When networks brag about their throughput, they are actually bragging about how much disruption the network can swallow before it goes down. That’s why the most interesting thing about Solana’s latest “stress test” is that there is no story at all.
A distribution network called Pipe recently released data about a barrage of about 6 terabits per second against Solana, and Solana’s co-founders supported its broader push in public posts. If this number is correct, this is the kind of traffic volume typically reserved for the internet’s biggest targets, and it’s not normal enough that Cloudflare would write a long blog post about it.
Still, Solana continued to make blocks. A coordinated reboot or group chat across verifiers didn’t turn into a late-night disaster movie.
According to CryptoSlate’s own report on the incident, block generation was stable, confirmations continued to progress, and there was no significant increase in user fees. This conversation even included room for rebuttal. SolanaFloor pointed out that Anza contributors claim that the 6 Tbps number is a short-term peak burst, rather than a steady week-long wall of traffic. This is important. Because “peak” can be both true and a little theatrical.
That kind of nuance is fine. In real-world denial of service situations, peaks are often the point, since even a system tuned for steady state can be destroyed with a short punch.
Cloudflare’s threat report points out that many large-scale attacks occur quickly, sometimes too quickly for humans to react. That is why modern defenses are considered automatic. Solana’s latest incident shows that networks have learned how to make spam boring.
What kind of attack was this? What did the attacker actually want?
DDoS is the internet’s crudest yet most effective weapon. It floods junk traffic from many machines at once, overwhelming the target’s normal traffic. Cloudflare’s definition is straightforward. This is a malicious attempt to overwhelm the target or nearby infrastructure with a flood of Internet traffic, usually originating from a compromised system, disrupting normal traffic.
That’s the web2 version, and the version that Pipe shows in the Terabit/sec graph. Crypto networks add a second, more crypto-native flavor on top of that. Spam is not “website junk packets,” but rather “chains of endless transactions.” This is because there is often money on the other side of congestion.
Solana’s own failure history is something of a handbook for its incentive problems. In September 2021, the chain went offline for more than 17 hours, and Solana’s early postmortem revealed that the flood of bot-driven transactions was effectively a denial of service event related to Raydium-hosted IDO.
Solana’s official outage report in April 2022 described an even stronger wall of inbound transactions at 6 million transactions per second, with individual node speeds exceeding 100 Gbps. The report said there was no evidence of a classic denial-of-service campaign, and that the fingerprint appeared to be a bot trying to win NFT mints, which the first caller could win a prize at.
On that day, the network stopped producing blocks and had to coordinate a restart.
So what does the attacker want other than attention and the pleasure of ruining everyone’s Sunday? In some cases, simple blackmail. “Pay up or we’ll turn off the fire hoses.”
Chains that can’t stay live can sometimes lead to reputational damage because they can’t reliably host the kinds of apps people want to build. Sometimes it’s market gamesmanship, with broken UX creating weird pricing, liquidation delays, and forced rerouting that rewards those in disorganized positions.
In the on-chain spam version, the goal is more direct. Mint wins, trade wins, liquidation wins, and block space wins.
What’s different now is that Solana has developed more ways to decline invitations.
Design changes that keep Solana running
Solana is now able to stay online better by changing where her pain manifests. In 2022, disability has become commonplace. Too many incoming requests overload node-level resources and lack the ability to slow down malicious attackers, a ripple effect that turns congestion into an activation problem.
The most important upgrades are at the edge of the network, where traffic reaches validators and leaders. One was the migration of network communications to QUIC, which Solana later listed as part of its stabilization efforts, along with regional rate markets and stake-focused quality of service.
QUIC is not magic, but it is built for controlled multiplexed connections rather than older connection patterns that make it cheaper to exploit.
More importantly, Solana’s validator-side documentation describes how QUIC is used within the transaction processing unit path. This includes a limit on concurrent QUIC connections per client ID, a limit on concurrent streams per connection, and a limit that scales with the sender’s stake. We also discuss rate limits in packets per second that are applied based on stake, and note that servers may use throttling code to drop streams and clients backoff.
This turns “spam” into “spam pushed into the slow lane.” Having bandwidth and a botnet is no longer enough. They either need privileged access to leadership capacity or compete for a smaller scope of it.
Solana’s Stake Weighted QoS developer guide details that when this feature is enabled, validators holding 1% of the stake are entitled to send up to 1% of packets to the leader. This prevents low-stakes senders from sending large amounts to other senders, increasing Sybil resistance.
In other words, the stake becomes a kind of bandwidth entitlement, rather than just a vote weight.
Next, on the pricing side, Solana is trying to avoid “one noisy app ruining the whole city.” Local fee markets and priority fees give users a way to compete for fills without turning every busy moment into a chain-wide auction.
Solana’s pricing documentation explains how priority pricing works across compute units, allowing users to set compute unit limits and optional compute unit prices, and acts as a hint to help drive prioritization. It also mentions some practical pitfalls. Priority pricing is based on the requested compute unit limit rather than the actual compute used, so sloppy configuration can result in you paying for unused headroom.
This puts a price on compute-intensive operations and gives the network a knob to make exploitation in problematic spots more expensive.
Combining these parts provides different failure modes. Instead of a lot of incoming noise pushing nodes into a memory death spiral, the network has more ways to throttle, prioritize, and contain.
Solana itself has looked back into 2022 and framed QUIC, local rate markets, and stake-focused QoS as concrete steps to ensure reliability is not sacrificed for speed.
That’s why you can spend a terabit-sized weekend without any real consequences. The chain has more automatic “nos” at the front door and more ways to keep the line moving for those who don’t want to cut it.
This doesn’t mean Solana doesn’t experience ugly days. Even those rooting for the 6 Tbps anecdote debate what that number means and how long it lasted. This is a polite way of saying that internet measurements are a pain and bragging rights don’t come with an audit report.
And the trade-offs persist. Systems that tie better traffic handling to staking are, by design, more friendly to deep-pocketed operators than hobbyist validators. Even systems that run fast under load can become a place for paid bots to invade.
Still, the fact that the network was quiet is significant. Solana’s previous outages weren’t about “people noticing a slight delay.” The block’s production was completely halted, followed by a reopening and lengthy adjustment period, including an outage in April 2022 that took several hours to resolve.
In contrast, this week’s story about how the chain stayed alive even as traffic allegedly reached scale is more familiar to Cloudflare’s threat report than crypto lore.
Solana behaves like a network expecting to be attacked, deciding that the attacker should be the first to tire.
