Quickly understand the history and background of various well-known coins

Solana's Silent Patch Prevents Major Token Vulnerability, Market Drops 5%

Coin WorldMonday, May 5, 2025 5:01 am ET

1min read

Solana Foundation has disclosed that a critical vulnerability in its Token-2022 standard was silently patched in April, preventing a potential major security breach. The flaw, if exploited, could have allowed attackers to mint an unlimited number of tokens or withdraw funds from any account without authorization.

The issue was first reported on April 16 and was resolved within two days. The patch was coordinated by core development teams from Anza, Jito, and Firedancer, with additional support from security firms Asymmetric Research, Neodyme, and OtterSec. The vulnerability affected a specific feature in Solana’s Token-2022 framework known as “confidential transfers.” This feature uses zero-knowledge cryptography, specifically the ZK ElGamal proof system, to enable private transactions. However, a missing algebraic component in a hash used for cryptographic verification left the system open to manipulation.

This flaw allowed a malicious actor to forge a valid cryptographic proof, potentially enabling them to mint new tokens or drain existing accounts without detection. Although no exploit was observed, the revelation caused some market jitters. The combined value of these tokens dropped by around 5%, settling at $16.1 million after the news broke.

While the vulnerability was handled swiftly, Solana’s decision to keep the issue under wraps drew mixed reactions from the community. Critics argued that quietly coordinating such a fix reflects an uncomfortable level of centralization within the network. One community member questioned whether validators could use similar coordination to carry out or cover up harmful actions in the future.

Others, however, defended the approach. Industry veterans, including developers from Bitcoin and Polygon, pointed out that silent patches are a standard best practice when dealing with zero-day bugs. These behind-the-scenes efforts, they argued, prevent real-time exploits while teams work on a secure fix. hudson James, a VP at Ethereum layer-2 network developer Polygon Labs, stated that this practice is common in the industry and is necessary for maintaining the security of the network.

Solana co-founder Anatoly Yakovenko also weighed in, stating that validator coordination is not unique to his blockchain network. He compared the process to similar consensus-building mechanisms on Ethereum, involving validators like Lido, Binance, coinbase, and Kraken. Yakovenko emphasized that such coordination is essential for the smooth operation and security of the blockchain network.

Disclaimer: the above is a summary showing certain market information. AInvest is not responsible for any data errors, omissions or other information that may be displayed incorrectly as the data is derived from a third party source. Communications displaying market prices, data and other information available in this post are meant for informational purposes only and are not intended as an offer or solicitation for the purchase or sale of any security. Please do your own research when investing. All investments involve risk and the past performance of a security, or financial product does not guarantee future results or returns. Keep in mind that while diversification may help spread risk, it does not assure a profit, or protect against loss in a down market.