• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Saturday, July 11, 2026
  • Login
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home Crypto

Solana library bug could have seen attackers stealing $27 million every hour

by Baisakhi Mishra
December 5, 2021
in Crypto, News
Reading Time: 3 mins read
0
Solana project bug went unnoticed for six months 

Image Source: Reddit

TwitterWhatsappLinkedin

For six months, a publicly publicized problem affecting important Solana projects went unnoticed. According to security experts, it might have stolen hundreds of dollars per second.

You might also like

The StubHub Secret: How a “Fan Marketplace” is Actually Run by a Massive Ticket Scalper

PlayStation Faithful Eye the PC Escape Route Amid Major Sony Strategy Shifts

Wisconsin Prosecutors Clash With Circle Over Stolen Crypto Recovery

Solana project bug went unnoticed for six months

Solana project bug went unnoticed for six months 
Image Source: Coincu News

A bug in the Solana Protocol Library (SPL), a set of reference materials for Solana projects, may have permitted attackers to steal $27 million per hour from many Solana projects.

Tulip Protocol, a yield aggregator, and the loan protocols Solend and Larix were among the projects affected. These initiatives presently manage $1.7 billion in assets (although this figure was much greater before today’s market fall).

The flaw was originally publicly exposed by one of Neodyme’s auditors, known as Simon, on file-sharing platform GitHub in June, according to a blog post. The security researchers didn’t know if it could be exploited or how great of an impact it may have at the time. The Solana project bug went unnoticed for six months.

Simon noticed that the bug had not been resolved and that the issue was still open on December 1. Because of his fears, security researchers at Neodyme began testing to determine if the problem could be exploited and how dangerous it was.

According to Neodyme, the bug was a “seemingly innocuous rounding error,” but they soon discovered that it had the ability to steal a fortune — in millions of tiny bits.

This is how the bug operated. Simply, there is a process for when you put money into and take money out of Solana apps. The procedure would round monies to the nearest whole number at the point of withdrawal if it followed the SPL reference papers.This would only happen if the user was owed a fraction of the smallest unit of reference, known as a Lamport (this is similar to a satoshi, the smallest amount of Bitcoin).

This worked in both directions. Some folks would end up with a little surplus of tokens. Others would receive a small fraction of what they were entitled to. However, it would be a negligible sum per person, and it would about equalize on average.

But, the researchers reasoned, if someone tried to rig the system, wouldn’t they end up taking the small extra amounts? And if they did this again, they could be able to generate a considerable sum of money.

On a clone of the blockchain, the researchers put their theory to the test. They sent a transaction to exploit the flaw, and it was successful in stealing 0.000001 BTC ($0.047) owing to a rounding error.

The researchers calculated that they could use this problem 150-200 times in a single transaction and that many of these transactions might be grouped together in a single block. They estimated that a mistake like this might steal $7,500 every second, or $27 million each hour.

In terms of how much money may be stolen in total, it’s unclear how long this kind of exploit could have gone unnoticed before security measures were implemented. That would depend on how obvious the attackers were and how swiftly or slowly they carried out the attack. However, the researchers were well aware that more than a billion bucks were at stake.

The researchers quickly contacted a number of Solana projects they suspected were harmed by the problem. It was a considerably more difficult task because many Solana projects are closed-source, and they misidentified a couple of projects. However, they were able to contact Solend, Tulip, and Larix, who were all able to resolve the issue.

Solana Labs has also corrected the reference papers since the flaw was discovered, ensuring that future projects following its guidelines will not reintroduce it.

If you find this article informative then do share it with your friends and family!

Also read: Wrapped LUNA Token: Everything you need to know

Tags: #Solana
Tweet54SendShare15
Previous Post

Sachin Bansal’s Navi Mutual Fund files for blockchain fund with SEBI

Next Post

Samsung Galaxy S21 FE new leaks by Samsung

Baisakhi Mishra

Recommended For You

The StubHub Secret: How a “Fan Marketplace” is Actually Run by a Massive Ticket Scalper

by Anindya Paul
July 11, 2026
0
StubHub

Usually, when enthusiasts get connected to StubHub, they think they are buying tickets from an ordinary user whose ticketing process had been interrupted for some unfortunate reasons. Through...

Read more

PlayStation Faithful Eye the PC Escape Route Amid Major Sony Strategy Shifts

by Anindya Paul
July 11, 2026
0
PlayStation

The video gaming industry is undergoing a remarkable transformation in respect to the way consumers enjoy the games they play, leading to rising disappointment among those who have...

Read more

Wisconsin Prosecutors Clash With Circle Over Stolen Crypto Recovery

by Anindya Paul
July 11, 2026
0
Wisconsin

When a Wisconsin resident fell victim to a sophisticated romance scam, local authorities successfully traced the stolen funds across the blockchain. Nevertheless, the straightforward financial inquiry has quickly...

Read more
Next Post
Samsung Galaxy S21 FE new leaks by Samsung

Samsung Galaxy S21 FE new leaks by Samsung

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at info@techstory.in

Advertise With Us

Reach out at - info@techstory.in

Aviator Game India 2026

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple Artificial Intelligence bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News OpenAI samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2025 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2025 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?