Wu learned that the Solana Foundation has disclosed a second zero knowledge verification vulnerability in the native ZK ElGamal Proof program. Security researcher suneal-eth reported a vulnerability on June 10th, and the engineering team confirmed that it was possible to forge privacy transfer certificates. On June 11th, they upgraded the token-2022 program through multiple signatures and directly disabled Confidential Transfers (privacy function transfers). Subsequently, the official urgently called for the verification of node upgrades Agave/Jito Solana v2.2.16 or Firedancer v0.505.20216, and activated the feature switch on the main network epoch 805 (UTC June 19th 06:00) to completely shut down the ZK ElGamal program, pending a comprehensive audit. The official emphasized that there is currently no large-scale use of private transfer on the chain, and there is no record of fund damage. It is reported that this is the second Fiat Shamir hash field omission issue in the same program, following the first ZK ElGamal vulnerability on April 16th (which was resolved after hot fixes in v2.1.21/v2.2.11). The foundation stated that it will take at least "several months" to reactivate private transfers, and after the audit is completed and a secure version of the program is released, it will be activated through the governance process. Regular SPL tokens and regular transactions are not affected. https://www. (wublock123.com)/index.php? m=content&c=index&a=show&catid=6&id=44653