Foresight News reports that the Brave research team has released a report indicating that the blockchain transaction authorization system zkLogin has three main vulnerabilities. The report shows that these vulnerabilities are not implementation issues but are inherent flaws in zkLogin’s current architecture and the overall system.
The three types of vulnerabilities identified include: zkLogin’s implicit reliance on externally issued JSON documents that may contain semantic ambiguities, the system converting short-term holder verification documents into permanent authorization credentials, and zkLogin introducing privacy and governance risks through re-centralized trust. None of these vulnerabilities involve cryptographic cracking or zero-knowledge proof breaches; instead, they stem from semantic ambiguities, lack of binding guarantees, and architectural trust transfer.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Solana Foundation CPO: The Drift security incident is a case-by-case matter and does not indicate that there is a systemic problem in Solana DeFi
Solana Foundation Chief Product Officer Vibhu Norby responded to the Drift Protocol security incident, confirming that an attack occurred. The cause of the attack is still under investigation. The incident is related to operational security or social engineering, highlights the potential risks of multisig mechanisms, and says that this incident does not represent a systemic issue with Solana DeFi.
GateNews20m ago
Ledger CTO: Drift attack methods are similar to a certain CEX incident in 2025, or involve North Korean hackers
Ledger CTO Charles Guillemet noted that Drift Protocol’s exploitation method is similar to a 2025 CEX hack incident, and that the security issues mainly stem from people and operations rather than code defects. The attacker infiltrated a multisig device to trick the signer into approving a malicious transaction.
GateNews51m ago
Magic Eden Wallet Users Told to Export Keys as Support Winds Down
Magic Eden is discontinuing its wallet app, transitioning to an export-only mode, which means users must export their private keys to avoid losing access to their funds. This change emphasizes the importance of self-custody and key preservation for cryptocurrency users.
CryptoNewsFlash1h ago
Drift Protocol was hacked, resulting in a loss of 285 million US dollars.
On April 1, 2026, Drift Protocol in the Solana ecosystem was hacked, resulting in losses of about $285 million. The attacker obtained administrator permissions for a multisig wallet, swiftly withdrew funds, and transferred them cross-chain to Ethereum, becoming the largest single security incident in the DeFi space. The investigation found that the attack was caused by a multisig management configuration flaw: the lack of a time-lock mechanism allowed the attacker to execute malicious actions immediately. The incident caused Drift’s total value locked to drop sharply, significantly impacting the Solana ecosystem.
InstantTrends2h ago
Quantum threats arrive early? Google simulates a “9-minute crypto heist” scenario, 6.9 million Bitcoins at risk
Google's quantum AI team research indicates that the quantum computing power required to break Bitcoin is far lower than expected, potentially less than 500,000 qubits. Research simulations show that hackers could intercept ongoing Bitcoin transactions within 9 minutes, and that about one-third of the Bitcoin is stored in already exposed wallets, increasing the risk of quantum attacks. While Bitcoin's Taproot upgrade strengthens privacy, it also increases the exposure of public keys, raising the risk to assets.
区块客2h ago
Former chairman of Huìwan, Li Xiong, has been extradited! China is investigating a $4 billion money-laundering network involving scam compounds in Southeast Asia.
Li Xiong was extradited back to China from Cambodia, involving a cross-border money laundering case tied to the $4 billion Weiwang Group. The case has exposed the links between the Southeast Asian scam industry chain and crypto funds. Experts noted that the group, as a scam infrastructure provider, supports online scams and the movement of funds. Despite intensified international crackdown efforts, the money-laundering network remains highly adaptable, making it extremely difficult to trace.
CryptoCity3h ago
