Zcash Addresses Critical Vulnerability with Successful Network Upgrade

Zcash (ZEC) Foundation announced a critical vulnerability in the Orchard zero-knowledge proof circuit, discovered by independent security researcher Taylor Hornby on May 29. According to ChainCatcher, the flaw could have allowed double-spending within the Orchard pool. ZODL's core engineers quickly confirmed the issue and initiated a fix. To buy time, they temporarily disabled Orchard operations through an emergency soft fork, Zebra 4.5.3, on June 2. The final resolution came with the activation of the NU6.2 hard fork via Zebra 5.0, which was completed at block height 3,364,600 at 12:05 PM (UTC+8) today. This upgrade permanently closed the vulnerability by re-enabling Orchard with a corrected circuit. This marks the second protocol upgrade due to security concerns since Zcash's launch in 2016. No known exploits occurred during this period, and the network's total supply remained intact. User privacy, as well as Sapling and transparent transactions, were unaffected.