The #Solana Foundation recently patched a serious flaw in its privacy-focused Token-22 system that could have allowed attackers to forge fake zero-knowledge proofs (ZKPs). This bug could have enabled unauthorized minting of tokens or withdrawal from other accounts.

Reported on April 16 via #Anza ’s GitHub, the vulnerability involved missing algebraic components in the #ZK ElGamal Proof program, a part of #Solana’ s confidential transfer mechanism. This flaw meant invalid proofs could be wrongly accepted by the #blockchain .

Development teams from #Anza , Firedancer, and Jito verified and swiftly fixed the issue. Patches were quietly rolled out to validators starting April 17, with further updates issued later that day. Third-party firms, including Asymmetric Research, Neodyme, and OtterSec, reviewed the fixes.

The main #SPL tokens and Token-2022 logic were unaffected. No exploits have been detected, and all funds remain safe.