The Solana Foundation organization announced the resolution of a vulnerability that allowed attackers to forge proof of ownership and issue private tokens Token-22. The error affected the Token-2022 and ZK ElGamal Proof programs related to the minting logic and zero-knowledge disclosure.

The problem arose due to missing components in the hash during the generation of the Fiat–Shamir transcript. This allowed for the creation of false proof and minting of assets. The vulnerability was discovered by experts on April 16, 2025, and was successfully resolved within a short period.

Organization representatives emphasized that no exploit was recorded, and all user funds are secure. Developers from the Anza, Firedancer, and Jito projects, as well as independent auditors OtterSec and Neodyme, participated in the development of the patch.$SOL