coin-img-ETHETH-5.20%coin-img-BTCBTC-2.72%coin-img-SOLSOL-5.86%coin-img-XRPXRP-1.97%coin-img-USDCUSDC-0.03%coin-img-HYPEHYPE-0.16%coin-img-NEARNEAR+9.67%coin-img-SUISUI-2.50%coin-img-ETHETH-5.20%coin-img-BTCBTC-2.72%coin-img-SOLSOL-5.86%coin-img-XRPXRP-1.97%coin-img-USDCUSDC-0.03%coin-img-HYPEHYPE-0.16%coin-img-NEARNEAR+9.67%coin-img-SUISUI-2.50%coin-img-ETHETH-5.20%coin-img-BTCBTC-2.72%coin-img-SOLSOL-5.86%coin-img-XRPXRP-1.97%coin-img-USDCUSDC-0.03%coin-img-HYPEHYPE-0.16%coin-img-NEARNEAR+9.67%coin-img-SUISUI-2.50%coin-img-ETHETH-5.20%coin-img-BTCBTC-2.72%coin-img-SOLSOL-5.86%coin-img-XRPXRP-1.97%coin-img-USDCUSDC-0.03%coin-img-HYPEHYPE-0.16%coin-img-NEARNEAR+9.67%coin-img-SUISUI-2.50%

Zcash Patches Critical Orchard Flaw, Re-enables Shielded Transactions

Zcash developers moved unusually fast this week: after identifying a critical vulnerability, they paused the affected functionality, shipped a fix, and restored normal operations in under a week. There is no indication of an exploit, no reported loss of funds, and no privacy breach. The issue was found May 29 by independent researcher Taylor Hornby during an audit. It impacted the zero-knowledge proof circuit used by Zcash's Orchard shielded pool. In practical terms, the flaw could have let an attacker generate proofs that looked valid inside the pool, potentially enabling limited double-spending. The Zcash Foundation said it has seen no evidence the vulnerability was ever abused. Two-step response: soft fork, then hard fork Zcash rolled out mitigation in two phases. An emergency soft fork at block height 3,363,426 effectively disabled Orchard transactions beginning around June 12. The permanent fix followed with a hard fork upgrade, NU6.2, which activated June 3 at 00:05 EDT around block 3,364,600. NU6.2 deployed an updated proof circuit that addressed the bug and restored full Orchard functionality. The upgrade came with a brief operational disruption. The Zcash Open Development Lab (ZODL) reported short-lived network instability as miners transitioned to the new release. Block production paused for more than four hours on June 3 while mining infrastructure caught up. Despite the interruption, the post-upgrade outcome was clean. No unauthorized value creation was detected, and user privacy remained intact. After the network stabilized, Zcash's shielded supply topped 4 million ZEC. Why it matters Zero-knowledge proofs underpin Zcash's privacy model, allowing transactions to be validated without revealing sender, recipient, or amount. Orchard, launched in 2022, is the newest and most advanced version of Zcash's shielded pool. A soundness failure in a zero-knowledge circuit is among the most severe classes of cryptographic bugs. Soundness ensures a proof cannot convincingly attest to something false. If that property breaks, an attacker could theoretically mint coins or spend the same coins twice while the network accepts the proof as valid. This is only the second security-driven protocol upgrade in Zcash's history, highlighting the rarity and seriousness of the incident. ZODL coordinated the response with the Zcash Foundation, with the core technical changes centered on the Rust-based Zebra client. Market reaction ZEC rose roughly 5% to 14% in the hours following the emergency disclosure, even as the broader crypto market remained volatile. The four-hour block-production pause imposed real costs, especially for time-sensitive activity. Still, compared with the potential fallout from a critical zero-knowledge proof vulnerability, a few hours of downtime was a relatively contained outcome.
Selected
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.