The Solana Foundation has addressed a critical bug in its privacy-focused token system that, if exploited, could have allowed malicious actors to forge zero-knowledge proofs and perform unauthorized token minting or withdrawals.
The flaw was disclosed on April 16 via a GitHub advisory posted by Anza, a Solana development team, along with a working proof-of-concept.
Engineers from Anza, Firedancer, and Jito promptly confirmed the issue and began remediation efforts, according to a post-mortem published Saturday.
Solana Bug Traced to ZK ElGamal Proof System
At the core of the vulnerability was the ZK ElGamal Proof program, which validates zero-knowledge proofs (ZKPs) used in Solana’s Token-22 confidential transfers.
These token extensions are designed to enable privacy-preserving transactions by encrypting token balances and using cryptographic proofs to validate transfers.
Zero-knowledge proofs allow users to prove the validity of a transaction without revealing sensitive information, such as the amount or recipient address.
However, in this instance, a key algebraic component was missing from the hashing process used in the Fiat-Shamir transformation—a common technique that converts interactive proofs into non-interactive ones suitable for blockchain verification.
The oversight created a potential backdoor where sophisticated attackers could craft fake proofs that would be mistakenly accepted by the on-chain verifier.
Such an exploit could have enabled unauthorized minting of tokens or withdrawals from wallets without permission.
Fortunately, the vulnerability did not affect standard SPL tokens or the main Token-2022 logic.
Where is the line between esoteric threat to the network of infinite mint risk and roughly 0 risk of application layer bug on contract with roughly 0 usage?
Also they didn't secretly upgrade anything they published an update without mentioning the bug and publicly engaged
— Block Enthusiast
(@BlockEnthusiast) May 5, 2025
Private patches were quickly distributed to validator operators on April 17, with a second patch released later that day to address a related issue.
External security firms Asymmetric Research, Neodyme, and OtterSec reviewed the fixes.
By April 18, the majority of validators had implemented the patch.
According to Solana’s post-mortem, there is no evidence the flaw was ever exploited, and all user funds remain safe.
Solana Leads Blockchain Revenue Race in Q1 2025
Solana has taken the lead among blockchain networks in Q1 2025, outpacing competitors like Ethereum and BNB Chain in total revenue.
This marks a major milestone for the high-speed blockchain, driven by a surge in user engagement and an expanding ecosystem.
The network’s revenue boost was powered by increased decentralized app (dApp) usage, NFT transactions, and overall on-chain activity.
Solana’s scalable architecture and low fees continue to attract developers and users alike, making it a preferred platform for high-volume applications.
Its growth was further supported by upgrades, strategic partnerships, and momentum in sectors like DeFi, gaming, and mobile crypto apps.
These developments have solidified Solana’s reputation as a user-friendly, high-performance blockchain with a strong outlook for the rest of 2025.
The post Solana Fixes Major Bug That Could Let Hackers Create Fake Tokens or Withdraw Funds appeared first on Cryptonews.
