A serious vulnerability has just been successfully patched on the Solana blockchain – which has been criticized multiple times for technical incidents. If exploited, this vulnerability could allow an attacker to create unlimited tokens, threatening the entire ecosystem of tokens using the Token-2022 standard of the network.
ZK ElGamal – Small error, big consequences
This security flaw is called the 'ZK ElGamal Proof Program Bug', discovered on April 16, 2025. It affects transactions using the Token-2022 standard – a feature supporting transaction anonymization. Malicious actors could manipulate transaction validity proofs and create an unlimited number of tokens, thereby losing control of the money supply and undermining trust in the ecosystem #solana .
This is one of the most serious errors in the history of this blockchain's development.
Solana reacts quickly – fixes the bug in just 2 days
As soon as the incident was discovered, the Solana Foundation proactively contacted major validators, collaborating to fix it within just 2 days, with a high consensus from the network. However, the identity of the bug discoverer has not yet been disclosed, and Solana has not confirmed whether it offered a bug bounty.
Criticized for 'decisions in the dark'
A segment of the community on social media X has publicly criticized the Solana Foundation for handling the incident quietly, not immediately informing users, arguing that this reflects a concentration of power and lack of transparency.
In response, Anatoly Yakovenko, co-founder of Solana, affirmed $ETH that other major networks like Bitcoin have also handled similar errors discreetly to avoid network-wide damage. For example, in 2018, Bitcoin encountered a bug that could print $BTC indefinitely, and developers contacted mining pools privately to fix the issue before the information was widely disclosed.
Solana continues to face trust pressure
In the past, Solana has experienced multiple operational disruptions, affecting hours of service and threatening the value of users' assets. Each new security incident further tests trust in the network, forcing the development team to react extremely quickly to protect the entire ecosystem.
Contact with crypto users:
For the crypto investment community, especially users on major exchanges like Binance, this incident serves as an important reminder of the security risks of young blockchains. Although Solana handled it quickly, it still demonstrates the complexity and potential dangers of modern blockchain systems, especially with rapidly expanding networks and integrated anonymity features.
Risk warning:
Investing in cryptocurrency always comes with high risks. Even major blockchains can have serious technical vulnerabilities. Users need to stay alert, regularly update, and thoroughly assess before participating in any ecosystem. This is not a field suitable for everyone.