Solana has patched a major security bug that could have allowed attackers to mint unlimited tokens or steal users’ assets. The flaw was found in its ZK ElGamal Proof system, which checks encrypted account balances and transactions. It only affected tokens based on the Token-2022 standard.
The vulnerability let attackers trick the system into approving fake actions, such as unauthorized withdrawals or unlimited token creation. Thankfully, Solana fixed the issue before any harm was done. Security firms like Asymmetric Research, Neodyme, and OtterSec helped with testing after the update.
Despite the quick fix, many in the crypto community were not happy. Critics slammed Solana for handling the matter too quietly. They argued that a truly decentralized network should not make such changes in private.
A developer from LambdaClass defended Solana, saying critics lacked technical knowledge. He added that Bitcoin faced a similar issue in 2018, which was also fixed quietly before going public.
Still, concerns grew. One investor, known as Clouted, worried that if validators can secretly apply fixes, they might also censor transactions or change blockchain data. Another user warned that this could be a sign of too much central control.
The incident has sparked debate about how blockchain platforms handle security issues. While Solana acted fast and prevented damage, the lack of transparency has raised red flags.
This case reminds the crypto world that security, openness, and decentralization must go hand in hand.
