Meet the Top 101 in Crypto
Home / Education / Crypto / Blockchain / How Solana Beat a Historic 6 Tbps DDoS Attack Without Downtime While Sui Struggled
Blockchain
Complexity Icon Easy
10 min read

How Solana Beat a Historic 6 Tbps DDoS Attack Without Downtime While Sui Struggled

Published 17 December 2025
Onkar Singh
Authors
By Onkar Singh
Edited by Dr. Guneet Kaur
Solana Article
How Solana Beat a Historic 6 Tbps DDoS Attack Without Downtime

Key Takeaways

  • Solana withstood a historic 6 Tbps DDoS attack without downtime, demonstrating resilience comparable to Tier-1 internet infrastructure.
  • Layered defenses, QUIC, stake-weighted QoS, and local fee markets, worked together to filter spam and prioritize legitimate traffic.
  • Security efforts now span both present and future threats, from internet-scale DDoS attacks to quantum-era cryptographic risks.
  • Solana’s operational maturity has markedly improved, signaling a shift from experimental network to hardened production system.

The Solana network recently made history, though not through a new feature launch or explosive token price. Instead, it was by shrugging off a sustained, historic Distributed Denial of Service (DDoS) attack that peaked near 6 terabits per second (Tbps).

For context, this scale of malicious traffic rivals attacks against global cloud giants, yet Solana’s network data remained pristine: sub-second confirmation times and stable latency.

This resilience is a direct result of critical, post-outage engineering enhancements implemented over the last two years. The two primary pillars of this defense are the QUIC protocol and Stake-Weighted Quality of Service (SWQoS).

What Does a “6 Tbps DDoS” Actually Mean?

A DDoS attack tries to knock a system offline by overwhelming it with traffic.

Think of a store with one door:

  • Normal customers arrive steadily.
  • Attackers send thousands of people to stand in front of the door and never leave.
  • Real customers can’t get in, even though the store itself is fine.

A volumetric DDoS tries to overwhelm a target by blasting it with enormous amounts of data/packets (think “turning on every firehose in the city”). 6 Tbps is huge in internet terms; attacks in this range are usually associated with major cloud/CDN targets, not niche services.

Solana co-founder Anatoly Yakovenko said the massive 6 Tbps DDoS attack was actually a positive sign for the network. His point was that generating traffic at that scale is extremely expensive, meaning the attacker was likely spending an amount comparable to Solana’s own network revenue just to push data at it.

According to him, when attacking a blockchain costs that much and still fails to take it down, it shows the network has reached a level of economic strength where disruption is no longer cheap or effective.

Blockchains Have Entered The Tier-1 DDoS Threat Model

David Rhodus, CEO of Pipe Network, a Solana-based DePIN project, said that from a purely traffic-volume perspective, a 6 terabits-per-second attack is not just big for crypto, it qualifies as historic by overall internet standards. At that level, Solana sits alongside some of the most heavily targeted infrastructure ever attacked online.

He added that this event signals a shift in how blockchains are perceived, noting that they are now treated as Tier-1 DDoS targets, similar to major cloud platforms and critical internet services. An attack of this magnitude is far beyond amateur attempts and reflects industrial-scale, highly coordinated activity.

Network Performance Held Steady Despite Internet-Scale Attack

Pipe Network noted that the ongoing attack against Solana ranks among the largest ever observed on the internet. A volumetric surge of around 6 terabits per second means the network was being hit with billions of packets every second.

Under conditions like that, most systems would show clear signs of stress, such as higher latency, missed block slots, or slow confirmations. Instead, Solana’s on-chain performance metrics remained stable, with transaction confirmations staying around half a second, tail latency well under one second, and block timing largely unaffected.

Why Blockchains Are Especially Vulnerable To DDoS

Blockchains are harder to protect than websites because:

  • They are public by design
  • Anyone can send transactions
  • They operate on tight time schedules (block slots)
  • They rely on many independent machines instead of one central server

If attackers can flood the machines that produce blocks, they can cause:

  • Missed blocks
  • Network slowdowns
  • Fee spikes
  • In worst cases, full outages

Solana’s early years struggled with this exact problem, which is why this event matters.

Solana Filters Traffic Before It Becomes A Problem

Solana didn’t survive the attack because of one magical system. It survived because of multiple defensive layers, each stopping the attack at a different stage.

Think of it as airport security, not just a stronger door.

Layer 1: Modern Network Transport (QUIC Instead Of Raw UDP)

Layer-1 uses modern network transport via QUIC (Quick UDP Internet Connections) instead of raw UDP (User Datagram Protocol). Early designs relied on UDP because it is extremely fast, but UDP is stateless and does not verify or track senders, making it easy for attackers to flood the network with fake traffic. 

UDP’s pros and cons include:

  • Fast
  • But easy to spam
  • Hard to control under attack

Solana now uses QUIC, a modern transport protocol that:

  • Tracks connections
  • Limits abusive senders
  • Allows early rejection of junk traffic

QUIC, while still built on top of UDP, adds connection management, sender identification, congestion control, and rate limiting. This allows Solana to quickly identify and discard abusive traffic before it reaches block producers, preserving performance during attacks. 

In effect, QUIC keeps the speed benefits of UDP while adding safeguards that make large-scale DDoS attacks far harder to execute.

Why This Matters

Attack traffic gets identified and dropped before it reaches block production, reducing wasted effort.

Layer 2: Stake-Weighted Quality Of Service (The Core Innovation)

This is the most important part.

Solana gives priority access to block producers based on stake.

What Is Stake?

Stake is SOL that validators (or their delegators) have locked up to secure the network. It represents:

  • Economic commitment
  • Skin in the game
  • Real cost to acquire

How Stake-Weighted Priority Works

When traffic is heavy:

  • Validators with more stake are allowed to send more transactions to the block leader
  • Low-stake or unstaked senders are rate-limited
  • A large portion of block-producer capacity is reserved for stake-backed traffic

Why This Stops DDoS Attacks

Attackers can:

  • Create unlimited IP addresses
  • Spin up thousands of fake machines

But they cannot cheaply fake stake.

To overwhelm Solana under this system, an attacker would need to:

  • Buy or control a massive amount of SOL
  • Risk losing value if they damage the network

That turns DDoS from a technical attack into an extremely expensive economic attack.

Layer 3: Local Fee Markets (Damage Is Contained)

On many blockchains, congestion in one area affects everyone.

Solana uses local fee markets, meaning:

  • Fees rise only where congestion exists
  • The rest of the network stays usable

This prevents attackers from:

  • Causing chain-wide fee explosions
  • Making all transactions expensive at once

Spam becomes localized and costly, not globally destructive.

Layer 4: Hardened Validator Operations

Solana validators today are run more like professional infrastructure than hobby servers.

Key improvements include:

  • High-availability setups
  • Automatic failover
  • Better monitoring and alerting

This means:

  • One struggling machine doesn’t bring down a validator
  • One struggling validator doesn’t destabilize the network

Operational maturity matters just as much as protocol design.

So What Actually Happened During Solana-DDoS Attack?

Putting it all together:

  1. Attack traffic surged toward Solana infrastructure
  2. Network-level controls filtered obvious junk early
  3. Stake-weighted priority ensured real, stake-backed traffic still reached leaders
  4. Local fee markets prevented network-wide disruption
  5. Validators stayed online due to hardened operations

Result:

  • No downtime
  • No missed blocks at scale
  • No major fee shock

From a user perspective, the attack was largely invisible.

Notable Solana Network Outages

Solana’s early years were marked by several high-profile outages, largely tied to congestion, spam, and immature network controls.

  • September 2021: The network experienced its first major halt, lasting roughly 17 hours, after extreme bot activity during a token launch overwhelmed validators and caused a loss of consensus. A coordinated restart was required to bring the network back online.
  • 2022 (multiple incidents): Throughout 2022, Solana suffered several outages ranging from a few hours to most of a day. These were primarily caused by transaction spam, validator overload, and software bugs that led to stalled block production. During this period, the network also faced repeated episodes of degraded performance even when it did not fully halt.
  • October 2022: A consensus failure triggered by a validator configuration issue caused the network to pause for several hours, again requiring validator coordination to resume operations.
  • 2023: While full outages became less frequent, Solana still encountered periods of congestion and partial service degradation, often during spikes in demand or stress on validator infrastructure.
  • February 2024: Solana experienced a roughly five-hour outage after a software bug caused validators to enter an infinite processing loop. The network resumed after a patch was released and validators upgraded and restarted.

Why does this history matter?

These incidents shaped Solana’s engineering priorities, driving the introduction of stake-weighted quality of service, improved networking via QUIC, local fee markets, and more professional validator operations. The network’s ability to withstand a recent internet-scale DDoS attack without downtime highlights how materially its resilience has evolved compared with earlier periods.

Important Tradeoffs And Limitations

This design is powerful, but not free of tradeoffs:

  • Priority access favors staked, well-connected validators
  • Small or unstaked participants rely more on shared infrastructure
  • Peak attacks may still affect some RPC providers even if the chain stays healthy

In short:

  • Resilience increases
  • Pure openness decreases slightly

This is a conscious design choice.

Solana Tests Quantum-Resistant Signatures on Testnet

Solana’s recent testnet work on quantum-resistant signatures complements the network’s demonstrated ability to withstand today’s large-scale attacks, such as the 6 Tbps DDoS incident. While the DDoS defense showcased Solana’s strength against immediate, internet-scale threats, the quantum-resistance initiative reflects preparation for a different class of risk: long-term cryptographic compromise.

Solana has run quantum-resistant signatures on its testnet in collaboration with cryptography specialists Project Eleven. This involves deploying post-quantum digital signature schemes that are designed to remain secure against future quantum computing attacks, rather than relying solely on classical cryptography used by most blockchains today.

Together, the two efforts highlight a layered security philosophy. On the network side, protocols like QUIC, stake-weighted quality of service and local fee markets defend against volumetric spam and economic attacks in real time. On the cryptographic side, experimenting with post-quantum signatures addresses future scenarios where advances in computing could weaken today’s widely used signature schemes.

In effect, Solana is addressing both ends of the threat spectrum – resilience against present-day, industrial-scale attacks and proactive hardening against future cryptographic breakthroughs. The combination underscores a broader shift in blockchain design, where security is no longer limited to preventing outages, but also ensuring that network trust and asset safety can persist over decades, not just market cycles.

Sui Experienced Delayed Block Production And Degraded Performance

Reports from multiple sources indicate that Sui was hit by a DDoS attack on or about December 14, 2025 that caused significant delays in block production and periods of degraded network performance. 

Rather than continuing smooth operation like Solana, Sui’s nodes struggled to keep up with normal block creation under the attack. Users likely saw slower confirmations and possibly transaction backlogs while the network dealt with hostile traffic.

Why The Sui Outcome Matters

This contrast between Sui and Solana serves as a practical example of how different blockchain designs and protections influence real-world resilience:

  • Solana’s layered defenses helped keep block production stable despite huge traffic spikes.
  • Sui’s network under the same kind of pressure struggled to maintain consistent block production, meaning that users and validators experienced delays.

Put simply: Similar attack traffic can have very different effects depending on how a blockchain handles spam, prioritizes transactions, and manages network load.

You May Also Like

FAQs

What made the current Solana DDoS attack different from earlier Solana incidents?

Earlier outages were triggered by transaction spam overwhelming block producers internally. This attack was an external, volumetric flood at internet scale and Solana’s defenses stopped it before it could disrupt consensus.

Does stake-weighted quality of service reduce decentralization?

It introduces prioritization based on economic stake, which slightly favors staked participants during congestion. The tradeoff is improved network stability and resistance to spam-driven outages.

Why test quantum-resistant signatures now if quantum computers aren’t ready?

Cryptographic upgrades take years to research, test, and deploy. Testing early reduces long-term risk and avoids rushed transitions if quantum threats accelerate unexpectedly.

Can attackers still disrupt Solana in the future?

No system is attack-proof, but Solana’s design increasingly turns attacks into expensive economic exercises rather than cheap technical exploits, significantly raising the cost of disruption.

Disclaimer: The information provided in this article is for informational purposes only. It is not intended to be, nor should it be construed as, financial advice. We do not make any warranties regarding the completeness, reliability, or accuracy of this information. All investments involve risk, and past performance does not guarantee future results. We recommend consulting a financial advisor before making any investment decisions.
Onkar Singh

Onkar Singh has three years of experience as a digital finance content creator. Throughout his career, he has collaborated with various DeFi projects and crypto media outlets. In his leisure time, he enjoys fitness activities at the gym and watching movies across different genres. Balancing his professional and personal interests, Onkar continues to contribute to the digital finance landscape while pursuing his hobbies.

Email [email protected]
Close
By using CCN.com you consent to our privacy & cookie policy Continue
Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
By using CCN.com you consent to our privacy & cookie policy
Continue
DMCA.com Protection Status