Zcash developers have finalized consensus rule changes for the Ironwood upgrade, scheduled for late July. It aims to achieve activation at block height 3,417,100 to address a critical vulnerability in Orchard’s protected pool that exposed the network to unlimited counterfeit ZEC minting.
UPDATE: Zcash developers have finalized the Ironwood upgrade, adding a new Orchard protected pool to reduce the risk of unlimited circulation of counterfeit $ZEC.
ZEC has now recovered +80% from its intraday low of around $252 on June 5. pic.twitter.com/4jGJWXPlIH
– Coin Bureau (@coinbureau) June 9, 2026
UPDATE: Zcash developers have finalized the Ironwood upgrade, adding a new Orchard protected pool to reduce the risk of unlimited circulation of counterfeit $ZEC.The upgrade introduces a replacement shielded pool, enforces provisioning controls through an existing turnstile mechanism, and disables new incoming payments to the compromised Orchard pool, all supported by formal verification of the underlying zero-knowledge proof circuitry and independent third-party security audits.
Discover: the best token presales
The Orchard Pool bug: Ironwood to fix Zcash
The Orchard pool was introduced in May 2022 as part of the NU5 upgrade, which brought the Halo 2 proof system to Zcash and positioned Orchard as the protocol’s next-generation privacy layer. It is a protected environment that leverages zero-knowledge proofs to hide transaction amounts and participant addresses without trusted configuration.
The flaw discovered in early 2026 resided in the integrity of the Orchard protocol circuit: an attacker exploiting it could have created a counterfeit ZEC without any trace on the chain detectable by normal node verification.
The bug meant that the total ZEC supply imposed by consensus was not actually limited to the Orchard pool. Because Zcash’s zero-knowledge architecture is precisely what makes Orchard private, the same properties that protect legitimate user transactions also make unauthorized issuance invisible to external observers and, importantly, the Zcash development team itself.
An AI-assisted security review by external researchers revealed the flaw, leading to a quiet patch and coordinated disclosure before Ironwood was officially offered.
Discover: The best crypto to diversify your portfolio
Turnstile, new swimming pool and supply check
Ironwood was proposed jointly by ZODL, Tachyon, Valar Group, the Zcash Foundation and Shielded Labs, a multi-stakeholder governance structure that distinguishes this response from a single-team patch.
The main mechanism of the upgrade is a redesigned Orchard circuit that includes a flag capable of disabling payments to other users within a pool while preserving the ability to generate change notes, which Bowe described as a privacy protection.
Once enabled, this flag will be permanently enabled for the old Orchard pool, limiting the valueBalance and automatically route all new payments to Orchard to the replacement pool.
The supply controls applied by Ironwood depend on the protocol’s pre-existing round-robin mechanism; each ZEC exiting the old Orchard basin must pass through the turnstile before entering the new basin, and the turnstile requires that the total value exiting the old basin cannot exceed the value entering it in a verifiable manner.
Bowe said: “This combination imposes a limit on the circulating supply of ZEC through the use of the existing turnstile mechanism; the amount of ZEC that anyone can transact with is no more than the amount that is supposed to exist. »
Once the migration is complete, the on-chain data will allow any full node to independently verify that no counterfeit ZEC has entered the new pool, restoring trustless provisioning verification at the protocol level for the first time since the vulnerability was introduced.
The activation target coincides with the end of zcashd support at block height 3,417,100. Testnet testing, ecosystem coordination, and final security audits remain pending before mainnet activation. Wallet providers supporting Orchard are expected to offer one-click migration tools, and the new pool is designed to preserve existing Orchard addresses, avoiding disruptive key rotation for active users.
Discover: the best token presales
The post Zcash Ironwood Upgrade Finalizes to Fix Orchard Pool Flaw, Target July appeared first on Cryptonews.
