Overview
- Developers deployed a two-stage emergency response that first disabled Orchard actions via Zebra 4.5.3 and then re-enabled them when Zebra 5.0.0 activated NU6.2 on Wednesday at mainnet block height 3,364,600.
- The flaw was a soundness bug in Orchard’s Halo 2 zero-knowledge proof circuit that could have let invalid-looking proofs produce wrong state changes inside the Orchid shielded pool, including limited double-spend risk.
- The hard fork was necessary because fixing a zero-knowledge circuit requires replacing a pinned per-circuit verifying key, a change that cannot be applied by ordinary software patches.
- The Zcash Foundation and ZODL say there is no evidence the bug was exploited and turnstile accounting checks show no unauthorized ZEC creation, while node operators are strongly urged to upgrade or face resync or backup-restore work.
- This incident highlights the rarity and operational impact of security-driven protocol upgrades in Zcash, underscores the role of private coordination with miners and exchanges, and may prompt tighter audit focus on zero-knowledge circuits going forward.