Brave Software researchers have disclosed critical vulnerabilities in zkLogin, a widely-deployed blockchain authentication system used across the Sui ecosystem, potentially affecting over 7.6 million transactions and more than 500,000 user addresses.
The comprehensive security analysis, led by Brave's security researcher Sofía Celi alongside colleagues from Imperial College London, reveals that zkLogin's fundamental security assumptions fail under realistic attack scenarios—not because the cryptography is broken, but because the system builds zero-knowledge proofs on top of fundamentally flawed authentication infrastructure.
"Zero-knowledge proofs can't fix what they can't see," the researchers write in their disclosure. "Our analysis shows that real-world ZK authorisation systems are only as secure as the authentication infrastructure they're built on."
The Core Problem
zkLogin allows users to authorise blockchain transactions using familiar OAuth credentials from providers like Google and Facebook, theoretically combining Web2 convenience with Web3 security. The system generates zero-knowledge proofs that verify users possess valid JSON Web Tokens (JWTs) without revealing the tokens themselves.
However, the research team identified three critical vulnerability classes. First, zkLogin uses "ad-hoc selective parsing" that doesn't enforce proper JSON validity or canonical encoding, allowing malformed tokens with duplicate or shadowed claims to pass verification.
Second, the system transforms short-lived authentication tokens into long-term authorisation credentials while weakening essential security bindings between issuers, applications, and users. Third, it introduces privacy risks by exposing sensitive user data to third-party proving services never part of the original consent flow.
Real-World Attack Scenarios
The researchers demonstrated that an attacker could register a malicious AWS Cognito issuer, extract API keys from browser storage, construct fraudulent JWTs, and generate valid zkLogin proofs for unauthorised identities—all without breaking any cryptography.
"The vulnerability arises entirely from missing bindings between RP identity, issuer trust, subject identity, and proof authorisation, not from cryptographic flaws," the paper states.
The team followed responsible disclosure practices, sharing detailed findings with zkLogin designers and Sui in November 2025. However, their February 2026 follow-up indicates the response addressed only client-side key exposure while dismissing the broader architectural concerns.
What Users Should Know
For the estimated 500,000+ zkLogin address holders, the risks are tangible. The system stores long-lived authorisation materials in browser-accessible storage, creating exposure to malicious extensions or compromised environments. Additionally, forwarding JWTs to external proofing services discloses personal information, such as email addresses, to third parties who were never authorised during the original login.
The research team recommends strict issuer allow-listing, cryptographic binding between all authentication components, eliminating browser storage of sensitive credentials, and requiring explicit user consent before sharing JWTs with external services.
This disclosure serves as a cautionary tale for the emerging zero-knowledge proof ecosystem: cryptographic soundness alone cannot guarantee security when the underlying authentication layer remains ambiguous, poorly validated, and architecturally fragile. As zkLogin and similar systems gain adoption for digital identity wallets and government attestations, the need for rigorous, end-to-end security analysis becomes critical.
You can check the full technical analysis.