According to BlockBeats, on May 5, Solana developers cautiously patched a critical zero-day vulnerability that could allow attackers to mint an unlimited number of tokens and steal funds from user accounts. The vulnerability was discovered on April 16, 2025, affecting the core cryptographic components of the Token-2022 and ZK ElGamal Proof programs, both of which are central to Solana's confidential token architecture.
To address the vulnerability, Solana's core development team (Anza, Firedancer, and Jito) worked closely with well-known blockchain security audit firms such as OtterSec, Asymmetric Research, and Neodyme. These teams acted swiftly to investigate the vulnerability and develop a secure fix.
The patch was privately distributed to a selected group of validators starting April 17. Within 24 hours, more than 70% of the network's stakers adopted the fix, surpassing the absolute majority threshold required for overall network security. The vulnerability was only publicly disclosed after the vast majority of validators implemented the update, thereby minimizing the risk of the vulnerability being exploited. (Finance Feeds)
