Solana Foundation unveils security overhaul days after $270 million Drift exploit

The program includes 24/7 threat monitoring for protocols with more than $10 million in deposits and a dedicated incident response network of security firms.

What to know:

• The Solana Foundation unveiled Stride and the Solana Incident Response Network (SIRN) to bolster security across DeFi protocols.
• The initiative comes just days after the $270 million Drift exploit tied to a North Korean state-affiliated group.
• While Stride and SIRN aim to strengthen technical defenses and speed crisis response, the Drift hack underscored that human-targeted social engineering and compromised contributor devices remain critical vulnerabilities.

The Solana Foundation announced a suite of security initiatives on Monday, just five days after decentralized finance (DeFi) platform Drift Protocol suffered a $270 million exploit carried out by a North Korean state-affiliated group following a six-month social engineering campaign.

The centerpiece is Stride, a structured evaluation program led by Asymmetric Research that will assess Solana DeFi protocols against eight security pillars and publish its findings publicly. The foundation also introduced the Solana Incident Response Network (SIRN), a membership-based group of security firms and researchers focused on real-time crisis response.

The initiatives address part of the problem exposed by Drift, but not the mechanics that actually caused the loss. Drift's smart contracts were not compromised, and its code passed audits. The vulnerability was human: The attackers spent six months building relationships with Drift contributors and compromised their devices through a malicious code repository and a fake TestFlight app.

Under Stride, protocols with more than $10 million in total value locked (TVL) that pass the evaluation will receive ongoing operational security and active threat monitoring funded by Solana Foundation grants, with coverage calibrated to each protocol's risk profile.

For protocols with more than $100 million in TVL, the foundation will also fund formal verification, a mathematical method that checks every possible execution path in a smart contract to guarantee correctness.

In addition to Asymmetric Research, founding members include OtterSec, Neodyme, Squads, and ZeroShadow. The network is available to all Solana protocols but prioritized by TVL.

Stride's formal verification, however, would not have caught the North Korean attack, which used the compromised devices to obtain multisig approvals that were then locked into durable nonce transactions and executed weeks later.

Neither would 24/7 monitoring of onchain activity, because the transactions were valid by design and indistinguishable from legitimate administrative actions until they were used to drain the vaults. The attack exploited the gap between onchain correctness and offchain human trust, a gap no smart contract audit or monitoring tool is built to cover.

SIRN, however, could have helped with the response. ZachXBT, an onchain security expert, criticized stablecoin issuer Circle Internet (CRCL) for failing to freeze over $230 million of its stolen dollar-pegged USDC during a six-hour window after the attack began.

A dedicated incident response network with established relationships to bridge operators, exchanges and stablecoin issuers might have shortened the response time. Whether it would have been fast enough to prevent the Wormhole bridging and obfuscation through Tornado Cash is an open question.

The foundation was careful to note that the programs "do not transfer the underlying responsibility away from the protocols themselves," a line that reads differently after Drift's postmortem revealed that individual contributor devices were the entry point for a nation-state attack.

Solana already hosts several free security tools for builders, including Hypernative for threat detection, Range Security for real-time monitoring, and Neodyme's Riverguard for attack simulation.

More For You

Most crypto privacy models weaken as blockchain data grows. Encryption-based models like Zcash strengthen. CoinDesk Research maps the five privacy approaches and examines the widening gap.

Why it matters:

As blockchain adoption scales, the metadata available to machine learning models scales with it. Obfuscation-based privacy approaches are structurally degrading as a result. This report provides a comprehensive comparison of all five major crypto privacy architectures and a framework for evaluating which models remain durable as AI capabilities improve.

More For You

The AI company's partnership with Google and Broadcom for next-generation TPU capacity starting in 2027 adds to a wave of demand reshaping the economics of every industry that competes for cheap electricity, including bitcoin mining.

What to know:

• Anthropic has struck its largest compute deal yet, partnering with Google and Broadcom for multiple gigawatts of next-generation TPU capacity starting in 2027 as its annual revenue run rate jumps to $30 billion from $9 billion at the end of 2025.
• The rapid buildout of AI infrastructure is emerging as...

Why Michael Saylor's bitcoin buys aren’t moving the needle anymore

26 minutes ago

Bitcoin briefly touches $70,000 as ETF inflows signal institutional interest

43 minutes ago

Bitcoin price-drop speculation spurred by familiar price pattern

1 hour ago

Bitcoin pulls away from software stocks as Iran war, AI reshape market dynamic

1 hour ago

Bitcoin ETF inflows hit highest level since February

6 hours ago

XRP slips to $1.31 after failed breakout as liquidity dries up

6 hours ago

SEC close to putting out 'reg crypto' for fundraising questions, Chair Atkins says

8 hours ago

Appeals court blocks New Jersey from shutting down Kalshi's sports markets

19 hours ago

Bitcoin miners face a new rival for cheap power as Anthropic signs multi-gigawatt compute deal

6 hours ago