- Buy Crypto
- Markets
Futures- Spot
- Copy Trade
- Earn
- More
Inside Solana’s Secret Patch for Confidential Token Exploits
By: cryptosheadlines|2025/05/05 08:45:01
0
Share
Airdrop Is Live CaryptosHeadlines Media Has Launched Its Native Token CHT. Airdrop Is Live For Everyone, Claim Instant 5000 CHT Tokens Worth Of $50 USDT. Join the Airdrop at the official website, CryptosHeadlinesToken.com – Advertisement –A Solana ZK-Proof flaw allowed forging confidential token transfers; patches rolled out within 48 hours to prevent exploits.Engineers fixed unhashed data gaps in Solana’s ZK ElGamal program, stopping unauthorized mints or withdrawals.In April 2025, a security report submitted to the Anza GitHub repository outlined a potential flaw in Solana’s ZK ElGamal Proof program, a component tied to its confidential token system. The report included a proof of concept demonstrating how an attacker could create invalid proofs that the program might accept. Engineers from Anza, Firedancer, and Jito confirmed the issue within hours, finding that unhashed data in the program’s verification process could allow forged transactions.No exploits were detected before the patchBy the evening of April 17, Solana Foundation and Jito teams began privately distributing a fix to validator operators. Later that night, a second related flaw was identified, prompting another update. Both patches underwent review by security firms Asymmetric Research, Neodyme, and OtterSec before reaching validators. By April 18, over two-thirds of the network’s validators had implemented the fixes, ensuring the blockchain’s security. A public announcement followed that evening, confirming the cluster’s stability.Solana’s Token-2022 standard, which supports confidential transfers, relies on two components: the Token-2022 program for managing tokens and the ZK ElGamal Proof program for verifying encrypted balances. The latter uses a cryptographic method called the Fiat-Shamir Transformation to convert interactive proofs into non-interactive ones. This process requires hashing all mathematical inputs to generate verification parameters.The vulnerability stemmed from incomplete hashing during proof verification. Attackers could exploit this gap to fabricate transactions, such as minting tokens without authorization or withdrawing from protected accounts. The patch, released in versions Agave v2.1.21/Jito-Solana v2.1.21-jito and later iterations, corrected the hashing process. Firedancer’s update (v0.411.20121) incorporated the same adjustments.No changes were needed for the Token-2022 program itself, as the issue was isolated to the proof system. Security audits conducted prior to the incident and post-patch reviews confirmed the solution’s effectiveness.The coordinated response prevented disruption to Solana’s network. Validators adopted the updates swiftly, and no funds were compromised. While the incident underscores the challenges of securing complex cryptographic systems, the resolution highlights the effectiveness of collaborative problem-solving in decentralized environments.For users of Token-2022 confidential tokens, the takeaway is clear: the system remains secure, but vigilance is part of the process. Developers continue to prioritize proactive measures, ensuring that potential risks are addressed before they materialize.Source: SOL/TradingviewAs of now, Solana (SOL) is trading at $146.27, showing a -0.88% decrease in the last 24 hours and a -2.18% decline over the past 7 days. Its market capitalization stands at approximately $75.77 billion, placing it firmly in the top 10 cryptocurrencies. With a circulating supply of over 520 million tokens, SOL continues to be one of the leading Layer 1 blockchains focused on high-speed, low-cost transactions.From a technical standpoint, SOL remains bullish over the medium-term with gains of 18.6% over the last 30 days, though recent corrections signal possible consolidation. Its trading volume in the past 24 hours is around $1.7 billion, slightly lower, which may indicate some cooling in short-term momentum. Key resistance remains near $150, while strong support holds around the $140 mark.Based on current chart patterns and market sentiment, ETHNews predict SOL may reach $162.50 within the next 7–10 days, assuming no major market disruption. However, a failure to hold $140 support could bring it down to $134 briefly.Source link
You may also like
From Mining Enterprise to Infrastructure Builder, Bitdeer Unpacks the Survival Logic behind BTC
Profit margins nearing the red line, miners are starting to use Bitcoin as fuel.
How Can Agentic Commerce Empower AI to Start Making Money?
The first wave of moneymaking AIs has arrived, which projects are worth paying attention to
February Correction: Is the Crypto Market Bottoming Out?
Based on historical experience, the most intense phase of this downturn may be about to end.
AI Payments Through the Lens of Fintech Giants: Five Levels, Stablecoin Infrastructure, Next-Gen Globalized Commerce
Stripe took fifteen years to turn seven lines of code into a business empire that powers 1.6% of the global GDP. Its next move is to define the next generation of global business rules.
Zuckerberg Retweets Stablecoin, Can Meta Win This "Comeback Game"?
Compared to the Libra era of 2019 when it attempted to disrupt the global financial system, the 2026 Meta is demonstrating a more stable and compliance-oriented approach.
Polymarket New Rule Release: How to Build a New Trading Bot
In 2026, a truly winning trading Bot is not the fastest taker, but the most excellent liquidity provider
Bitwise: The Institutional Wave is Here, So Why is the Market Still Sleeping?
There is a significant gap between the perceived cryptocurrency market and the actual cryptocurrency market.
WEEX LALIGA Partnership 2026: Where Football Excellence Meets Crypto Innovation
WEEX becomes official crypto exchange partner of LALIGA in Hong Kong and Taiwan. Discover how this partnership brings together football excellence and trading discipline.
AI Apocalypse, a massive short squeeze
AI is not the doomsday prophecy, but the dawn of a new era of abundance stemming from the collapse of cognitive cost.
The "Second Truth" of the Luna Crash: Jane Street Exits Ahead of Plunge
In the cryptocurrency industry that touts "decentralization," true asymmetry may have never disappeared.
Jane Street Market Manipulation, Stripe Considering Acquiring PayPal, What's the Overseas Crypto Community Talking About Today?
What Was Trending for Expats in the Last 24 Hours?
WEEX × LALIGA 2026: Trade Crypto, Take Your Shot & Win Official LALIGA Prizes
Unlock shoot attempts through futures trading, spot trading, or referrals. Turn match predictions into structured rewards with BTC, USDT, position airdrops, and LALIGA merchandise on WEEX.
a16z: Why Do AI Agents Need a Stablecoin for B2B Payments?
Smart contracts will be more like corporate entities, forming long-term relationships with their vendors and partners.
February 24th Market Key Intelligence, How Much Did You Miss?
1. On-chain Funds: $172.4M inflow to Ethereum this week; $233.9M outflow from Arbitrum
2. Highest Price Variation: $ESP, $MYX
3. Top News: AC's "Never Rekt" new project Flying Tulip has experienced a rug pull, currently priced at $0.0989
Web4.0, perhaps the most needed narrative for cryptocurrency
What is Justin Sun's All-in Web4.0 Vision?
Some Key News You Might Have Missed Over the Chinese New Year Holiday
On the day of commencement, should we go long or short?
Key Market Information Discrepancy on February 24th - A Must-Read! | Alpha Morning Report
1. Top News: Tariff Uncertainty Returns as Bitcoin Options Market Bets on Downside Risk
2. Token Unlock: $SOSO, $NIL, $MON
$1,500,000 Salary Job: How to Achieve with $500 AI?
The Essence of Agentification: Use algorithms to replicate your judgment framework, replacing labor costs with API costs.
From Mining Enterprise to Infrastructure Builder, Bitdeer Unpacks the Survival Logic behind BTC
Profit margins nearing the red line, miners are starting to use Bitcoin as fuel.
How Can Agentic Commerce Empower AI to Start Making Money?
The first wave of moneymaking AIs has arrived, which projects are worth paying attention to
February Correction: Is the Crypto Market Bottoming Out?
Based on historical experience, the most intense phase of this downturn may be about to end.
AI Payments Through the Lens of Fintech Giants: Five Levels, Stablecoin Infrastructure, Next-Gen Globalized Commerce
Stripe took fifteen years to turn seven lines of code into a business empire that powers 1.6% of the global GDP. Its next move is to define the next generation of global business rules.
Zuckerberg Retweets Stablecoin, Can Meta Win This "Comeback Game"?
Compared to the Libra era of 2019 when it attempted to disrupt the global financial system, the 2026 Meta is demonstrating a more stable and compliance-oriented approach.
Polymarket New Rule Release: How to Build a New Trading Bot
In 2026, a truly winning trading Bot is not the fastest taker, but the most excellent liquidity provider
App