Users cannot send or receive Orchard funds until the update is complete.
The flaw was detected before it was exploited, although its technical nature was not revealed.
Zcash today, June 2, blocked sending and receiving from the Orchard pool, its most modern and most used private transaction layer, after identifying a flaw in the protocol during a routine audit, according to a statement from the Zcash Open Development team. Reactivation is scheduled for 18:00 UTC on the same day.
Users with funds in Orchard they cannot send or receive ZEC through that pool until the update is complete. ZEC tokens (the network’s native currency) deposited on exchanges are not affected and can continue to operate normally, according to the announcement. The funds are not at risk, according to the development team.
The flaw could not be fixed with an optional software update, according to the Zcash Open Development statement. It required modifying the base protocolforcing nodes, developers and infrastructure operators across the network to adopt the change in a coordinated manner. That change took effect at 02:30 UTC on June 2. Since Orchard is not exclusive to Zcash and was deployed independently by other protocols, the team claimed to have notified its maintainers.
What the statement does not reveal is the technical nature of the flaw: what part of the Orchard protocol it affected, what it could have allowed if exploited, and why it required a modification at the protocol level.
What is Orchard and why is it important in Zcash?
Orchard is a shielded pool that hides the sender, recipient and amount of transactions. This data is encrypted and is not visible in the Zcash public chain.
The Zcash network operates with three layers of shielded transactions (shielded transactionsin English): Sprout, the original and practically obsolete; Sapling, his successor; and Orchard, released in 2022.
The following distribution graph shows the current relevance of Orchard, which displaced Sapling as dominant pool from mid-2024 and today it concentrates about 4.5 million of the 5.1 million total armored ZECs.
In total, privacy pools concentrate approximately 5.1 million shielded ZECs out of a total supply of around 16.7 million, which is equivalent to 31% of the total circulation.
The fault found On June 2, it did not affect the rest of the shielded pools nor the public (or transparent) operations, which remain operational during the update.
The debate over who can pause the protocol
The coordinated suspension of the Orchard pool revived a discussion about the degree of centralization of networks managed by private groups. CyberSatoshi, cryptocurrency analyst, published in X that the action is equivalent to a admin key (a control mechanism that allows a group of administrators to pause or modify a protocol unilaterally) and compared it to other recent episodes in the sector:
Zama paused his contracts. Thorchain is under arrest. Now Zcash freezes its shielded Orchard pool. The entire industry is addicted to centralized kill switches. They literally called the node cartel over the weekend and hit the brakes.
CyberSatoshi, cryptocurrency analyst.
The analyst added: “If developers can freeze a network to patch a bug, you’re just relying on multi-signature. Censorship resistance means zero pause buttons.
The tension that CyberSatoshi exposes is not new to Zcash. At the beginning of last January, as reported by CriptoNoticias, the mass resignation of the Electric Coin Company team (the main historical developer of the protocol) after conflicts with the board of directors of the Bootstrap organization generated a drop of more than 20% in the price of ZEC in 24 hours.
That episode had already highlighted the weight that a limited group of people has on the operation and continuity of the protocol. The coordinated suspension of the Orchard pool refreshes that dependency from a technical angle: the ability to pause a part of the protocol requires that limited group to respond quickly, but also assumes that it has the power to do so.