Solana Avert Millions in Losses Following This Critical Patch
Thanks to a swift and carefully executed patch, Solana has dodged a major security bullet. The critical update, which Laine Stakewiz disclosed to the public only after a substantial portion of the network had been secured, highlights the blockchain community’s adept handling of potential threats.
The Solana Patch
The discovery of the vulnerability and subsequent patch unfolded with precision.
The first outreach began on August 7, 2024, at 14:56 UTC. Key members of the Solana Foundation contacted stakeholders through various communication channels. These contacts, personally known and verified, sent a message detailing an imminent critical patch, accompanied by a hashed identifier.
The hashed message was immediately validated by prominent figures from Anza, Jito, and Solana Foundation across platforms such as Twitter [X], GitHub, and LinkedIn.
Given that the patch itself exposed the vulnerability, immediate action was needed to avoid potential exploitation. The urgency of the situation was underscored by a set date and time for receiving and applying the patch.
Follow-up and Implementation
Over the next 24 hours, more core members of the Solana Foundation reinforced the need for prompt and trustworthy patch applications. Two separate Solana Foundation representatives gave further instructions at 14:00 UTC on August 8, 2024, the scheduled time.
The instructions included downloading, verifying, and applying the patch, which was hosted on GitHub by a trusted Anza engineer. The patch files were open to manual code review, ensuring transparency and code security. More importantly, operators were not required to use closed-source binaries.
Through careful outreach, the patch was initially applied to a huge minority of nodes and rapidly to a supermajority [66.66%] of the network stake. Once 70% of the stake had been updated, the network’s security was effectively restored. After that, the vulnerability and patch were disclosed publicly, with an urge for the remaining operators to upgrade quickly.
Contacting validators might seem daunting, but it is managed through a combination of active Discord and Telegram groups, Twitter[X] interactions, and personal connections within the community. Despite time zone challenges, Solana’s swift, coordinated response highlights the community’s effectiveness and resilience.
Check out Nexera (NXRA) Suffers $1.5 Million Exploit, Attacker Linked to Multiple Incidents