CertiK Discovers Critical Vulnerability in Solana Phone, Allowing Assets to be Drained Within Seconds
In recent days, CertiK has identified a critical bootloader vulnerability in Solana Phone. CertiK's testing experts successfully jailbroke the phone within a minute and swiftly looted all assets stored on the device through a few simple steps.
The fundamental issue of this vulnerability lies in an insecure “bootloader unlock” feature. Apart from stealing users' assets, this vulnerability also exposes all personal data stored on the device. Over 2,100 devices have been at serious risk since early April.
Given the complexity of the vulnerability and the necessity of physical access, CertiK has informed Solana and publicly issued this vulnerability warning to safeguard Web3 users and encourage them to take effective measures to protect their assets.
CertiK released a video on November 15, providing a detailed analysis of this vulnerability. They emphasize that this vulnerability is not exclusive to Solana Phone and recommend that relevant projects and developers take immediate action to strengthen bootloader protection.
Disclaimer:
The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.
Slowmist Releases October Web3 Security Incident Report
TEAMZ Web3・AI Summit 2025: Bringing Global Leaders to Tokyo
Russia Establishes Legal Framework and Standards for Crypto Mining
Japan’s Crypto Industry to Launch “Self-Regulation” of Stablecoins
0.00