Rugpulls and hack attacks are not new to blockchain projects. Since the start of the year alone, different DeFi projects have lost as much as $2 billion to hackers and cyber pirates. During the current week, the Badger DAO project suffered from a hack by unauthorized withdrawals that resulted in a $120 million loss. In the same manner, researchers have recently revealed a bug on the Solana network that posed a massive threat.
The researchers at Neodyme recently published a blog post describing in detail a bug within the Solana Protocol Library or SPL that could have exposed the network to $2.6 billion worth of stolen crypto reserves. As noted by Neodyme, if hackers tried to exploit the bug, they could siphon off $27 million per hour from the Solana-based DeFi projects.
According to the Solana network management, the bug in the SPL has been fixed for now. However, investors are worried about the fact that a researcher named Simon had reported the bug as early as June this year. Simon posted about the bug on his Github timeline. The developers of the Solana network neglected the issue, considering that it made a small fraction of loss and was not an immediate threat.
The researchers at Neodyme checked the bug once again, and it was still not fixed. Neodyme researchers further explained that the seemingly innocuous bug takes advantage of the SPL round funds nearest the whole number near withdrawals. The researchers explained that with this bug, the hackers could siphon off only a small fraction from each user, but the aggregate amount is quite a massive number lost from the whole network.
Solana Network Investors are Worried about Security of their Transactions
Neodyme researchers also revealed that hackers could have stolen a massive amount of cryptocurrencies from the network by executing the bug 150-200 times per transaction at an estimated speed of $7,500 TPS. The most vulnerable projects to get affected by this bug are the Tulip Protocol yield generator, Solend, Larix, Soda, and other TVL options with millions locked in.
The Neodyme researchers tried to approach as many DeFi protocols running on the Solana network. Since most of these projects are closed-sourced, the researchers faced a difficult time in approaching the main developers behind each project. However, the Solana Network management has been alerted, which has reportedly fixed the bug for now.