After browser confusion, Zcash fixes the privacy pool bug
Zcash's developers temporarily suspended Orchard transactions after discovering a critical vulnerability in the privacy-focused blockchain's latest sandbox, only to be restored by an emergency network upgrade.
On Wednesday, the Zakash Foundation said the vulnerability affects Orchard's zero-knowledge authentication circuit and could allow invalid state transitions in the pool. However, the foundation says there is no evidence that the bug was exploited, that no unauthorized value could be created, and that user privacy was not compromised.
The adjustment was carried out in a two-stage emergency adjustment. Zebra 4.5.3 temporarily disabled Orchard actions, while Zebra 5.0.0 enabled the NU6.2 update to re-enable Orchard with a patched circuit, according to the Foundation.
Emergency response shows how a bug in a core privacy infrastructure requires coordinated action between miners, exchanges and node operators, even if user funds and general supplies are not affected.
The update also seems to have created confusion in parts of the Zcash ecosystem. A Zcash block explorer shows block 3,364,601 as the latest block at 5:27 am UTC, while the page lists it as having been produced four hours ago and reports the Zcash network outage on X.
According to Zcash Open Development Lab (ZODL) co-contributor Tatiana, the network experienced “short periods of instability” as miners updated and converged on new consensus rules. The post didn't directly name the block browser or wallet issues, but said that network stability was fully restored by June 2 around 3:00 a.m. ET.
Cointelegraph reached out to the Zakash Foundation for comment but did not receive a response by publication.
Zcash Block Explorer shows the last mining activity four hours ago. Source: Zcash Block Explorer
According to the Zekesh Foundation, the vulnerability was discovered on May 29 by independent security researcher Taylor Hornby during a Shield Labs protocol audit. The issue was disclosed to ZODL's core engineers, who confirmed it and began developing remedial options.
The Zcash incident created confusion among community members
Mert Mumtaz, CEO of Solana's infrastructure company Helios, disputed the reports, saying the network was “uninterrupted” and that some browser applications were connected to a bad node.
Anonymous community member Zerodarts echoed the sentiment, saying that “blocks are being produced” and that most block explorers need to update their nodes.
RELATED: Zcash Is ‘Making Its Own Bull Market' As Zcash Paints 88% Rally Setup
However, according to community member Railgon, Zcash miners and developers froze the garden pool to fix the vulnerability before the hard fork. So the network was “semi-deliberately” lost at the time, but it has since recovered.
According to data from CoinGecko, the Zcash ZEC token fell from $600 to $599 after reaching a daily high of $637. However, as of this writing, it has returned to $614.
Magazine: Korea's First Memecoin Rag-Pull Case, Review of China's Crypto Regulations: Asia Express
