The Solana development team announced the fix for a critical vulnerability that allowed criminals to forge proof of ownership and create private tokens Token-22. This breach was related to the Token-2022 and ZK ElGamal Proof programs associated with minting and zero-knowledge information disclosure.
This is reported by Finway
The issue arose due to missing elements in the hash algorithm during the generation of the Fiat-Shamir transcript, which enabled the creation of a false proof and the minting of assets. The vulnerability was discovered by experts on April 16, 2025, and was quickly addressed.
Representatives from the Solana Foundation assured that no exploit was recorded and that all user funds remain secure. The patch development involved specialists from the Anza, Firedancer, and Jito projects, as well as independent auditors OtterSec and Neodyme.
Criticism of the Quick Fix
However, the swift and non-public resolution of the issue sparked outrage among community members. Many expressed concerns that Solana is coordinating its actions with validators in a closed format, which could undermine the principles of decentralization.
Solana co-founder Anatoly Yakovenko noted that similar practices are also observed in Ethereum, where validators have centralized elements. However, critics pointed out that Ethereum has a variety of clients, while Solana has only one – Agave.
Future Plans
Solana developers plan to implement a new solution called Firedancer, which is expected to enhance the network’s resilience. However, experts believe that one new client is not enough – for true decentralization, at least three different clients are needed.
“The Canadian public company SOL Strategies is investing up to $500 million in Solana.”