Zcash (ZEC) activated an emergency hard fork on Wednesday to address a critical bug in its Orchard protected transaction pool. The vulnerability was caused by a health issue in the zero-knowledge proof loop that validates private transactions. In theory, it could allow the creation of additional ZEC within the pool, opening the door to undetectable inflation or invalid state transitions accepted by the network.
On Wednesday, the Zcash Foundation he said There is “no evidence of unauthorized value creation”. Due to the privacy design, it remains difficult for outside observers to confirm that there is no hidden inflation. Independent researcher Taylor Hornby identified the problem on May 29 during a protocol audit for Shielded Labs. according to CoinDesk.
The developers acted quickly through private coordination with miners and exchanges, and an emergency soft fork implemented in Zebra 4.5.3 temporarily disabled all activity in the affected protected pool known as Orchard. A hard fork activated on Wednesday at block height 3,364,600 reactivated transactions protected by the fix.
This marks the second time Zcash has encountered a bug that has the potential to create new units of its currency in a difficult-to-verify manner, as a pre-2018 flaw allowed for theoretically unlimited counterfeiting. The Zcash team has tightly constrained knowledge and pushed the fix to improve, as it covers Luck around the time the bug was revealed.
The latest incident has drawn sharp commentary on both the risks to the health of the Zcash cryptocurrency’s monetary system and the governance process surrounding the response, which some see as centralized. Peter Todd, an early researcher in the blockchain space who was accused of being Bitcoin creator Satoshi Nakamoto in an HBO documentary last year, He argued with X consensus-level privacy poses unique threats. “Bitcoin has never been subject to an inflationary exploit that could destroy the value of the currency,” he said. “Zcash’s Privacy Makes Inflation Exploits More Dangerous.” He noted that about 30% of ZEC’s supply sits in a protected pool, and any undetected inflation or forced freezing of these funds would be a huge blow to holders, including himself. Todd, who also attended Zcash’s initial secure installation ceremony, used the episode to question the wisdom of trying to tie similar privacy features directly into Bitcoin’s underlying layer.
Seth for Privacy, CEO of privacy-focused crypto wallet Cake Wallet, criticized the coordination itself as overly centralized. In The letter Xhe described venture capital-backed for-profit ZODL as “implicitly connecting all the soft and hard forks of a network” while marketing the result. He said his team only learned of the bug from a public X post, ignored questions for days, and only received meaningful information hours before the hard fork went live. Wallets and other ecosystem participants were forced into last-minute updates or faced broken functionality, he said. “This is not the way decentralized networks should be run,” he said, calling the run an “abuse of the insider access that ZODL has.”
ZODL founder Josh Swihart pushed back against this characterization and reported“It doesn’t look like you know how disclosure works. I don’t have time to explain it to you.”
Of course, questions about centralization in the cryptocurrency industry go far beyond Zcash. Critics have been around for a long time pointed to stablecoins with single issuers and networks like Coinbase Base, which seem designed to capture value for traditional financial institutions rather than preserve the decentralized, cypherpunk principles that many associate with Bitcoin’s original design. Recently, a stablecoin issuer was hacked exploited a single point of weakness in the design of an on-chain smart contract. In April Entities linked to the Iranian regime saw $344 million of their USDT (stablecoin issued by Tether) holdings frozen. In addition, Circle, the issuer of USDC, raised $222 million specifically to develop its blockchain infrastructure. stablecoin transactions can increasingly resemble conventional financial rails.
Zcash itself has been one of the stronger cryptocurrency performers in recent years, having gained over 900% at points over the past twelve months amid a renewed focus on the cryptocurrency’s privacy features. However, much of this price action is driven by traders spinning the narrative rather than measurable growth in real-world usage of Zcash for privacy seekers. For use cases where privacy carries the highest stake, such as ransomware payments and darknet market trading, Monero remains the dominant choice. An analysis of the new darknet markets launched in 2024 showed that almost half use only Monero, while Zcash is less visible.
Note that, like Todd, NSA whistleblower Edward Snowden, who attended Zcash’s initial secure installation ceremony, has long been a public supporter of Zcash. 2017 CoinDesk interview as the most interesting Bitcoin alternative. On the other side is Alex Gladstein, Chief Strategy Officer of the Human Rights Foundation continued to focus on bitcoin as a primary tool for financial sovereignty and control or censorship resistance, citing its defining characteristics as a store of value and advancing privacy improvements at secondary protocol levels.
The episode leaves Zcash with a functional hedged pool once again, but with lingering questions about how well future inflation can reasonably be ruled out and how much coordination power sits with a small set of institutions. The latter of these two issues is still effectively a problem found in all cryptocurrency projects trying to find growth beyond their initial, niche user base.
