2 hours ago
4 
The Solana Foundation confirmed the bug got reported on April 16. Their team fixed it in under 48 hours. Core developers from Anza, Jito, and Firedancer led the response. Security firms OtterSec, Neodyme, and Asymmetric Research also joined efforts.
This issue never reached the public. Solana chose to address it quietly to avoid panic or misuse.
The Root Cause: Confidential Transfers
The bug lived inside the “confidential transfers” feature. This feature hides transaction details using zero-knowledge proofs. Specifically, it uses the ZK ElGamal system.
A missing math element in the cryptographic hash caused the problem. That gap let attackers create fake proofs. These forgeries looked real to the system.
Using these false proofs, someone could mint endless tokens. They also could empty accounts without leaving a trace.
Security Response and Lessons Learned
The rapid fix prevented disaster. No thefts or exploits have been reported.
SOL developers continue to audit Token-2022. They aim to stop future threats before they start. The Foundation stressed the value of teamwork during this incident.
Strong cryptography isn’t enough without careful implementation. This event proves that even advanced features need constant review.
The post Solana Patches Critical Token Bug Before Major Exploit appeared first on Coindoo.
Bengali (Bangladesh) · 
English (United States) ·