- The Zcash Foundation welcomed a new platform engineer while its bi-weekly meeting centered on recently discovered zcashd security flaws.
- The Foundation released Zebra 4.4.0 to address multiple vulnerabilities, as the Zcash Community Grants announced a $1 million fund.
It was another eventful week for Zcash, with recent security vulnerabilities taking center stage. The Zcash Foundation released a security patch in response, while the ecosystem announced a new fund to reward white-hat hackers who discover such flaws.
The Zcash ecosystem has been rocked by revelations of security vulnerabilities that have existed for over five years, as ETHNews reported. This week, the Foundation released Zebra 4.4.0, the latest version of its independent implementation of the Zcash software.
🚨 Zebra 4.4.0 contains fixes for multiple security vulnerabilities, including several consensus-critical issues. We strongly encourage all node operators to upgrade immediately. https://t.co/n9Px2ndtFY
— Zcash Foundation 🛡️ (@ZcashFoundation) May 2, 2026
The latest version comes with fixes for multiple vulnerabilities. This includes a permanent block discovery halt, fixing a vulnerability that allowed an attacker to halt all new block discoveries on a specific node. This would have effectively killed off that node.
Zebra also previously had a flaw that attackers could leverage to make it accept blocks that the original zcashd implementation rejected. This could have created a hard fork risk as nodes disagreed on what the valid blocks were. It has since been fixed.
The Foundation stated:
“We strongly recommend all Zebra node operators upgrade to 4.4.0 as soon as possible, particularly due to the consensus vulnerabilities described above. There are no known workarounds.”
Away from the fixes, the Foundation welcomed Andrés Rodríguez as a new platform engineer. Rodríguez joins other industry leaders who have joined the Zcash ecosystem to boost security and technical development, including Giovanni Carlino, who joined Shielded Labs last week.
Zcash’s Arborist Call and $1M Community Fund
The Zcash ecosystem bi-weekly meeting, known internally as the Arborist Call, also took place in the past week. As with most discussions over the past month, the call was dominated by recent security vulnerabilities, which, as we reported, a white-hat hacker used AI to uncover.
Developers expressed concern that AI is arming attackers with tools that can overwhelm most of the current security measures.
Beyond security, the transition from zcashd to Zebra was also discussed. zcashd is the original implementation, while Zebra is the updated version built by the Foundation. Developers have focused on making the transition frictionless, but as was revealed during the meeting, they are weighing switching tactics to an accelerated migration, even if it’s messier.
Shielded Labs, the entity that handles security on Zcash, had recommended that zcashd nodes should be hidden behind Zebra technology. However, developers dismissed the suggestion, saying it would only trigger more security loopholes.
Elsewhere, the Zcash Community Grants (ZCG) announced that it has set aside $1 million to pay members who uncover vulnerabilities affecting core zcashd repositories. ZCG noted that AI tools are attacking software at an accelerated rate, and it’s critical that Zcash arms itself against such attacks by involving its community.
Today ZCG is earmarking $1M USD to fund payouts for responsibly disclosed vulnerabilities affecting core Zcash repositories. 🛡️
Our ecosystem moved fast to patch recent disclosures. This is needed now as the security landscape is accelerating in the age of AI.
Forum 🔗⤵️ pic.twitter.com/ewi7l7RuvC
— Zcash Community Grants🛡 (@ZcashCommGrants) April 28, 2026
In its first payout, ZCG announced it had matched the reward given to researcher Alex Sol, who discovered vulnerabilities affecting zcashd repositories, bringing his total reward to 600 ZEC, worth $245,000 at current prices.
In the past week, the Foundation also stopped accepting applications to represent Zcash at DWeb in Berlin. The event will be held in mid-July, and the successful applicants will represent the network, sharing recent developments and making connections.
These developments were matched on the price charts, where ZEC shot up 15% in the past week. Currently trading at $408.8, ZEC has gained over 67% in the past month.
