What happened
Zcash will activate Ironwood, its next scheduled network upgrade, on July 28, according to Crypto.News citing core developer Sean Bowe. The upgrade closes the Orchard shielded pool, which has been the default shielded pool for Zcash transactions since the Nu5 upgrade in 2022. Ironwood follows the disclosure earlier this year of a cryptographic vulnerability in Orchard's zero-knowledge proof system. Developers held back the technical detail of the bug to avoid handing an exploit path to bad actors before a fix could ship, a pattern familiar from previous shielded-protocol responsible-disclosure cycles.
Once Ironwood is live, users with funds in Orchard will need to migrate them out of the closed pool. The mechanics of that migration and the exact post-activation state of legacy Orchard notes are outlined in the Zcash Improvement Proposal that governs the upgrade. Node operators, pool operators, mining pools, and wallet vendors have until July 28 to update client software; nodes that don't upgrade will fall off the canonical chain at the activation block.
Why it matters
This is not a routine upgrade. Ironwood is the mechanism by which Zcash's core team gets to answer a question the community has been asking since the bug was disclosed: was it ever used? Closing the pool freezes its state. That frozen state is what the team plans to audit. Until the pool is closed, an active exploit could in principle continue to hide inside the very anonymity set that makes Zcash useful.
The stakes are broader than one coin. Shielded-pool auditability has been the open question hanging over privacy-preserving chains for years. Monero has faced its own disclosure cycles. Tornado Cash sits inside a very different legal frame. Zcash's decision to shut a pool, migrate users, and then look inside is the most concrete answer any privacy chain has offered so far to the question of what happens after a shielded-pool bug ships to mainnet. The precedent will be studied.
