In a move that’s raising eyebrows across the crypto space, the Solana Foundation quietly patched a major vulnerability in April—one that could’ve enabled attackers to mint unlimited Token-2022 coins or withdraw them from any account.
The flaw was first flagged on April 16 by developers at Anza, who then collaborated with other major teams like Jito and Firedancer. With additional reviews from security firms including Ottersec and Neodyme, a fix was quickly developed and distributed to validators. By April 18, a supermajority had quietly upgraded their nodes—only then did Solana make the issue public on Discord.
- Telegram’s Billionaire Boss Pledges Fortune to Over 100 Children — But There’s More to This StorySpread the love Pavel Durov, the enigmatic founder of Telegram and often dubbed “the Mark Zuckerberg… Read more: Telegram’s Billionaire Boss Pledges Fortune to Over 100 Children — But There’s More to This Story
The vulnerability affected a lesser-used token standard on the network—Token-2022—with only about $16.5 million in circulation, according to CoinGecko. Still, the flaw had serious implications, allowing the creation of forged zero-knowledge proofs that could bypass cryptographic checks.
While no exploitation has been reported, the hush-hush nature of the fix is now under scrutiny. Critics argue the stealth coordination contradicts the decentralized ethos of blockchain. Some users compared the fix to centralized collusion, warning that validator power might be too concentrated.
Solana co-founder Anatoly Yakovenko and other supporters countered, saying this type of response is standard across most blockchains—even Ethereum. In fact, others praised Solana’s fast and effective handling of the situation, pointing out similar quiet fixes in Bitcoin’s past.
As the crypto industry matures, the debate between transparency and security is set to continue. One thing is clear—Solana may have prevented a major disaster, but not without opening a wider conversation about who really controls the chain.
