[]

Advertisement

Solana Sees Largest DeFi Outflows After Bug Patch Raises Centralization Concerns

Solana started the week with the largest net outflows over 24 hours, as users took funds off of the chain.
By: Squiffs • May 06, 2025
Solana bug patch cover image

Market participants rushed to protect themselves and take money off of Solana after news broke on Saturday that developers had patched a previously unknown bug on the blockchain.

Solana experienced a flurry of outflows over the weekend and into Monday after the ecosystem’s Foundation published its post mortem on the bug patch, with a net negative flow of $11 million between May 4-5.

For comparison, Ethereum experienced a net positive flow of $1.6 million over the same period, and Bitcoin netted $1.9 million. The second-largest net negative flow after Solana was Berachain, which experienced a $8.4 million outflow.

the-defiant
Net flows over 24 hours, May 4-5. Source: Artemis Terminal

The vulnerability would have allowed an attacker to infinitely mint and withdraw tokens by forging an invalid proof that would have been accepted by the chain’s proof program. The program is known as the ZK ElGamal Proof program and it is used for application logic for token mints and accounts.

According to the post mortem from Solana, the bug was first reported on April 16, and was patched by April 18, after validator operators successfully reached consensus.

While some users are happy there was such a quick turnaround to fix the bug before it was exploited, Ethereum maxis are taking the opportunity to call Solana centralized again.

A user known as Clouted, who is the founder of ETH Strategy, an ETH treasury protocol, took to X saying: “Am i hearing this right? There was a zero day on solana mainnet and >70% of the validators privately colluded to upgrade and patch the critical bug before it was even made public".

Solana Lab’s cofounder Anatoly Yakovenko was quick to address the original statement, replying: “Bro, it’s the same people to get to 70% on ethereum. All the lido validators (chorus one, p2p, etc..) binance, coinbase, and kraken. If geth needs to push a patch, I’ll be happy to coordinate for them.”

In August 2024, Solana developers also quietly patched a different vulnerability before it was exploited, also leading to discussions of the ecosystem’s centralization.

Our articles are stored on Filecoin.

Advertisement

Get an edge in Crypto with our free daily newsletter

Know what matters in Crypto and Web3 with The Defiant Daily newsletter, Mon to Fri

90k+ Defiers informed every day. Unsubscribe anytime.