Dear Solana community — validators, stakers, developers, and ecosystem fund representatives.
I’m writing on behalf of the Shiroi project, a team actively building on Solana. After learning that certain validators had discovered and exploited a vulnerability in the Marinade auction system, we decided to run our own independent audit to assess the scale of the damage. The results were shocking:
Over the span of 126 epochs, Marinade has incurred at least 37,000 SOL in losses — that’s over $5 million USD at current prices.
We attempted to reach out to Marinade leadership (specifically Repe) via X (Twitter), Discord, and other core team members through Telegram — unfortunately, we received no response. The lack of reaction to such a major incident sets a dangerous precedent and seriously undermines trust in the Marinade protocol and its delegation model. It also raises broader concerns about the reliability of all public staking pools and whether their advertised APYs are actually real.
To be blunt — the silence from the Marinade team after we disclosed the losses makes us question whether this vulnerability was known internally and simply ignored… or worse — knowingly left in place as a revenue stream.
We’ve also analyzed the percentage of stake that went unpaid by malicious validators each epoch. The results ranged from 2% to 75%, with an average across 124 epochs of 28% unpaid stake. That’s disturbing:
- Honest validators were effectively subsidizing “free stake” for exploiters.
- And stakers — who trusted the system — may have missed out on 28% of Marinade’s advertised APY.
Who’s going to cover that gap?
Today, we’re releasing:
- A Top 10 list of validators who caused the highest damage to Marinade,
- The Top 10 most loss-heavy epochs,
- And a list of epochs where over 50% of stake was unpaid.
We want to understand:
Does the community care? Or is everyone just going to pretend this didn’t happen?
If there’s no meaningful response, we’ll bring this issue directly to the Solana Foundation — which, to our knowledge, is one of Marinade’s major stakers. It’s also worth noting that 6 of the Top 10 exploit validators are currently receiving delegation from Solana Foundation, and one of them is also backed by Jito.
All methodology, calculations, and proofs will be published soon.
Top10 Epochs by losses:
773 - 886 SOL
772 - 875,8 SOL
748 - 808,8 SOL
760 - 786,6 SOL
746 - 760,8 SOL
759 - 759,9 SOL
775 - 718,2 SOL
770 - 715,3 SOL
771 - 696,2 SOL
776 - 685,4 SOL
Top10 validators by losses (identity):
- DB7DNWMVQASMFxcjkwdr4w4eg3NmfjWTk2rqFMMbrPLA (Active on MB) - 1081,16 SOL
- PAWsME7oYbjt5TRNc11mBa33JhKnQr9AYherdr9YAZ6 (Active on MB) - 952,43 SOL
- simpRo1FrQYGa1moicfgnPDp6KyE38d4gYrZzhjXYJb (Active on MB) 875,28
- FUURpC3LjVnxr21PmEfHtxT7Mfe4CVJXxESBjQPvmqTZ (Active on MB + jito stake) - 741,38 SOL
- mint13XHZSSxtgHuTSM9qPDEJSbWktpmpM4CZxeLB8f (Active on MB) - 696,429 SOL
- 3Kzdcmu6yWE4AEhFdxAoWncLijpwzNB95JThHRXzvf5k (Rejected) - 674,16 SOL
- AXX64w9VS82qbM6WP5FHSPK7qbnRtzxyAvjARsencqrZ (Rejected) - 664 SOL
- 3tm92VTxwyZ5MDhGoYR4tVTkwWYkzfam6hwBjauUACCk (Active on MB) - 638 SOL
- 71M936kzQRe7eWrABba6yKqPsmTMVhijQqDNQP9qM9pP (Rejected) - 611 SOL
- FLAT3fBhQxrSPyT1zvyf58uQGARiGtnoN3VW8R7i38kC (NOT SFDP) - 595,07 SOL
24 epochs with over 50% of stake unpaid by validators:
652, 653, 654, 655, 656, 657, 658, 755, 756, 757, 764, 765, 766, 767, 768, 769, 770, 771, 772, 773, 774, 775, 776, 777