Zcash Foundation released Zebra 4.5.3 and Zebra 5.0.0 after engineers found and fixed a critical soundness bug in the Orchard Action circuit.
Summary
- Zcash Foundation fixed an Orchard circuit bug before known exploitation and urged urgent Zebra upgrades.
- Zebra 4.5.3 disabled Orchard actions, while 5.0.0 re-enabled them through NU6.2 at mainnet height 3,364,600.
- Zcash said no unauthorized value appeared, and Sapling plus transparent transactions kept working normally during incident.
The foundation said Zebra 4.5.3 activated an emergency soft fork at mainnet block height 3,363,426. The release temporarily rejected transactions and blocks containing Orchard actions while engineers prepared a corrected circuit.
The soft fork went live at about 02:00 UTC on June 2 after an earlier coordination attempt faced patch deployment issues. The foundation said private coordination with miners and exchanges started on May 31 to reduce the chance of exploitation before public disclosure.
NU6.2 restores shielded transactions
Zebra 5.0.0 activated the NU6.2 hard fork at mainnet block height 3,364,600. The upgrade re-enabled Orchard actions with a corrected circuit and routed Orchard proofs to a new per-circuit verifying key. The release also marked the second security-driven protocol upgrade in Zcash history since 2016.
A hard fork was needed because a zero-knowledge proof circuit fix requires a new pinned verifying key.
“We strongly urge all node operators to upgrade to Zebra 5.0.0 as soon as possible,” Zcash Foundation said.
No known exploit found
The bug was discovered on May 29 by independent security researcher Taylor Hornby during a protocol audit for Shielded Labs. ZODL engineers Daira-Emma Hopwood, Kris Nuttycombe and Jack Grigg confirmed the issue within hours and began work on a fix.
The foundation said the flaw could have allowed invalid state changes inside Orchard and possible double spending within that pool. It also said Zcash’s turnstile mechanism protected total ZEC supply, and “There is no evidence of unauthorized value creation.” The affected code included older halo2_gadgets, orchard and zcash_primitives releases, plus zcashd versions 5.0.0 through 6.12.3.
Why Orchard remains important
Orchard is Zcash’s newest shielded pool and a core part of its privacy system. It launched with NU5 in 2022 and uses Halo 2, which removed the need for a trusted setup. That design made Orchard a key part of Zcash’s current privacy roadmap.
Related market coverage has recently focused on rising Zcash shielded use. A recent report said about 30% of ZEC supply had moved into shielded pools, with Orchard holding 4.2 million ZEC and most of the recent growth.
The foundation said user privacy was not harmed during the incident. Sapling and transparent transactions also continued operating normally while Orchard actions remained paused.
Node operators now face the main task of upgrading to Zebra 5.0.0, rather than relying on older releases. Operators that stayed on an incorrect fork after NU6.2 may need to resync from scratch or restore from a backup made before activation.
