood shielded pool. This initiative follows recommendations from Shielded Labs and aims to strengthen long-term protocol security.

ZODL continues work across mobile infrastructure and core systems. Recent updates include multiple wallet releases, server optimizations, and expanded analytics tracking across Android and iOS platforms. On the protocol side, developers plan further accelerated upgrades and continued collaboration with ecosystem partners.

The incident exposed a critical risk but also demonstrated the network’s capacity for rapid coordination under pressure. Zcash now moves forward with a revised roadmap that reflects lessons from one of the most consequential upgrades in its history.

Worldcoin Rally Gains Traction as AI IPO Wave Sharpens Focus | HODL FM NEWS
The price of Worldcoin rises sharply as AI IPO momentum, whale activity, and token supply changes drive renewed investor demand for WLD in crypto markets.
hodl-post-imageHODL FM News: The Wildest Ride in the Crypto MarketGunel Ismayilova
hodl-post-image

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that, despite the nature of much of the material created and hosted on this website, HODL FM operates as a media and informational platform, not a provider of financial advisory services. The opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice, HODL FM strongly recommends contacting a qualified industry professional.