On December 16, 2025, Solana reported that its network had been under a sustained DDoS attack for approximately a week, with traffic peaking near 6 Tbps. Solana described the event as the fourth-largest DDoS attack ever recorded against any distributed system.
Traffic volumes at this level are no longer exceptional in today’s DDoS environment and can be generated using widely available attack infrastructure. What is unusual, however, is the duration: multi-day, multi-terabit attacks are rarely reported, as most hyper-volumetric DDoS events typically last seconds or minutes, rather than being sustained over extended periods.
FastNetMon does not have the ability to verify the attack details, and this report is based on public statements from Solana and information published in the media.
According to those reports, the attack did not result in downtime or material degradation of block production. Solana stated that on-chain performance metrics, including transaction confirmation times and block scheduling, remained within normal operating ranges throughout the attack period.
From a network security perspective, this was a classic volumetric DDoS attack, aimed at saturating validator ingress and transaction pathways rather than exploiting a protocol vulnerability. Under similar conditions, blockchain networks often experience increased latency, missed blocks, or temporary halts. Solana reported that none of these effects were observed at scale during this event.
The network’s ability to absorb the traffic is attributed to a combination of protocol-level controls and operational improvements introduced following earlier congestion-related incidents. Stake-weighted quality of service prioritised transaction traffic backed by economic stake, while low-value or abusive traffic was rate-limited under load. In parallel, local fee markets helped contain congestion to specific areas, preventing chain-wide disruption.
Operational maturity also contributed. Validators increasingly operate high-availability deployments with improved monitoring and automated recovery, reducing the risk that individual node failures escalate into broader network instability.
For comparison, media reports indicate that the Sui network experienced delayed block production and degraded performance during a similar attack window, underscoring how different transaction prioritisation and traffic-handling models can produce very different outcomes under DDoS pressure.
While details of the attacking infrastructure have not been fully disclosed, the incident reflects a broader shift. Public blockchains are now routine targets for multi-terabit-scale DDoS attacks and must be engineered with the same defensive assumptions as other high-exposure distributed systems. In this case, Solana reports that the attack was largely invisible to end users, marking a clear improvement over its historical behaviour under heavy network stress.
About FastNetMon
FastNetMon is a leading solution for network security, offering advanced DDoS detection and mitigation. With real-time analytics and rapid response capabilities, FastNetMon helps organisations protect their infrastructure from evolving cyber threats.
For more information, visit https://fastnetmon.com.