My god I hope. I had a significant balance, against my better judgement. I never knew Cake wallet did an auto-shield, at MY expense even. Not happy about that. I should’ve stuck with Trust wallet.
1 Like
is it out yet? Dont see it under Releases · zcash/zcash · GitHub yet.
2 Likes
There coming up pretty quick
No they are not. Blockchair, zcashexplorer (i.e. the ‘official’ one), Trezor’s explorer…all the big block explorers except for blockexplorerone are still stuck. That’s what services point you to when they say your transactions don’t arrive, yet they’ve been confirmed on the NU6.2 chain. Zcash’s own ecosystem tells you to exchange at Changelly, they can’t exchange right now. Although, funnily enough, I managed to get an exchange done because after 15 hours enough non-orchard blocks got through on the old chain, at least I think that’s what happened. But I wouldn’t recommend trying yourself!
Working
https://blockexplorer.one/zcash/mainnet
Correct block hash for block 3364600: 0000000000806344c408a4cfdf472f4132c632edbdc24cf2f3f672061da8b865
In the wrong fork
https://mainnet.zcashexplorer.app/
Wrong block hash for block 3364600: 00000000008e8463e11cf7896bdc6015ccd67de37958dac452ffb7dd0a449781
If you are in the wrong fork and not over block 3364700, you can just stop Zebra, delete its `non_finalized_state` folder, and run it again. Otherwise you will need to delete the state and sync from scratch.
6 Likes
Is there any way for us to know that this was not exploited before discovery/remediation?
I’m not trying to spread fear, uncertainty or doubt, I am a large ZEC holder and am curious if there is an answer to this.
1 Like
Thank you, I hadn’t noticed. 
1 Like
solid read
I tried YWallet, by calculating my private phrase HASH, and everything looks good, but I can’t get it to sync, NO MATTER what server I use. Any ideas?
My Ywallet 1.14.3 seems to sync ok with zec.rocks (global)
It could be I didn’t import my previous Wallet information correctly.
In Ywallet settings there is a Ping Test option and you can see which servers respond for you.
The wallet may not update the % as it goes, just wait for a while and then close and reopen the wallet. Also make sure youre on the latest version.
You can also rescan to a few days ago sometime last week just in case and then again, wait.
The more accounts you have, the longer it takes overall to scan and sync.
Update: core Zodl wallet functionality has been restored.
Send ZEC
Receive ZEC
Shield funds
Keystone support
We’re still confirming the status of:
• Swaps (via NEAR)
• Flexa payments
We’ll share additional updates as they become available. Thanks for your patience while services come back online after the Zcash network update.
2 Likes
I want to add a brief technical note and thank the teams involved in the recent Orchard remediation.
For context, under the handle fivelittleducks · GitHub, I have previously been credited on two Critical Zcash/Zebra vulnerability reports: one as a primary reporter, and one as a co-reporter/contributor. I was not involved in discovering this Orchard issue.
After reading the public technical description, I independently verified the root-cause class at a safe, non-weaponized level. At a high level, this was a soundness issue in a consensus-critical zero-knowledge circuit: a variable-base scalar multiplication gadget could enforce that the arithmetic was internally consistent for the point used inside the gadget, without sufficiently binding that internal point back to the intended external base.
That distinction matters. A circuit can correctly check the algebra of a scalar multiplication and still prove the wrong statement if the operand being multiplied is not anchored to the statement’s intended operand. The fix closes that gap by anchoring the real base into the circuit, which is why the remediation required a consensus-level circuit and verifying-key change rather than only a wallet-side or API-side patch.
I intentionally did not build or share any end-to-end construction. I do not think publishing exploit details would help users or the ecosystem. The official advisory already covers the impact and the current evidence assessment.
One boundary is worth stating clearly: the total-supply claim is independently checkable through the public value-pool accounting, which is enforced non-negative at the consensus layer on every block. In other words, total-supply inflation risk is constrained by the turnstile / value-pool checks. Separately, this does not make every private-flow detail observable from the public chain;
Thank you to Taylor Hornby, Shielded Labs, Josh Swihart, ZODL, the Zcash Foundation, node operators, wallet providers, miners, exchanges, infrastructure operators, and everyone else who helped coordinate the response. This was a serious issue, and the coordinated remediation shows why mature disclosure and upgrade processes matter.
1 Like