TL;DR:
- David Schwartz reassured Zcash holders that passive coins should remain safe if the Orchard vulnerability was never exploited.
- The flaw affected the Halo 2-based Orchard shielded pool from May 2022 until the NU6.2 hard fork on June 2.
- Developers patched the circuit, but Zcash’s privacy design prevents definitive proof that counterfeit ZEC was never created, leaving holders with reassurance but lingering supply uncertainty after the disclosure and severe market pressure.
Ripple’s David Schwartz has stepped into Zcash’s most uncomfortable technical crisis with a reassurance that is both calming and incomplete. The issue centers on a critical Orchard shielded pool vulnerability that was patched through an emergency NU6.2 hard fork on June 2. Schwartz said passive holders who do not move their coins should remain safe if the bug was never exploited. The difficult part is the condition attached to that comfort, because Zcash’s privacy design makes it impossible to prove whether counterfeit ZEC was ever created during the exposure window.
If there was no exploit, everyone is safe whether they move their coins or not. They'll eventually be a bit lonely in the deprecated pool, but they'll still be safe and accessible.
— David 'JoelKatz' Schwartz (@JoelKatz) June 7, 2026
Orchard bug turns privacy into supply uncertainty
The flaw sat inside the Halo 2-based Orchard privacy layer, introduced with Network Upgrade 5 in May 2022. It involved an under-constrained element in the elliptic-curve multiplication gadget inside the halo2_gadgets crate, where crafted inputs could bypass validity checks. Taylor Hornby discovered the issue on May 29, 2026, with help from AI-assisted formal methods, and confirmed a working exploit in a local regtest environment. The vulnerability was not theoretical in the lab, since the same path on mainnet could have generated unlimited, undetectable ZEC.
Zcash developers moved quickly after disclosure. Zebra 4.5.3 was pushed as an emergency soft fork to temporarily disable Orchard transactions, followed by NU6.2 through Zebra 5.0 at block 3,364,600 on June 2. The patch corrected the circuit going forward, but it could not retroactively audit the four-year window from Orchard activation through June 1, 2026. That is where privacy becomes a market problem, because the same opacity that protects users also prevents definitive cryptographic proof that the supply remained untouched.
Schwartz’s point focused on ownership, not supply certainty. He argued that consensus rules and backward compatibility can keep older pool balances safe and accessible even if those pools eventually become deprecated. That matters for holders worried that inactivity alone could strand funds. Yet the market reacted to unverifiable risk, with ZEC falling more than 30% in one session after the May 29 disclosure and briefly touching its lowest level in over a month. The reassurance helps holders, but not the broader confidence gap, leaving Zcash to rebuild trust around a patched vulnerability that still cannot be disproven historically for investors still weighing the damage carefully.
