Zcash Patched a Double-Spend Bug as ZEC Climbed 5%

ZEC, Zcash’s native token, rose more than 5% on June 3 as miners and exchanges completed the adoption of Zebra 5.0.0, the software release that closed a critical soundness vulnerability in the Orchard shielded pool. The Zcash Foundation confirmed no exploitation occurred, total ZEC supply stayed intact throughout, and the coordinated response from discovery to full resolution took five days.

Grayscale Investments had filed a Form S-3 with the Securities and Exchange Commission (SEC) on May 12 to convert its Zcash Trust into a spot exchange-traded fund (ETF), the first such application for any privacy-focused cryptocurrency. That application was still pending when independent security researcher Taylor Hornby found the bug on May 29. Bitcoin traded at roughly $66,650 on June 3, off an intraweek high near $75,850, and most large-cap crypto declined alongside it.

The Five-Day Timeline Before the Patch Went Public

Hornby was conducting an ongoing protocol audit on behalf of Shielded Labs, a Zcash ecosystem development organization, when he discovered the flaw on the evening of May 29. He disclosed it that same night to the Zcash Open Development Lab (ZODL, the organization responsible for core Zcash protocol development). Engineers Daira-Emma Hopwood, Kris Nuttycombe, and Jack Grigg confirmed the issue within hours and began evaluating fixes.

Private coordination with miners and exchanges did not begin until May 31, two days after the initial disclosure to ZODL. The Foundation later explained why it held off on a direct patch: publishing a circuit fix would have shown anyone reading the updated code exactly where the vulnerability sat, before the network had time to protect itself. Disabling Orchard entirely was the safer first step, buying engineers time to prepare the actual circuit repair with minimal exposure to attackers.

1. An initial soft-fork coordination attempt ran into deployment challenges, pushing the activation target to a second patch targeting a later block.
2. Zebra 4.5.3 activated an emergency soft fork at mainnet block height 3,363,426 at approximately 02:00 UTC on June 2, immediately rejecting all Orchard-containing transactions and blocks from that point forward.
3. Zebra 5.0.0 activated the NU6.2 hard fork at block height 3,364,600 at 00:05 EDT on June 3, re-enabling Orchard with the corrected circuit and a new per-circuit verifying key. The hard fork arrived roughly ten hours later than initial estimates had suggested.

The Foundation published the full technical disclosure on June 3, classifying the vulnerability under advisory identifier GHSA-jfw5-j458-pfv6 as critical severity.

What Broke Inside Orchard’s Proof Circuit

The Orchard shielded pool arrived with the NU5 network upgrade in May 2022. Built on the Halo 2 proving system, it was the first Zcash pool to eliminate the trusted setup requirement that had constrained its predecessors, Sprout and Sapling, and drawn longstanding criticism from cryptographers who viewed those trusted ceremonies as a structural risk.

The flaw sat inside the halo2_gadgets crate, a Rust-language library that provides reusable components for constructing zero-knowledge (ZK, a cryptographic method for proving a statement true without disclosing the underlying data) proof circuits. In any ZK system, soundness is the guarantee that a verifier only accepts a proof for a statement that is genuinely valid. A circuit with a soundness flaw can be coerced into accepting a proof it should reject, because the constraint system contains a gap that an attacker can exploit without the verifier noticing.

In Orchard’s case, the flaw could have allowed the pool to accept invalid state transitions, opening a potential double-spend path within the pool. Total supply inflation beyond the pool itself was not possible: Zcash’s turnstile mechanism tracks the ZEC balance across all value pools including Sprout, Sapling, Orchard, the transparent layer, and the lockbox, and enforces hard limits on how much value can cross between them. The turnstile confirmed the supply cap remained intact throughout the incident.

• ~30% of ZEC’s circulating supply held in shielded pools at the time the patch went live
• More than 4 million ZEC held in the Orchard pool specifically, the majority of all shielded funds
• Zero instances of confirmed unauthorized value creation, per the Foundation’s post-incident analysis

Disable First, Then Re-Enable With a Corrected Key

Zebra 4.5.3’s soft fork sidestepped the disclosure problem: nodes running the updated software rejected Orchard-containing transactions, but did not penalize peers still relaying them, which kept the network connected during the upgrade window while preventing the flawed circuit from processing any new transactions. Sapling shielded transactions and transparent transactions continued operating normally while Orchard was suspended.

Fixing the circuit itself required a new pinned verifying key, the public parameter each node uses to confirm a proof is valid. Changing the verifying key is a consensus rule change, which is why Zebra 5.0.0 shipped as a hard fork rather than a routine software update. The Zebra 5.0.0 release notes on GitHub confirm that NU6.2 added a consensus rule rejecting Orchard bundles with non-canonical proof sizes from the activation height, permanently closing the gap.

Block explorer delays of up to four hours after the hard fork prompted social media posts claiming the Zcash network was down. Mining pools had been producing valid blocks under the new rules throughout; block explorers still connected to nodes running older software displayed stale data, which is where the reports originated. A ZODL contributor described the episode as a brief period of instability as miners converged on the new consensus rules. By midday on June 3, most had synced up.

Zcash’s Second Security Emergency in a Decade

The Foundation described NU6.2 as the second security-driven protocol upgrade in the network’s history since its 2016 launch. The first arrived in February 2019, when the Electric Coin Company (ECC, Zcash’s original protocol development firm) disclosed a counterfeiting-capable flaw in the BCTV14 zk-SNARK construction used by the original Sprout pool. ECC said at the time it believed no exploitation had occurred in that instance either.

The 2026 Orchard bug fits a documented pattern in ZK circuit security. Research firm Kudelski Security found that more than 80% of findings in ZK audit reports trace back to the circuit layer, where improperly constrained gates allow a verifier to accept proofs it should refuse. Halo 2 specifically has a history of separate disclosures: ZK Security previously identified a query collision bug in widely used Halo 2 implementations, including Zcash’s; Trail of Bits documented soundness and under-constrained bugs in Axiom’s Halo 2 circuits during a 2025 audit. In both those external cases, the flaws resolved without exploitation in production, and in each the vulnerable code had been running for months before an audit surfaced the issue.

This upgrade succeeded because the necessary pieces were already in place: ongoing security review by independent researchers, established responsible disclosure procedures, experienced protocol engineers, and a network of independent participants who acted quickly when required.

The Zcash Foundation posted those lines in its official June 3 disclosure, with specific thanks to Hornby, Shielded Labs, ZODL engineers Hopwood, Nuttycombe, and Grigg, and Arya Solhi of the Zcash Foundation, who developed the Zebra patches that carried the network through the upgrade.

The Institutional Bet Now Watching the Network

ZEC had already moved sharply before the bug surfaced. From around $220 in early 2026, the token climbed to a May high near $642, a gain of over 190%, shaped by a sequence of institutional developments that had repositioned Zcash from regulatory liability to institutional candidate:

• The SEC closed its multi-year Zcash Foundation investigation on January 15, 2026 with no enforcement action. The SEC’s closure of its Zcash probe removed the regulatory overhang that had kept privacy assets outside most regulated investment vehicles for years.
• Grayscale Investments filed Form S-3 on May 12 to convert its Zcash Trust into a spot ETF for NYSE Arca under the ticker ZCSH. The Trust held 391,103 ZEC worth roughly $99.4 million as of March 31, 2026, with Coinbase Custody securing the underlying tokens in transparent addresses.
• Multicoin Capital co-founder Tushar Jain disclosed in early May that the firm had been accumulating ZEC since February 2026.
• On June 3, Bankless co-founder David Hoffman disclosed he had exited his Ethereum position and shifted a portion of the proceeds into ZEC.

By June 3, ZEC’s market capitalization sat near $9.9 billion, around 13th by total value, and the token ranged between $560 and $638 during the session. The custody structure for the proposed ZCSH ETF uses transparent Coinbase Custody addresses rather than shielded pools, a structural consideration that matters because roughly 30% of circulating ZEC currently sits in shielded pools that standard custodial audits cannot directly read.

The Upgrade Window Closes for Stragglers

Node operators who followed an incorrect chain fork after NU6.2’s activation at block 3,364,600 need to resync from scratch, or restore from a state backup taken before that height. The Foundation has confirmed that no older Zebra release will follow the correct post-NU6.2 chain.

Cake Wallet, which added Orchard-default shielded Zcash support in January 2026, froze ZEC functionality during the upgrade window. Mert Mumtaz, chief executive of blockchain infrastructure firm Helius, said on June 3 that the network remained operational and attributed the reported outage to block explorers connected to outdated nodes.

Beyond the straggler cleanup, ZODL has set a 12-to-18-month roadmap from May 2026 for full post-quantum security, targeting the elliptic curve components that Shor’s algorithm could break on a sufficiently powerful quantum computer. The next protocol milestone before that goal is FCMP++ (Full-Chain Membership Proofs++, a Zcash upgrade targeting transaction throughput and privacy composability). Both items will be evaluated by the same institutional audience now weighing the ZCSH ETF application.

By the Foundation’s own accounting, NU6.2 is the second time a critical security flaw forced an emergency protocol change in Zcash’s ten-year history. No ZEC was lost in either instance.

Disclaimer: This article is for informational purposes only and does not constitute investment advice. ZEC prices cited reflect market data from June 3-4, 2026 and will differ from current values. Readers should consult a qualified financial professional before making any decisions involving cryptocurrency assets.