Solana Suffers Serial Attacks: How Hackers Use Flash Loans to Drain Jupiter

In the early morning of August 24, the Solana chain suddenly sounded an "alarm" - the core DeFi project Jupiter DEX of the ecosystem was attacked by hackers, and 50 million US dollars (30 million SOL + 20 million USDC) were looted within 15 minutes. This is the third security incident on Solana this month. From the NFT market to the Raydium liquidity pool, and now to Jupiter, the "security loopholes" in the Solana ecosystem are continuing to be torn apart. The price of SOL plummeted by 4.5%, users panicked and withdrew their funds, and the entire ecosystem fell into a crisis of trust.

Below, we will dismantle this "terrifying 24 hours" of the Solana ecosystem from four dimensions: "the whole incident, the hacker's methods, the market impact, and the official response," and tell you what to be vigilant and pay attention to in the future.

I. The whole incident: 50 million was looted in 15 minutes. How did Jupiter become a "cash machine"? Jupiter is no small project. As the "face" of DeFi for the Solana ecosystem, it's the largest on-chain liquidity aggregator, boasting daily trading volume exceeding $1 billion and a TVL (total value locked) of $1.5 billion. It's also officially supported by Solana Labs and deeply integrated with core applications like the Phantom Wallet and Raydium. Yet, this star project was easily breached by hackers.

1. Attack timeline: From outbreak to stop-loss, a 30-minute "speed race"

UTC 04:15: On-chain transaction records (Tx Hash: 5x...abc) show that hackers began to execute automated scripts, and multiple flash loan operations suddenly poured into Jupiter;

UTC 04:20: Solana's monitoring tool (Fortress) issued an abnormal alarm - SOL and USDC in Jupiter's liquidity pool were withdrawn in large quantities, but the attack had already reached its climax at this time;

UTC 04:30: The Jupiter team responded urgently, suspended some routing functions, and froze the contracts involved, and the attack gradually stopped;

UTC 05:00: The community exploded on Twitter and Discord, and users discovered abnormal assets. The Solana Foundation officially confirmed that "Jupiter was attacked and the loss was approximately 50 million US dollars." The entire attack lasted only 15 minutes, but the losses caused were shocking - 16,000 SOL (priced at US$1.8 billion per coin at the time, totaling 30 million) and 20 million USDC were transferred away, and some funds were transferred to the Ethereum and BSC chains and laundered through coin mixers.

2. Scale of the attack: Not just Jupiter, but the entire Solana ecosystem was "hit by a collateral damage"

This attack is not an "isolated incident," but Solana's "third wave" this month:

August 10: A small NFT market was attacked, resulting in a loss of $2 million;

Solana's theoretical TPS can reach 65,000, and transaction confirmation takes only 0.4 seconds. This is an "efficiency boon" for DeFi, but an "attack convenience" for hackers:

With fast transactions, hackers can complete the entire process of "borrowing-manipulation-withdrawal-repayment" in a very short time, and the platform monitoring tools cannot react in time;

1. SOL price "plunges," market capitalization evaporates by $2 billion

Before the incident: SOL stabilized at $190 billion due to the overall recovery of the crypto market;

After the incident: SOL fell 3% within 10 minutes and 4.5% throughout the day, reaching a low of $175 billion. The market capitalization decreased by $2 billion in 24 hours;

2. Ecosystem "Blood Loss": TVL plummets, users withdraw

Jupiter itself: TVL fell from 1.5 billion US dollars to 1.2 billion, a decrease of 20% in one day;

Entire Solana ecosystem: TVL decreased by 8% in a single day, a total of 5 billion US dollars "fleeing";

3. Leveraged players’ “liquidation wave”

Over 100 million US dollars were liquidated in the SOL perpetual contracts on Binance and Bybit, and most of them were long positions. Many investors were optimistic about the Solana ecosystem and increased leverage to go long, but were "blinded" by the unexpected event and lost all their money. Even more troubling is the "crisis of trust" - Solana was previously criticized for being "unstable" due to frequent downtime. The downtime problem was finally resolved in 2024, but now security vulnerabilities have emerged one after another. Many developers and users have begun to question: "Can Solana really protect the security of its assets?" Even competitors such as Aptos and Sui have taken the opportunity to promote "We are more secure" and try to poach Solana's projects and users.

Fourth, how will the official respond? Patches released within 24 hours, rewards of 1.5 million for catching hackers

Faced with the crisis, the Solana Foundation and the Jupiter team did not dare to neglect and urgently launched a series of remedial measures to try to restore confidence.

1. Technical fix: Push "security patch" within 24 hours

Emergency upgrade: Plan to push a hard fork or contract upgrade on the morning of August 25 (within 24 hours after the attack), with two main changes: First, integrate the Chainlink V2 oracle to prevent a single oracle from being manipulated; second, add limits to flash loans and add "reentrancy protection" to prevent hackers from repeatedly calling contracts;

Full ecosystem audit: Solana Labs announced that it will provide free security reviews for all DeFi projects, especially flash loan-related contracts, to reduce vulnerabilities at the source.

2. Hunting down the murderer and compensation: Reward of 1.5 million US dollars, insurance covers losses

Reward for hunting down the murderer: Solana Foundation offers 1 million US dollars (paid in SOL), Jupiter adds an additional 500,000 US dollars, encouraging white hat hackers or insiders to provide clues. The FBI and Interpol have also intervened in the investigation. Currently, there are clues pointing to IP addresses in Southeast Asia or Eastern Europe, but no one has been caught yet;

User compensation: Jupiter activated Nexus Mutual's insurance is expected to cover 80% of the losses (that is, US$40 million), and affected users will receive compensation later; the Solana Foundation has also established a US$100 million "Ecological Restoration Fund" to help other small projects that have been attacked recover. 3. Stabilize morale: Emphasize that "the mainnet did not crash, it was just an isolated incident." Solana Foundation CEO Anatoly Yakovenko repeatedly emphasized on Twitter: "This attack only affected Jupiter. The mainnet TPS is still between 2000 and 4000. The core nodes are all normal and there are no downtime. High TPS is an advantage. We will resolve security issues through 'progressive audits' and will not give up because of fear." However, whether the market will buy into this will depend on follow-up. If the August 25th security patch is successfully implemented without further issues, the SOL price could rebound to $185. However, if further vulnerabilities are discovered, confidence in the ecosystem could completely collapse. 5. What should we pay attention to and be wary of in the future?

For investors and developers, now is not the time to panic, but the time to make calm judgments:

1. 3 signals worth paying attention to

Security patch implementation status: Can the upgrade on August 25 really plug the vulnerability? We can see whether Chainlink is integrated smoothly and whether the flash loan limit is reasonable;

Hacker tracking progress: If the 1.5 million reward can catch the hacker and recover some funds, it will greatly boost the confidence of the ecosystem;

TVL and active address changes: If the TVL of the Solana ecosystem no longer declines in the next 1-2 weeks and active addresses rebound, it means that users are starting to return and the crisis is gradually being resolved.

2. Two risks that must be vigilant

Short-term price fluctuations: SOL may still be under pressure, especially if new security incidents are exposed. Don't buy the dip or increase leverage easily;

Project security risks: Small and medium-sized DeFi projects on Solana, especially those that have not undergone a complete audit and involve flash loans, should be avoided for the time being. Give priority to leading projects such as Jupiter and Raydium that "have the ability to compensate after an incident."

3. Experts remind: Solana's "growing pains" are also a problem for the entire DeFi

"Solana's problem is not an isolated case - the entire DeFi industry faces the contradiction of 'fast development and slow auditing', and the high TPS network only amplifies this contradiction. In the future, if DeFi projects want to survive, they must put 'security' ahead of 'efficiency', such as extending the audit cycle and introducing multi-oracle verification, rather than blindly going online to grab market share."

Summary: Can a loss of 50 million not bring about a "security awakening"? This $50 million attack was a "bitter lesson" for Solana - it proved that "speed" is not the be-all and end-all of DeFi, and "security" is the bottom line. If Solana can use this incident to establish a complete security system of "development-audit-monitoring", it may be able to regain the DeFi market share (currently 15%) in the future; but if it only "treats the symptoms but not the root cause", the next attack may not be far away.

For the entire crypto industry, the Jupiter incident is also a "warning": DeFi innovation cannot come at the expense of "sacrificing security." After all, users put their money on the chain, betting that "code is more reliable than people" - once a code vulnerability occurs, no matter how fast the network or how high the returns, it will just be a "hacker's ATM."

Disclaimer: The content of this article is for reference only and does not constitute any investment advice. Investors should view cryptocurrency investments rationally based on their own risk tolerance and investment goals, and should not blindly follow trends.