Zcash Founder Says Orchard Funds Remain Recoverable

Shielded Funds Are Safe, Movement Is a Personal Choice

Zcash founder Zooko Wilcox says users holding funds in the Orchard shielded pool should not be alarmed. Despite community concern following last month's disclosure of a critical vulnerability in the protocol, Wilcox has said legitimate Orchard funds should remain fully recoverable and that the development team believes the flaw was never exploited.

He acknowledged that users who prefer added peace of mind may choose to move their $ZEC, but stressed that keeping assets in shielded wallets remains a reasonable course of action. He cautioned that moving funds is not a cost-free decision, as doing so can introduce privacy tradeoffs, custodian risks, and the potential for operational mistakes during the transfer process.

What the Vulnerability Was and How It Was Fixed

On May 29, Taylor Hornby, an independent security researcher conducting an ongoing protocol audit on behalf of Shielded Labs, discovered a critical soundness vulnerability in the Orchard zero-knowledge proof circuit. The vulnerability had been sitting there, undetected, since Orchard's activation in May 2022. The bug allowed false elliptic curve multiplication inputs to pass verification, potentially enabling unlimited counterfeit $ZEC generation.

Developers said there was no evidence the flaw had been exploited and that the overall ZEC supply remained intact. However, because Orchard transactions are shielded, developers acknowledged that there is no definitive cryptographic way to determine whether counterfeit coins were created before the bug was fixed.

Phase one of the response landed on June 2, when a temporary soft fork activated at mainnet block height 3,363,426, disabling Orchard actions across the network while developers prepared the corrective code. Phase two followed on June 3, when the NU6.2 hard fork activated at block 3,364,600, re-enabling Orchard with a corrected circuit. The overall ZEC supply was never at risk, and transparent transactions continued to function normally throughout the incident.

Looking ahead, Zooko Wilcox has proposed an upgrade called Ironwood that would allow users to independently verify the cryptocurrency's circulating supply, addressing lingering community concerns about supply integrity in the wake of the incident.

Sources:
Zcash Community Forum: The Orchard Counterfeiting Vulnerability and Next Steps
Crypto Briefing: Zcash fixes critical Orchard bug after emergency network upgrade
Zcash Foundation: Zebra 4.5.3 and 5.0.0 Emergency Soft Fork and NU6.2 Activation