Zcash has successfully executed an emergency hard fork to permanently close a critical vulnerability in its Orchard privacy pool that could have allowed attackers to double‑spend shielded funds. The upgrade, designated NU 6.2, was deployed just five days after independent security researcher Taylor Hornby reported the flaw on May 29, making it one of the fastest protocol‑level responses in the network’s history.
The vulnerability resided in the zero‑knowledge proof circuit that underpins the Orchard pool. A bug in the circuit’s soundness meant a malicious actor could create valid proofs for spending the same coins multiple times—a classic double‑spend that would have undermined Zcash’s core promise of private, secure digital cash. Upon confirmation, the Zcash development team immediately suspended the Orchard pool to prevent any exploitation, leaving only the Sapling and transparent transaction layers available.
The Zcash Foundation concurrently released Zebra 4.5.3 and Zebra 5.0.0 node software. Zebra 4.5.3 implemented an emergency soft fork that rejected any blocks containing Orchard actions, effective at mainnet block height 3,363,426. This measure bought time while the corrected circuit was prepared. On May 31, the foundation began private coordination with miners and exchanges to ensure a smooth rollout before public disclosure.
The NU 6.2 hard fork activated at block height 3,364,600, re‑enabling Orchard transactions with a new per‑circuit verifying key tied to the patched zero‑knowledge proof circuit. Because the fix required a pinned verifying key, a hard fork was unavoidable. Once activated, the upgrade permanently closed the double‑spend vector and restored full shielded transaction functionality.
The Zcash Foundation confirmed that no known exploit had occurred and that the total ZEC supply remained intact. The incident marks only the second security‑driven protocol upgrade in Zcash’s history since its 2016 launch. ZEC experienced minor volatility during the suspension phase but quickly stabilized, with the market treating the event as a well‑handled security incident rather than a systemic failure. Node operators are urged to upgrade to Zebra 5.0.0 to remain compatible with the NU 6.2 consensus rules.
