On April 1, security researchers discovered a serious vulnerability in Zcash nodes that could theoretically be exploited by malicious miners to extract over 25,000 ZEC from the deprecated Sprout privacy pool, valued at approximately $6.5 million at current prices. According to a disclosure report released on Tuesday, researcher Alex 'Scalar' Sol revealed the vulnerability on March 23, noting that the zcashd nodes skipped the proof verification step when processing transactions involving the old Sprout privacy pool. The report stated that the vulnerability had not been exploited and all user funds remained secure. The vulnerability affected versions released since July 2020. The Zcash development team released version 6.12.0 on Tuesday to address the issue. Major mining pools also quickly took action to deploy the patch—Luxor confirmed the fix on March 25, while F2Pool, ViaBTC, and AntPool completed their fixes by March 26.