Solana Patches Critical Token Bug Before Major Exploit
Solana faced a serious flaw in its Token-2022 system. If missed, hackers could have created unlimited tokens. Worse, they might have stolen funds from any account.
The Solana Foundation confirmed the bug got reported on April 16. Their team fixed it in under 48 hours. Core developers from Anza, Jito, and Firedancer led the response. Security firms OtterSec, Neodyme, and Asymmetric Research also joined efforts.
This issue never reached the public. Solana chose to address it quietly to avoid panic or misuse.
The Root Cause: Confidential Transfers
The bug lived inside the “confidential transfers” feature. This feature hides transaction details using zero-knowledge proofs. Specifically, it uses the ZK ElGamal system.
A missing math element in the cryptographic hash caused the problem. That gap let attackers create fake proofs. These forgeries looked real to the system.
Using these false proofs, someone could mint endless tokens. They also could empty accounts without leaving a trace.
Security Response and Lessons Learned
The rapid fix prevented disaster. No thefts or exploits have been reported.
SOL developers continue to audit Token-2022. They aim to stop future threats before they start. The Foundation stressed the value of teamwork during this incident.
Strong cryptography isn’t enough without careful implementation. This event proves that even advanced features need constant review.
Kosta Gushterov
Reporter at Coindoo
Kosta has been a part of the team since 2021 and has solidified his position with a thirst for knowledge, incredible dedication to his work and a “detective-like” mindset. He not only covers a wide range of trending topics, he also creates reviews, PR articles and educational content. His work has also been referenced by other news outlets.
