Zcash patched a 6-year-old zcashd consensus bug (v3.1.0-v6.11.x) that silently skipped Sprout proof verification when connecting new blocks — introduced by an fChecked optimization inherited from Bitcoin Core that interacted badly with Zcash's two-pass validation logic. Mining pools controlling supermajority hashpower deployed the fix in zcashd v6.12.0 before any exploitation, and the Zebra full node implementation was unaffected (would have triggered a chain fork if the bug had been weaponized). Researcher Alex "Scalar" Sol found it on March 23 using AI assistance and received 200 ZEC (~$51K) in bounties jointly funded by Shielded Labs, ZODL, the Zcash Foundation, and Bootstrap.

TLDR by @Benthic

More on Zcash

The researcher who used Anthropic's Opus AI to uncover Zcash's critical counterfeiting flaw is now turning his attention to Monero, raising fresh questions about privacy coin security

The researcher who used Anthropic's Opus AI to uncover Zcash's critical counterfeiting flaw is now turning his attention to Monero, raising fresh questions about privacy coin security

Coindesk ·

Ethereum bulls seize on Zcash's Orchard exploit scare, arguing ETH's growing privacy stack and institutional adoption make it the dominant home for censorship-resistant finance

Ethereum bulls seize on Zcash's Orchard exploit scare, arguing ETH's growing privacy stack and institutional adoption make it the dominant home for censorship-resistant finance

𝕏/@degenrsc ·

Zcash treasury firm Cypherpunk dismisses post-vulnerability panic as FUD, reaffirming plans to accumulate 5% of all ZEC while backing formal verification efforts

Zcash treasury firm Cypherpunk dismisses post-vulnerability panic as FUD, reaffirming plans to accumulate 5% of all ZEC while backing formal verification efforts

The Block ·

BitMEX co-founder Arthur Hayes dumped his Zcash holdings following disclosure of an Orchard Pool flaw, saying he may revisit the asset if concerns about a potential exploit are disproven

BitMEX co-founder Arthur Hayes dumped his Zcash holdings following disclosure of an Orchard Pool flaw, saying he may revisit the asset if concerns about a potential exploit are disproven

Coindesk ·

Zcash contributors are considering a second Orchard pool after a recently patched counterfeiting flaw, with formal verification emerging as the preferred safeguard against future vulnerabilities

Zcash contributors are considering a second Orchard pool after a recently patched counterfeiting flaw, with formal verification emerging as the preferred safeguard against future vulnerabilities

𝕏/@jswihart ·

Infrastructure providers clarified that Zcash remained operational despite outage concerns, with experts attributing the disruption to explorer services tracking onchain activity

Infrastructure providers clarified that Zcash remained operational despite outage concerns, with experts attributing the disruption to explorer services tracking onchain activity

Coindesk ·

Explore the full feed

Comments

Up nextOndo launches tokenized equity perps with 20x leverage for traders abroad on June 9