- Zcash dropped as much as 40% when developers revealed a flaw in its Orchard shielded pool.
- The Ironwood proposal would build a fresh privacy pool with repaired code.
- Also, Ironwood would reveal or trap counterfeit coins, effectively wiping them out.
Zcash is bouncing back strongly after one of the worst security scares in its history. ZEC had rallied about 45% from last week’s lows, following a proposed upgrade called ‘Ironwood’ aimed at rebuilding trust after a serious counterfeiting flaw was found.
The privacy coin dropped as much as 40% when developers revealed a flaw in Zcash’s Orchard shielded pool, which is the privacy layer that hides transaction data with zero‑knowledge cryptography.
Developers said the bug could have let someone create endless counterfeit ZEC without anyone noticing. It had apparently been around since May 2022 before security researcher Taylor Hornby found it in late May 2026.
Related: Zcash Founder: Orchard Bug Could Have Been Used to Create Undetectable Counterfeit ZEC
What made the issue particularly alarming was not simply the possibility of counterfeit coins being created, but that Zcash’s privacy design made it impossible to cryptographically prove if the exploit had ever been used. Since shielded transactions hide balances and details, developers couldn’t simply audit historical activity to confirm the supply remained intact.
Ironwood Upgrade
However, the newly proposed Ironwood upgrade is meant to fix the problem.
Ironwood would build a fresh privacy pool with repaired code, while blocking the minting of any new coins in the old Orchard pool. Users would slowly migrate their funds into the new pool, and anyone running Zcash software may independently check that the total circulating supply matches the legitimate amount of ZEC.
Additionally, the Ironwood proposal introduces a key transparency feature. In case any counterfeit coins were made using the vulnerability, they would either surface during migration to the new pool or be trapped in the old one and effectively wiped out.
If all goes according to plan, the target activation is scheduled for late July 2026.
As for the bug itself, developers from Shielded Labs, the Zcash Foundation, and the Zcash Open Development Lab (ZODL) worked with big mining pools like ViaBTC and Foundry to roll out emergency patches and upgrades. The issue was fixed within days of being found.
Interestingly, before the bug disclosure, Zcash was seeing some of its best network numbers in years. For instance, shielded supply reached a record 5.1 million ZEC.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
