Foresight News reports that the Brave research team has released a report indicating that the blockchain transaction authorization system zkLogin has three main vulnerabilities. The report shows that these vulnerabilities are not implementation issues but are inherent flaws in zkLogin’s current architecture and the overall system.
The three types of vulnerabilities identified include: zkLogin’s implicit reliance on externally issued JSON documents that may contain semantic ambiguities, the system converting short-term holder verification documents into permanent authorization credentials, and zkLogin introducing privacy and governance risks through re-centralized trust. None of these vulnerabilities involve cryptographic cracking or zero-knowledge proof breaches; instead, they stem from semantic ambiguities, lack of binding guarantees, and architectural trust transfer.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
The DBXen_crypto contract was attacked, resulting in a loss of approximately $150,000.
Gate News Report, March 12 — According to BlockSec monitoring, suspicious transactions targeting the DBXen_crypto contract were detected, estimated to have caused losses of approximately $150,000. The root cause is the inconsistency in the sender's identity in the ERC2771 meta-transaction, which allows attackers to manipulate the reward settlement logic and steal assets from the contract.
GateNews40m ago
AI scams escalate! Cryptocurrency ATM fraud losses may reach $333 million in 2025, with US complaints soaring by 33%
The report shows that with the use of AI and deepfake technology, cryptocurrency ATM scams in the United States are rapidly increasing, with losses expected to reach $333 million by 2025. Crypto ATMs are widely exploited due to low authentication standards, with seniors being significantly affected. The scams are diverse, and AI technology has enhanced the efficiency of fraud. Regulators have begun to pay attention and have proposed relevant legislation to strengthen protections.
GateNews1h ago
Solana Meme Coin Platform Bonk.fun Official Website Hacked, Users' Funds Stolen After Signing Malicious Terms
A security incident occurred on the Bonk.fun platform, where an attacker gained control of the domain and injected malicious content, resulting in some users' funds being stolen. The team has issued a warning, suspended operations, and taken measures to restore security. The attack mainly affected users who signed false agreements. As cyberattack techniques advance, the encryption industry faces greater risks.
GateNews1h ago
BONK.fun has been hacked! Wallet stealer launched, user funds are directly at risk
Solana meme coin platform BONK.fun was hacked, with internal team accounts compromised, leading to the deployment of a wallet theft program. Users are advised to stop interacting immediately. This incident highlights the platform's security vulnerabilities and may accelerate user attrition, with market share dropping from 84% to 7%. Future security measures need to be strengthened to prevent similar attacks.
MarketWhisper1h ago
US Crypto ATM Scam Losses Reach $333 Million, Up 33% Year-over-Year, AI Deepfake as New Scam Tool
According to CertiK report, by 2025, the United States will see crypto ATM scam losses reaching $333 million, with complaints increasing to 12,000 cases, mostly involving elderly victims. The scams are diverse, and AI technology has made the situation worse, increasing the difficulty of tracking down perpetrators.
GateNews1h ago
Hackers Hijack Bonk.fun Domain, Deploy Wallet-Draining Phishing Prompt
The Bonk.fun platform warns users to avoid its site after hackers compromised an account, deploying a phishing prompt to drain wallets. The attack impacted only users who engaged with the malicious prompt, and losses were limited due to quick detection.
Decrypt2h ago
