On June 8, ZODL founder Josh Swihart further disclosed how the Zcash team is addressing a serious vulnerability in the Orchard privacy pool. In a post released on the X platform on Sunday, Swihart stated that the ZODL team has launched a two-phase emergency upgrade plan for the privacy-focused blockchain network Zcash. The first phase is a soft fork aimed at temporarily disabling Orchard transactions to reduce the risk of the vulnerability being exploited, while avoiding the full disclosure of the issue's details before responsible disclosure. Subsequently, the team activated the second phase hard fork upgrade NU6.2 on June 3 to fix the underlying vulnerability and re-enable Orchard transaction functionality. Previously, the independent technical support organization ShieldedLabs disclosed that there was a serious vulnerability in Zcash's Orchard privacy pool that could theoretically allow attackers to infinitely mint counterfeit ZEC tokens. The organization stated that the vulnerability has been fixed and there is currently no evidence that it was ever exploited. Orchard is the core privacy transaction pool of Zcash, allowing users to send and receive completely anonymous ZEC transactions using zero-knowledge proof technology. The Orchard circuit is responsible for verifying that all transactions entering the system are legitimate. Swihart also revealed that during the incident response, the ZODL team actively responded to code review requests from mining pools and exchanges to demonstrate the security of the fix and the credibility of the team. Among them, the mining pools ViaBTC and Foundry played a key role in coordinating the emergency response.
All Comments