The post Solana Addresses Major Security Flaw Behind Closed Doors appeared on BitcoinEthereumNews.com.

As revealed on August 9, the Solana blockchain mitigated a substantial security threat through a silent patch applied across its ecosystem. This action was initiated and completed before a public disclosure was made, safeguarding the network from potential exploitation by malicious actors, as per disclosure by Laine, a prominent Solana validator. How Solana Secretly Patched The Security Flaw The saga began on August 7, 2024, when the Solana Foundation’s core members identified and moved to address a critical vulnerability. The first communication about the impending patch was cryptically delivered to network validators via private messages from known and verified contacts within the Solana Foundation. These messages were secured with a hashed message which contained a unique identifier of the incident and a timestamp, providing validators a verifiable means to trust the authenticity of the communication. The hash was publicly posted by notable figures across multiple platforms including Twitter/X, GitHub, and LinkedIn, establishing a layer of public acknowledgment without revealing specific details about the vulnerability. “This question has arisen but it’s really not that complicated. Most validators are active on Discord, many are also active in various Telegram groups, we interact on Twitter/X and might even know Anza or Foundation employees personally from Breakpoint etc. It’s tedious but not difficult to DM validators in order to pass on such messages, especially with a group of 5-8 core people all participating in this outreach,” Laine explained. By August 8, the foundation had detailed instructions ready for validators. These instructions, dispatched precisely at 14:00 UTC, included links to download the patch from a GitHub repository managed by a recognized engineer from Anza. Consequently, validators were instructed on how to verify the downloaded files using provided SHA sums. Thus, they were able to manually inspect the changes. This ensured that operators were not blindly…

---

Filed under: News - @ August 10, 2024 12:20 pm