The Solana Foundation approached a critical bug in its token system focused on privacy which, if it was exploited, could have allowed malicious actors to forge evidence of zero knowledge and to make a strike or withdrawals of unauthorized tokens.
The defect was disclosed on April 16 via a GitHub opinion published by Anza, a Solana development team, as well as proof of work concept.
The engineers of Anza, Firedancer and Jito quickly confirmed the problem and began the remediation efforts, according to a post-mortem published on Saturday.
Solana Bug has drawn the ZK Elgamal Proof system
At the heart of the vulnerability was the ZK Elgamal Proof program, which validates zero knowledge of knowledge (ZKPS) used in the Token-22 confidential transfers in Solana.
These token extensions are designed to allow transactions preserving confidentiality by encrypting tokens balances and using cryptographic evidence to validate transfers.
Evidence of zero knowledge allows users to prove the validity of a transaction without revealing sensitive information, such as the amount or address of the recipient.
However, in this case, a key algebraic component lacked in the hash process used in the Fiat-Shamir transformation-a current technique which converts interactive evidence into non-interactive adapted to the check of the blockchain.
Surveillance has created a potential stolen door where sophisticated attackers could develop false evidence that would be wrongly accepted by the chain auditor.
Such a feat could have allowed the unauthorized strike of the tokens or the withdrawals of portfolios without authorization.
Fortunately, the vulnerability did not affect standard SPL tokens or the logic of the main token-2022.
Where is the line between the esoteric threat to the infinite mint risk network and approximately 0 risk of application layer bug on contract with approximately 0 use?
They also did not secretly upgrade everything they have published an update without mentioning the bug and publicly engaged
– Block Earthing
(@Blocenthusiast) May 5, 2025
(@Blocenthusiast) Private fixes were quickly distributed to Validateur operators on April 17, with a second correction published later during the day to resolve a related problem.
Asymetric Research, Neodyme and Otersec external safety companies have examined the fixes.
As of April 18, the majority of validators had implemented the patch.
According to Solana’s autopsy, there is no evidence that the defect has been used and all user funds remain safe.
Solana leads the Blockchain income race in the first quarter of 2025
Solana took the lead among the blockchain networks in the first quarter of 2025, exceeding competitors like Ethereum and BNB chain in terms of total income.
This marks an important step for high -speed blockchain, driven by an increase in user engagement and an expanding ecosystem.
The increase in network income has been fueled by increased use of decentralized application (DAPP), NFT transactions and a global activity on the chain.
The evolutionary architecture of Solana and low costs continue to attract developers and users, making it a favorite platform for high volume applications.
Its growth was also supported by upgrades, strategic partnerships and momentum in sectors such as DEFI, game and mobile cryptography applications.
These developments have solidified Solana’s reputation as a user -friendly high performance blockchain with a strong perspective for the rest of 2025.
The post Solana corrects the major bug which could allow hackers to create false tokens or to remove funds appear first on Cryptonews.
