Solana denies ‘security threat’ to Saga phones following CertiK video

In a statement to Blockworks, Solana denied a “vulnerability” to Saga phone holders from CertiK


Solana modified by Blockworks


CertiK, on Wednesday, claimed that it found a vulnerability with the Solana Saga phone.

Saga is an Android device — the first being offered by Solana.

The auditor said in a post on X that the phone has a bootloader vulnerability. Essentially, a backdoor can supposedly be installed on the phone allowing the initial software responsible for the starting of the device to be compromised. 

“The boot loader is unlocked and software integrity cannot be guaranteed. Any data stored on the device may be available to attackers, Do not store any sensitive data on the device,” a screengrab from CertiK’s accompanying video shows the Solana phone’s screen following the backdoor install.

The message is an indication that the phone has been hacked, CertiK said. However, it’s not clear if the vulnerability is unique to Saga or if it could impact other Android devices. CertiK did not immediately respond to a request for comment.

Loading Tweet..

In an email to Blockworks, Steven Laver, lead software engineer of mobile at Solana Labs said that “the CertiK video does not reveal any known vulnerability or security threat to Saga holders. The video shows the user unlocking the bootloader, which is something that can be done on many Android devices.” 

Android’s own documentation from its Open Source Project outlines the ability to lock and unlock the bootloader. 

“Unlocking the bootloader is an advanced feature of Saga, and is disabled by default. We believe in allowing users the choice of how they use their phone, however, unlocking the bootloader is not a security vulnerability – a user must explicitly allow such changes to be made to their device, and those changes can only be made by an authorized user of the phone,” Laver continued.

However, if a user or attacker proceeds to unlock the bootloader, then they not only go through multiple warnings, but their device is wiped — along with their private keys.

“So it’s not a process that can take place without users’ active participation or awareness,” Laver said. 

CertiK, however, said that only being able to unlock the bootloader with user participation “does not eliminate all potential threats.”

“Malicious actors can purchase Saga phones and install backdoors through such ‘feature,’ and deliver devices to unconscious users. If users did not understand the warnings, they would be tricked and lose funds to attackers,” CertiK said in an email to Blockworks.

“In addition, given the fact that a considerable portion of traditional phone users have taken the initiative to jailbreak or unlock their devices in the past, it is also likely that some Saga phone users will also explore this “feature” but without enough security awareness. That’s why we warn users about such situations in our video.”

The video then proceeds to show how an attacker could drain bitcoin from the wallet attached to the phone. It did not show Seed Vault being used in the video, which protects both supported digital assets and seeds. 

Seed Vault was announced in June 2022, and “accesses the highest privileged security environment available on a device, from secure operating modes of the processor to dedicated Secure Elements, which enables a secure transaction signing experience through UI components built into Android.”

Saga was released in April, having been designed to pair Web3 with smartphones. Alongside traditional app stores, Solana offers a separate app store.

The phone is designed to allow users to have “self-custody of their assets” to make them “feel comfortable bringing those assets with them on the go,” Laver told Blockworks when the phone was released. 

Months after the launch, the price of Saga was reduced to $599 from $1,000 — a 40% cut.

At the time, Emmett Hollyer, head of business operations for Solana Mobile, told Blockworks that the price reduction is “common practice in the consumer electronics business, particularly with smartphones.”

According to CoinMarketCap, the vulnerability has not impacted SOL — Solana’s native crypto — at the time of publishing. In fact, it’s up more than 13% over the past day.

Updated Friday, Nov. 17 at 12:15 pm ET: Added comment from CertiK.

Don’t miss the next big story – join our free daily newsletter.


Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

MON - WED, MARCH 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience:  Attend expert-led panel discussions and fireside chats  Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts   Grow your network […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research



Akash is a general-purpose compute platform with GPUs, storage, LLM training or inference, and validator hosting through its two-sided marketplace.


The SEC could allow half a dozen or more such funds to launch at once, Ark Invest CEO says


2023 saw a decline in a16z crypto funding, but the behemoth VC firm teased what it’s excited for next year


“Iran Unchained” launched a new version of its grant platform to make donations to activists easier


The stablecoin marks the first time a regulated European bank has made a euro-pegged stablecoin available on a crypto exchange


Build it and they will come, perhaps, but making crypto easier to use is turning out to be just as important


Amid moves by Itau Unibanco and Nubank, the country could serve as “a proof of concept” for TradFi-crypto integrations, industry research exec says