TLDR
- Zcash Foundation released Zebra emergency upgrades after researchers found a critical Orchard Action circuit vulnerability.
- Zebra 4.5.3 temporarily blocked Orchard actions through an emergency soft fork on mainnet.
- Zebra 5.0.0 activated NU6.2 and restored Orchard with a corrected verifying key.
- Zcash Foundation said no known exploit occurred and no unauthorized value was detected.
- Node operators were urged to upgrade to Zebra 5.0.0 to maintain network compatibility.
The Zcash Foundation released Zebra 4.5.3 and Zebra 5.0.0 after a critical soundness bug was found in the Orchard Action circuit. The vulnerability was reported by independent security researcher Taylor Hornby on May 29, and engineers confirmed that it could have allowed double-spending within the Orchard pool.
Zebra 4.5.3 introduced an emergency soft fork that temporarily rejected transactions and blocks containing Orchard actions. The measure activated at Zcash mainnet block height 3,363,426 and was designed to limit exposure while a corrected circuit was prepared.
UPDATE: Zcash Foundation releases Zebra emergency upgrade to fix critical Orchard bug
Zcash Foundation released Zebra 4.5.3 and 5.0.0 to fix a critical soundness bug in the Orchard Action circuit. Zebra 4.5.3 temporarily disabled Orchard actions via an emergency soft fork at… pic.twitter.com/8AH6h5a6f3
— Wu Blockchain (@WuBlockchain) June 3, 2026
The foundation said private coordination with miners and exchanges began on May 31 before public disclosure. That process was intended to reduce the chance of attempted exploitation while the emergency Zebra upgrade was deployed across network participants.
NU6.2 hard fork restores Orchard functions
Zebra 5.0.0 later activated the NU6.2 hard fork at Zcash mainnet block height 3,364,600. The upgrade re-enabled Orchard actions after routing Orchard proofs to a new per-circuit verifying key tied to the corrected zero-knowledge proof circuit.
A hard fork was needed because the circuit fix required a new pinned verifying key. The Zcash Foundation said the NU6.2 activation permanently closed the known Orchard vulnerability and restored normal shielded transaction functionality for the affected pool.
The upgrade followed an earlier emergency release that had temporarily disabled Orchard use, while Sapling and transparent transactions remained available. According to the foundation, user privacy was not affected during the response period.
Foundation reports no known exploitation
The Zcash Foundation said there was no evidence that the Orchard bug was exploited before the fix was completed. It also said no unauthorized value creation had been found, and the network’s total supply remained intact after review.
The incident marked the second security-driven protocol upgrade in Zcash history since the network launched in 2016. The foundation framed the Zebra emergency upgrade as a necessary response to a soundness issue in a core privacy circuit.
Zebra node operators were strongly urged to upgrade to Zebra 5.0.0 to remain aligned with the NU6.2 hard fork. The release restored Orchard support with the corrected circuit and ended the temporary restrictions introduced by Zebra 4.5.3.
