Follow Us "https://stocktwits.com/news articles/markets/cryptocurrency/solana zk proof hole fixed/chiBLuMRbj9")
A critical bug in Solana’s ZK ElGamal Proof program was responsibly disclosed, swiftly patched, and never exploited.
On April 16, 2025, a researcher reported a potential exploit in the Solana (SOL) ZK ElGamal Proof program.
Though no known attack occurred, a proof-of-concept confirmed that an attacker could craft fake proofs to pass verification, potentially forging tokens or draining Token-2022 confidential balances. Engineers from Anza, Firedancer, and Jito worked swiftly to investigate and patch the issue.
By April 17, both an initial fix and a follow-up patch were developed, reviewed by security firms Asymmetric Research, Neodyme, and OtterSec, and shared privately with validator operators.
A super majority of stake adopted the patch by April 18, ensuring the cluster’s security. Public announcement followed in Discord at 21:01 UTC that day.
The bug arose because certain algebraic components were omitted from the Fiat-Shamir hashing process used in zero-knowledge proof verification. This omission exposed a loophole, allowing forged proofs.
Only Token-2022 confidential tokens were affected. With the patch now live (Agave ≥v2.1.21, Jito-Solana ≥v2.1.21-jito, Firedancer ≥v0.411.20121), the vulnerability is resolved.
No action was required for Token-2022 itself.
All funds remain safe, and no attacker exploited the flaw in practice. Audits and thorough reviews have further reinforced the code.
For updates and corrections, email newsroom[at]stocktwits[dot]com.<
 "iPower Stock Rises After Forming Domestic Packaging Venture To Boost US Manufacturing: Retail Loads Up On The Shares")
 "Ford, GM, Stellantis Reportedly Get Rare-Earth Supply Boost From China After Trump-Xi Call")
 "SuperCom Stock Surges As New Midwest Contract Expands US Presence: Retail Traders Upbeat")