- Buy Crypto
- Markets
Futures- Spot
- Copy Trade
- Earn
- More
Solana Fixes Confidential Token Vulnerability
By: bitcoin ethereum news|2025/05/05 16:45:01
0
Share
Solana Foundation fixes bug affecting Token-2022 and ZK ElGamal Proof that could have permitted unauthorized minting. Due to this bug, the attackers could have targeted the unhashed components by creating a fake identity that easily passes verification. The Solana Foundation has recently encountered a bug that allowed hackers to mint some tokens and even take those tokens from users’ accounts. However, the bug has been reportedly fixed now. The Foundation’s analysis reveals that the vulnerability was first found on April 16, and it could have permitted a hacker to proceed with an invalid proof affecting the privacy of the blockchain platform, permitting Token-22 confidential tokens. Also, it mentioned that no known exploit of the vulnerability has been reported, and since then, the validators of Solana have adopted the patched version. The bug primarily bothered two programs, Token-2022 and ZK ElGamal Proof. Token-2022 is responsible for managing the main app logic for token mints and accounts. On the other hand, ZK ElGamal Proof verified the accuracy of zero-knowledge proofs to show precise account balances. As per the foundation, some algebraic components were removed from the hash in the Fiat-Shamir Transformation’s transcript generation, which identifies the creation of public randomness using a cryptographic hash function. Due to this bug, the attackers could have targeted the unhashed components by creating a fake identity that easily passes verification to mint and steal Token-22 confidential tokens. To resolve this major issue, two patches were placed. The Centralization Scrutiny A lot of Solana validators, including Anza, Firedancer, and Jit,o adopted the patches after two days of encountering the issue. Other firms such as Asymmetric Research, Neodyme, and OtterSec also facilitated it. The Foundation also noted that no funds have been tampered with and it is safe till now. Regardless of this, the validators have raised centralization concerns within the crypto community. One of them was a Curve Finance contributor who was concerned about the close relationship of the Foundation with Solana validators. It mentioned that the main issue is that everything was done privately, and now the bad actors already know that these channels exist, and it is a centralized point of failure in a decentralized system. Highlighted Crypto News Today: Arizona Governor Blocks Bill to Hold Bitcoin in State Reserves Source: https://thenewscrypto.com/solana-fixes-confidential-token-vulnerability-sparks-centralization-debate/
You may also like
The business of crypto VC is becoming promising
Homogenized industries are ultimately fragile; only when different species can emerge does the market truly come alive.
China's AI Compute Power Counterstrike
The cost itself is the progress.
Global Assets Plunge: Hormuz, Chips, and a South Korean Holiday
The Dollar Wins, Everyone Else Loses
Bloomberg has reported twice, Hyperliquid once again in Wall Street's radar
Weekend Front-Running
Trump Backs Crypto Bill, SEC Halts Leveraged ETF, What Is the English-Speaking Crypto Community Talking About?
What Was Hot in the Last 24 Hours Among Expats?
OpenClaw Floods Into Polymarket, Some Making Tens of Thousands Per Month
Are you ready to venture into Polymarket and dive into the shrimp farming craze?
Understanding Trump's "Warfare Playbook": Ten Signals Investors Must Know
Debriefing Trump's series of conflicts over the past year, this article outlines ten stages of Trump's conflict strategy, revealing the underlying logic between war, market fluctuations, and eventual negotiation.
Iranian Missile Heading Toward UAE, Claude Also Within Range
On March 1st, an Iranian missile struck an Amazon data center in the UAE. On the same day, Claude experienced a worldwide outage.
Successive Core Team "Heroes" Depart, Has Aave's DAO Dream Crumbled?
「This is not a matter of right or wrong, but rather a situation where existing governance mechanisms have not provided an effective resolution when interests and positions are misaligned.」
Is This the Year of the Robot? A Deep Dive into Robotics Projects
What are some noteworthy projects in the Robotic Race track?
When AI Takes Over Money: Bitcoin Becomes the "First Choice," Fiat Is Left Out
AI's view on "what makes a good currency" is already quite consistent.
AI Trading in Live Markets: 4 Lessons From a WEEX Hackathon Top 10 Finalist
AI trading meets real markets. Explore 4 lessons from a WEEX Hackathon Top 10 finalist on surviving volatility, trusting AI models, and building smarter crypto trading systems.
MegaETH Co-founder: 48 Hours After Leaving Dubai, I Reassessed the Entire Crypto Space
In an era of technological upheaval, rather than pursuing the "legitimacy" co-opted by power, it is better to sharpen the blade and build parallel systems that truly expand individual sovereignty.
Web3 Winter Mass Exodus: Resignations, Closures, Transformations, and Acquisitions
The intense collision between technology and capital, products and markets, vision and reality, each story reflects the confusion and unwillingness of the market participants.
Key Market Information Discrepancy on March 4th — A Must-Read! | Alpha Morning Report
1. Top News: Strait of Hormuz Emerges as Flashpoint in US-Iran Standoff, US Stocks Trim Losses, Asia-Pacific Markets Open Sharply Lower, Cryptocurrencies See Slight Recovery
2. Token Unlock: None
During the weekend market closure, Hyperliquid more accurately predicted the Gold reopening price than Binance
When markets are closed and real-time pricing is needed due to geopolitical risks, Hyperliquid takes the lead and is closer to the eventual futures reopening price.
OpenClaw thrusts crypto project Venice.ai into the spotlight as its token VVV surges over 500% in a single month
Openclaw Founder Advises Young People "Not to Waste Time on Cryptocurrency," Yet in its official documentation, it lists the cryptocurrency project Venice.ai as a recommended model provider.
Different Rulings in Similar Cases: Why can Uniswap go free while Tornado Cash cannot?
Time and tide wait for no man.
The business of crypto VC is becoming promising
Homogenized industries are ultimately fragile; only when different species can emerge does the market truly come alive.
China's AI Compute Power Counterstrike
The cost itself is the progress.
Global Assets Plunge: Hormuz, Chips, and a South Korean Holiday
The Dollar Wins, Everyone Else Loses
Bloomberg has reported twice, Hyperliquid once again in Wall Street's radar
Weekend Front-Running
Trump Backs Crypto Bill, SEC Halts Leveraged ETF, What Is the English-Speaking Crypto Community Talking About?
What Was Hot in the Last 24 Hours Among Expats?
OpenClaw Floods Into Polymarket, Some Making Tens of Thousands Per Month
Are you ready to venture into Polymarket and dive into the shrimp farming craze?
App