$SOL The Solana Foundation and Jito teams directly contacted validators to address the identified vulnerability. The bug was discovered by Anza specialists.

The error concerned the ZK ElGamal proof program and theoretically affected confidential tokens issued under the Token-2022 program.

The bug was that some algebraic components were not included in the hash when converting Fiat-Shamir. An experienced attacker could exploit the vulnerability to create fake proofs. This allowed them to perform unauthorized actions, including issuing an unlimited number of coins and withdrawing them from any account.