Ranking
Categories
Historical Snapshots
Token unlocks
Yield
Real-World Assets
Trending
Upcoming
Recently Added
Gainers & Losers
Most Visited
Community Sentiment
Chain Ranking
Overall NFT Stats
Upcoming Sales
Market Overview
Spot Market
Derivatives Market
No. of Cryptocurrencies
Bitcoin Treasuries
BNB Treasuries
Fear and Greed Index
Altcoin Season Index
Market Cycle Indicators
Bitcoin Dominance
CoinMarketCap 20 Index
CoinMarketCap 100 Index
Crypto ETFs
Bitcoin ETFs
Ethereum ETFs
RSI
MACD
Signals
Trending
New
Gainers
Meme Explorer
Top Traders
Spot
Derivatives
Spot
Derivatives
Feeds
Topics
Lives
Articles
Converter
Newsletter
CMC Launch
CMC Labs
Telegram Bot
Advertise
Crypto API
Site Widgets
Airdrops
Diamond Rewards
Learn & Earn
ICO Calendar
Events Calendar
News
Academy
Research
Videos
Glossary
Solana bug fix provokes government debate amid security vulnerability in ZK
- Solana developers have identified a bug in the Token-2022 program that affected confidential Token-22 tokens.
The bug in the ZK ElGamal Proof program allowed forging a zero-disclosure proof, which theoretically opened the door for attackers to issue an unlimited number of tokens or empty users' accounts.
An autopsy conducted by the Solan Foundation on May 3, 2025, confirmed that there were no exploits and all funds were intact. The problem lay in missing algebraic components in the Fiat-Shamir transform, one of the key features of Solana's private data transfer protocol.
the Foundation, in conjunction with Anza, Firedancer, and Jito, released two patches in a matter of days. By April 18, most validators had applied the patches, keeping the network stable.
cybersecurity companies Asymmetric Research, Neodyme and OtterSec also provided support. The rapid response shows that #Solana secures the Token-2022 standard, which supports advanced features such as encrypted transfers for private transactions.
The patch itself, while successful, has raised concerns about the Solana Foundation's closed coordination with validators.
Critics, including Curve Finance employee and #Ethereum community member Ryan Berkmans, called the approach centralized and expressed fears of collusion between validators.
the problem is that it was done behind the scenes.
How did someone get a list of all the validators and their contact information?
What else are they communicating about in these communication channels?
Solana Labs CEO Anatoly Yakovenko defended this strategy in a May 3, 2025 post X, stating that closed coordination was necessary to quickly address the zero-day vulnerability.
