检测到令牌2022标准的机密转移中严重的零日缺陷

据称，使用零知识证明保存交易保密的以隐私为中心的秘密转让与该问题有关

A severe zero-day flaw in the Token-2022 standard’s confidential transfer was detected by the Solana Foundation on April 16, 2025. The vulnerability enabled attackers to manipulate zero-knowledge proofs, which could lead to unauthorized token minting or theft of user assets.

索拉纳基金会（Solana Foundation）于2025年4月16日检测到了令牌标准标准的严重零日缺陷。该脆弱性使攻击者能够操纵零知识证明，这可能导致未经授权的标记造币或盗窃用户资产的盗窃。

While the issue was quickly resolved, with a fix being distributed within two days, the response has sparked a conversation about centralization in the Solana ecosystem.

虽然问题很快解决了，但解决方案在两天内分发，但回应引发了关于索拉纳生态系统集中化的对话。

As per reports, the issue was linked to privacy-focused Token-2022 secret transfers, which use zero-knowledge proofs to preserve transaction secrecy. The flaw, if exploited, could allow an actor to mint an unlimited supply of tokens or drain assets from user accounts. Fortunately, no funds were lost in the incident.

根据报道，该问题与以隐私为重点的代币-2022秘密转移有关，该转移使用零知识证明来保留交易保密。该缺陷，如果被利用，可以允许演员造成用户帐户中无限的令牌或排水资产的供应。幸运的是，事件中没有损失资金。

Key contributors, including Anza, Firedancer, Jito, Asymmetric Research, Neodyme, and OtterSec, worked in coordinated efforts to patch the vulnerability. By April 18, the majority of validators had adopted the updated version of the code, securing the network from possible exploits. The Solana Foundation detailed the effectiveness of this response in a detailed post-mortem published on May 2.

包括Anza，Firendancer，Jito，不对称研究，Neodyme和Ottersec在内的主要贡献者，他们努力协调努力来修补脆弱性。到4月18日，大多数验证者已经采用了该代码的更新版本，从而使网络免受可能的利用。 Solana基金会在5月2日发布的详细验尸中详细介绍了这一反应的有效性。

But the private handling of the issue has also come under fire. Some argue that this undermines transparency as the Foundation chose not to disclose the vulnerability publicly until the fix was implemented.

但是，对问题的私人处理也受到了抨击。有人认为，这会破坏透明度，因为基金会选择在实施该问题之前不公开披露漏洞。

This approach has been criticized by some on platforms like X as it highlights centralization risks, given that a coordinated action of a handful of validators would raise questions about the decentralized nature of Solana.

鉴于少数几个验证者的协调行动会引起有关Solana的分散性质的疑问，因此某些方法强调了集中化风险，因此在X等平台上批评了这种方法。

Rapid Fix, Hidden Risks

快速修复，隐藏的风险

The Solana Foundation also published a post-mortem detailing the timeline of the incident. The vulnerability was detected on April 16, and we started to develop the solution right away. The patch was rolled out within 48 hours, and the network was stable. The report also confirmed that no user funds were lost, and the feature that allows users to conduct confidential transfers was secured against potential abuse.

索拉纳基金会还发表了验尸，详细介绍了事件的时间表。 4月16日发现了漏洞，我们开始立即开发解决方案。该补丁在48小时内推出，网络稳定。该报告还证实，没有用户资金丢失，并且允许用户进行机密转移的功能可抵抗潜在的滥用。

The resolution turned out successfully, but the lack of immediate public disclosure has stirred up the debate. And some stakeholders are concerned that users weren’t alerted to the risks before the fix went live, because the fix was rushed into place in a two-day window. They argue that this opacity could undermine the trust in Solana’s decentralization credentials as the platform is facing increasing regulatory scrutiny.

该决议成功地阐明了，但是缺乏直接的公开披露引起了辩论。而且一些利益相关者担心用户在修复之前没有警告风险，因为修复程序已在为期两天的窗口中赶到了位。他们认为，随着平台面临越来越多的监管审查，这种不透明度可能破坏对索拉纳的权力下放证书的信任。

As per a 2023 audit by Halborn, the Token-2022 program had vulnerabilities that allowed users to bypass transfer fees or move non-transferable tokens. These conflicts were settled, but the recent case highlights the lasting struggles of keeping safety when working on a quick-paced blockchain world.

根据Halborn的2023年审核，令牌2022计划具有漏洞，使用户可以绕过转移费或移动不可转移的代币。这些冲突已经解决，但最近的案件突出了在快速节奏的区块链世界上保持安全的持久斗争。

Also, the Foundation’s decision to put speed over transparency has been compared by some to the 2022 Terra–Luna collapse, which resulted in the loss of trust in centralized decision-making in blockchain networks. Solana’s situation may be different, but the incident illustrates that security and openness are two sides of the same coin.

此外，将基金会提高透明度的速度的决定已与2022 Terra-Luna崩溃进行了比较，这导致区块链网络中集中决策的信任丧失。 Solana的情况可能有所不同，但事件说明安全性和开放性是同一枚硬币的两个方面。

Centralization Concerns Take Center Stage

集中化问题是中心舞台

Solana’s decentralized structure has raised questions after swift coordination among validators. In a May 5 post on X, Neoma Ventures expressed concern about the fact that a small group was able to make so many changes so quickly, which raised the question of whether the level of centralization behind that would run contrary to the principles of blockchain technology. It is also in line with broader debates within the crypto community about governance and control.

索拉纳（Solana）的分散结构在验证者之间迅速协调后提出了问题。在5月5日的X上发布，Neoma Ventures对一个小组能够如此迅速地进行了如此多的变化表示关注，这提出了一个问题，即背后的集中化水平是否会违反区块链技术的原则。它也与加密货币社区中有关治理和控制的更广泛的辩论一致。

Solana’s reliance on a proof-of-stake model as outlined in its white paper has long been discussed. The model allows for high scalability and speed at the expense of concentrating influence on a smaller number of validators. The recent incident has resulted in increased pressure on transparency and better disclosure standards to regain trust from users.

长期以来，讨论了索拉纳（Solana）对白皮书中概述的依赖股票证明模型。该模型允许高伸缩性和速度，而牺牲了对较小数量验证器的集中影响。最近的事件导致透明度的压力增加了，并更好地披露了用户的信任。