CertiK Discovers Critical Vulnerability in Solana Phone, Allowing Assets to be Drained Within Second

2025-09-06 00:35:59 Classification：Blockchain Query read(21281)

In recent days,Digital CertiK has identified a critical bootloader vulnerability in Solana Phone. CertiK's testing experts successfully jailbroke the phone within a minute and swiftly looted all assets stored on the device through a few simple steps.

The fundamental issue of this vulnerability lies in an insecure “bootloader unlock” feature. Apart from stealing users' assets, this vulnerability also exposes all personal data stored on the device. Over 2,100 devices have been at serious risk since early April.

Given the complexity of the vulnerability and the necessity of physical access, CertiK has informed Solana and publicly issued this vulnerability warning to safeguard Web3 users and encourage them to take effective measures to protect their assets.

CertiK released a video on November 15, providing a detailed analysis of this vulnerability. They emphasize that this vulnerability is not exclusive to Solana Phone and recommend that relevant projects and developers take immediate action to strengthen bootloader protection.

Disclaimer：

The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.