When a network brags about its throughput capacity, it’s really bragging about how much chaos it can swallow before it suffocates. That’s why the most interesting part of Solana’s latest “stress test” is that there’s no story at all.
A delivery network called Pipe published data that put a recent barrage against Solana at about 6 terabits per second, and Solana’s co-founders supported its broad reach in public posts. If the figure is accurate, this is the kind of traffic volume typically reserved for the largest Internet targets, something Cloudflare has written about at length. blog posts because it shouldn’t be normal.
And yet Solana continued to produce blocks. There was no coordinated restart or validator-wide group chat that turned into a late-night disaster movie.
CryptoSlate’s own reporting on the incident said that block production remained stable and confirmations continued to move, with no significant increase in user fees. There was even a counterpoint in the chatter: SolanaFloor noted that an Anza employee argued that the 6 Tbps figure was a short spike rather than a steady week-long wall of traffic, which matters because “peak” can be both true and somewhat theatrical.
That kind of nuance is fine. In real-world denial of service, the spike is often the point, because a short hit can still topple a system tuned to a steady state.
Cloudflare’s threat reporting points out How many major attacks end quickly, sometimes too quickly for people to react. Therefore, modern defense is supposed to be automatic. Solana’s latest incident now shows a network that has learned how to make spam boring.
What type of attack was this and what do attackers actually want?
A DDoS is the Internet’s crudest but most effective weapon: overwhelming a target’s normal traffic by flooding it with junk traffic from many machines at once. The definition of Cloudflare is blunt; it is a malicious attempt to disrupt normal traffic by overwhelming the target or nearby infrastructure with a flood of Internet traffic, usually from compromised systems.
That’s the web2 version, and it’s the version Pipe gestures to with a terabits per second graph. Crypto networks add a second, more crypto-native twist: spam that isn’t so much “junk packets on a website” as it is “endless transactions on a chain,” often because there’s money on the other side of the congestion.
Solana’s own failure history is like a textbook for that incentive problem. In September 2021, the chain went offline for more than 17 hours, and Solana’s early autopsy essentially described the flood of bot-driven transactions as a denial-of-service event related to a Raydium-hosted IDO.
In April 2022, Solana’s official outage report described an even more intense wall of incoming transactions, 6 million per second, with individual nodes seeing over 100 Gbps. The report said there was no evidence of a classic denial-of-service campaign, and that the fingerprints looked like bots trying to win an NFT coin where the first caller gets the prize.
The network stopped producing blocks that day and had to coordinate a restart.
So what do attackers want, other than attention and the joy of ruining everyone’s Sunday? Sometimes it’s pure extortion: pay us, or we’ll keep the fire hose on.
Sometimes there is reputational damage because a chain that can’t stay live can’t credibly host the kind of apps people want to build. Sometimes it’s a market game, where broken UX leads to strange prices, delayed liquidations, and forced redirects that reward people who are positioned for disarray.
In the on-chain spam version, the goal can be direct: win the coin, win the transaction, win the liquidation, win the block space.
What’s different now is that Solana has come up with more ways to decline the invitation.
The design changes kept Solana running
Solana got better at staying online by changing where the pain manifests. In 2022, failures took a familiar form: too many incoming requests, too much pressure on node-level resources, too little power to slow down bad actors, and knock-on effects that turned congestion into liveness problems.
The upgrades that matter most are at the edge of the network, where traffic reaches validators and leaders. One of these is the switch to QUIC for network communications, which Solana will make later mentioned as part of its stability work, alongside local fee markets and stake-weighted quality of service.
QUIC isn’t magic, but it’s built for controlled, multiplexed connections instead of the older connection patterns that make exploitation cheap.
More importantly, the validator side of Solana documentation describes how QUIC is used within the Transaction Processing Unit path: limits on concurrent QUIC connections per client identity, limits on concurrent streams per connection, and limits that scale with sender deployment. It also describes the packet per second rate limit applied based on deployment, and notes that the server can drop streams with a throttling code, where clients are expected to back off.
That turns ‘spam’ into ‘spam pushed to the back burner’. It’s no longer enough to have bandwidth and a botnet, because you now need privileged access to leadership capacity, or you’re competing for a smaller share of it.
Solana’s developer guide for stake-weighted QoS this becomes clear: if the feature is enabled, a validator holding 1% of the stake has the right to send a maximum of 1% of the packets to the leader. This prevents low-stake senders from swamping everyone else and increases Sybil’s resistance.
In other words, stakes become a kind of bandwidth claim, not just voting weight.
Then there’s the cost side, where Solana tries to prevent “one noisy app from ruining the whole city.” Local fee markets and priority fees give users a way to compete for fulfillment without turning every busy moment into a chain-wide auction.
Solana’s fee documentation explains how priority charges work through units of account, where users can set a unit of account limit and an optional unit of account price, which acts as a tip to encourage prioritization. It also mentions a practical pitfall: the priority rate is based on the requested compute unit limit, not the actual compute power used, so sloppy settings could mean you pay for unused headroom.
This puts a price on computationally demanding behavior and gives the network a button to make abuse more expensive where it hurts.
Put those pieces together and you get a different failure mode. Instead of a flood of incoming noise pushing nodes into a memory death spiral, the network has more ways to throttle, prioritize, and limit.
Solana itself, looking back to the 2022 era, has presented QUIC, local fee markets and stake-weighted QoS as concrete steps taken to avoid sacrificing reliability for speed.
That’s why a terabit-scale weekend can pass without any real consequences: The chain has more automatic “no’s” at the front door and more ways to keep the line moving for users who aren’t trying to break it.
None of this means Solana is immune to ugly days. Even people who applaud the 6 Tbps anecdote argue about what the number means and how long it lasted, which is a polite way of saying that internet measurements are messy and that bragging rights don’t come with an audit report.
And the tradeoffs don’t go away. A system that ties better traffic handling to deployment is inherently friendlier to well-capitalized operators than to hobbyist validators. A system that remains fast under load can still become a home for bots willing to pay.
Still, the fact that the network was silent is important. Solana’s previous outages were not “people noticed a little latency.” Block production stopped completely, followed by public restarts and long coordination periods, including the April 2022 shutdown that took hours to resolve.
In contrast, this week’s story is that the chain remained live while traffic reportedly reached a higher scale in Cloudflare’s threat reports than in crypto lore.
Solana acts like a network that expects to be attacked and has decided that the attacker should be the one to tire first.