Solana Protocol Library bug could have led to a steal of $27 million per hour

banner-image

The Neodyme-based security researcher believes that the reference document for Solana projects, Solana Protocol Library (SPL), could have seen attackers stealing money from multiple Solana projects with the rate of $27 million per hour due to a bug in the document.

The affected projects mainly include lending protocols Larix and Solend and yield aggregator Tulip Protocol.

The blog post titled “How to Become a Millionaire, 0.000001 BTC at a Time” revealed that the bug was first publicly noticed by one of Neodyme’s auditors, Simon, on Github in June. However, the security researcher did not think of the impact and exploitation the back could cause, and it went unnoticed.

Simon recently saw that the bug was still open and hasn’t been fixed. After he raised the concern, security researchers started testing to examine the seriousness of the exploitation the bug could cause. The researchers found that the Solana bug can steal millions in tiny pieces.

Solana Labs has fixed the documents

As per the Solana reference document, they round off the funds to the nearest whole number while withdrawing. This will only happen if the user owns a fraction of Lamport, the smallest reference unit (similar to the smallest unit of Bitcoin, Satoshi). This results in some people getting an extra fraction of their tokens, while some end up getting a slightly less amount than what they own. However, it would be a minute amount per user, and on average, roughly equals out.

The researchers tested the bug and estimated that they could execute it 150-200 times in a single transaction and put multiple of these transactions in a single block resulting in a loss at a rate of $27 million per hour.

This is not the first time to have a bug in the crypto lane. White hat hackers constantly track different documents and infrastructures of blockchain projects. Sushiswap recently found having a bug. However, it refused the claims.

The researchers contacted several Solana projects that work prone to get affected by the bug. The project has fixed the bug. 

After Solana Labs heard about the bug, it also fixed the reference documents to avoid any attack. You can get this guide on Solana by TheCoinRise.

July 10, 2025

Bitcoin Pepe is catching fresh attention as its centralized exchange (CEX)..

July 10, 2025

Australia has recently announced a new trial to test how digital..

July 10, 2025

Crypto investors may be underexposed to Bitcoin upside, even as option..

features-presales-thunder

Floppypepe ($FPPE) is your ticket to the moon. Escape the ordinary and reach for lunar gains with this AI meme token. Secure your spot now before it's too late.

Join Now