Risk of malware/virus attacking OS of critical number of verifying nodes?

What is the risk of a malware / virus infecting the operating system of a critical minority of node(s) performing transactions or verifications on this blockchain? Are there any mitigations in the blockchain or node software to prevent such an attack, or to allow for disaster recovery of the blockchain ledger as a result of such an attack?

2 Likes

Unless I am missing something, I think this is an excellent question (not just for Solana, but BTC and other PoS SCPs as well). I have not seen any serious discussion of this anywhere, and think it is very important to delve into this.

In my research, I have only found the briefest of mentions of this issue in ‘The Bitcoin Standard’ on ‘How to Kill Bitcoin’ and a short video by Andreas Antonopoulos where he says it IS a significant concern for him for BTC (which is saying something!), but that he thinks it could be remedied in code fairly readily. But, that’s it. No detailed discussions anywhere. What am I missing that is well understood in crypto developer circles, or is this truly an unaddressed risk in the industry?

1 Like

Hey folks! Welcome to the forum! :wave:

First off, just some background on who I am to give you an idea of how little to weigh my opinion. :slight_smile: I’m just a user on the forum here who has recently started getting deep in to Solana and blockchain, but there’s still a lot I’m learning and I’m by no means an expert. I pick up things quickly, but I’m also not super well acquainted with the internals of Solana or Bitcoin or some of their algorithms. Now that that’s out of the way, here’s my thoughts on the risk, using what knowledge I do have which may not be 100% accurate.

To my knowledge, when one of the nodes in the Solana chain lies about the result of some transaction, it is going to stand out like a sore thumb to all of the other honest validators. The other validators will detect the lie and then the malicious validator’s funds will be slashed, resulting in an economic loss to the validator. This is serious motivation preventing malicious validators.

The risk you want to discuss, though, is when an operating system gets compromised and results in a minority of notes all agreeing on a malicious result of a transaction, so let’s think about that. That kind of threat could involve a malicious actor influencing the transaction results on, for instance, 30% of all active stake in the network.

In Solana, in order to finalize a block, you have to get a supermajority ( 80% ) of the active stake to agree to the value of a block. All validators in the network have a certain amount of stake in them that determines how often that validator votes. Stake is kind of how the users choose which validators are “trusted” more in the network. Stake allows the users to make the network more resilient by staking in different validators that they believe are secure, reliable, honest, etc. So to compromise the network you have to compromise, not 80% of the validators, but all the validators that make up 80% of the stake in the network.

Coming back to our compromised nodes, if you were to compromise 30% of the active stake in the network, the Solana network would no longer be able to come to a supermajority that agrees on the value of the next block, because only 70% of the nodes are being honest. This would cause the entire network to halt and nobody would be able to make transactions.

This halt in the Solana network would cause an instant investigation by community members across the world. Many of which would be the owners of the validators, infected and uninfected, which are now losing money because the network has halted. The scenario would probably play out similar to the recent Solana outage which was quickly investigated by the worldwide Solana community and fixed in less than 24 hours.

In this scenario, nobody’s funds would be compromised, but the validators would lose money they could have been getting if the network had stayed working. This would provide greater incentive for validators to secure their systems and prevent such a compromise from happening again. But at the end of the day, Solana lives on.

In order to actually take over the network and produce a malicious block you would need to take over 80% of the active stake. There are two ways to go about this:

1. Get 80% of stake into relatively few nodes that are easy to compromise with a virus or other mean.

  • In order to do this you would have to obtain a massive amount of SOL that you could stake in validators that you know you could compromise. For instance, say Google decided they wanted to take down the Solana network, they could stand up Solana validators and stake billions of dollars in SOL in those validators, and start an advertising campaign to try to get a bunch of people to stake in their validators until they actually hold 80% of the stake in the Solana network. At that point they can vote on malicious blocks all day long and it will pass.

2. somehow compromise a full 80% of the active stake in the network with a super sneaky hack or virus.

  • This is not likely just because of the the focus that so many people will be putting on the security of the validator nodes in the network.

Neither of these possibilities are at all likely because of what would happen if either of these ocurred.

There is an economic incentive to secure your validator because you lose a lot of money if it gets compromised and your funds get slashed. Additionally, this will slash the stake of users who stake in your validator, which means they will not want to support your validator anymore. This means that stakers have the incentive not to stake in insecure validators, and it incentivizes validators to be transparent, honest, and secure.

Also, in the case of the Google take-over scenario, people who stake in the Solana network stake to make it more secure and because they trust the validators. If stakers see that Google is starting to control all of the stake in the Solana network, that makes their stake at risk if Google takes over the network. This would motivate them to put their stake into other validators. Their stake is actually safer, if it isn’t too pooled up into one massive validator.

All of these incentives are made extra motivating when you consider what would happen if an attempt to take over the network succeeded.

If the takeover was a success, then the community would realize at some point that the network has been compromised and is now insecure. This would result in the drop in value of SOL to the point that it is worthless, or almost worthless. But there is still a way out: a hard fork.

When the world realizes that the network is now broken and taken over by a hacker, the community would fork the Solana network to a new network, and start running validators for that new network, which could import the last honest state of the blockchain. This would leave the person who took over the network control over a worthless network, and the community could now move over to the new fork, and even keep their money, at least since the agreed-upon last honest state of the blockchain, once the community got consensus on what that was.


Well, that’s the situation from my knowledge, if anybody thinks otherwise, feel free to share your thoughts!

From what I’ve seen, it appears that the design of Solana is very secure, and there are a lot of incentives that will help ensure the validity of the network into the future!


If this post helped you I’d really appreciate a tip, no matter how small, in whatever Solana or SPL tokens you prefer. It will help me spend time helping people on this forum and learning more about crypto. My wallet address is 9ftYTyetEXtLtDkhfRF8bCWGfKZqiYmx2HDZDTogZh6A. Thanks!