Ranking
Categories
Historical Snapshots
Token unlocks
Yield
Real-World Assets
Trending
Upcoming
Recently Added
Gainers & Losers
Most Visited
Community Sentiment
Chain Ranking
Crypto
Politics
Sports
Overall NFT Stats
Upcoming Sales
Market Overview
Spot Market
No. of Cryptocurrencies
Bitcoin Treasuries
BNB Treasuries
Fear and Greed Index
Altcoin Season Index
Market Cycle Indicators
Bitcoin Dominance
CoinMarketCap 20 Index
CoinMarketCap 100 Index
Crypto ETFs
Bitcoin ETFs
Ethereum ETFs
RSI
MACD
Overview
Liquidations
Funding Rates
Signals
Trending
New
Gainers
Meme Explorer
Top Traders
Spot
Derivatives
Spot
Derivatives
Feeds
Topics
Lives
Articles
Converter
Newsletter
CMC Launch
CMC Labs
CMC Max
Top Stories
Telegram Bot
Advertise
Crypto API
Site Widgets
News
Academy
Research
Videos
Glossary
Ask CMC AI
AI Alerts
Airdrops
Diamond Rewards
Learn & Earn
ICO Calendar
Events Calendar
Solana fixes vulnerability that could allow infinite token mining.
- Catenaa Saturday, May 10, 2025 - Solana Validators has patched a critical zero-day vulnerability that could allow attackers to mint unlimited tokens or steal user funds, the Solana Foundation recently announced.
The flaw, discovered on April 16, targeted the ZK ElGamal Proof program, a system used for zero-disclosure proof-of-concept verification that supports confidential #token transfers in accordance with the #Solana Token-2022 standard.
Despite the potential chaos caused by the vulnerability, there have been no reports of exploitation and all funds are safe, the foundation said.
Within 48 hours of discovering the breach, the Solana Foundation coordinated a response, bringing together validators to rapidly deploy two critical patches to the network.
the team intentionally did not disclose the issue until the patches were deployed to prevent any malicious exploitation.
Although the Confidential Transfers feature has been available in Solana since October 2023, usage has remained minimal. It was originally reported that the feature was being used in Paxos' USDP stable token, but Paxos denied the claims, stating that none of its tokens currently utilize confidential transfers.
the Foundation did not say who first discovered the bug or whether they were rewarded for finding the bug. Attempts to contact Solana representatives for comment were unsuccessful.
Foundation co-founder Anatoly Yakovenko defended the closed approach in a post on X, comparing the coordination of validators to similar consensus dynamics in #Ethereum involving major players such as Lido, #Binance and Coinbase.
