The Solana Foundation announced a series of security initiatives on Monday, just five days after decentralized finance platform Drift Protocol was exposed to a $270 million exploit by a North Korean state-linked group following a six-month social engineering campaign.
The centerpiece is Stride, a structured evaluation program led by Asymmetric Research that will assess Solana DeFi protocols against eight security pillars and publish the results publicly. The foundation also introduced the Solana Incident Response Network (SIRN), a membership-based group of security firms and researchers focused on real-time crisis response.
The initiatives address part of the problem Drift revealed, but not the mechanics that actually caused the loss. Drift’s smart contracts were not compromised and its code passed audits. The vulnerability was human: The attackers spent six months building relationships with Drift contributors and compromised their devices through a malicious code repository and a fake TestFlight app.
Under Stride, protocols with more than $10 million in total value locked (TVL) that pass the evaluation will receive ongoing operational security and active threat monitoring funded by Solana Foundation grants, with coverage calibrated to each protocol’s risk profile.
For protocols with more than $100 million in TVL, the fund will also fund formal verification, a mathematical method that checks every possible execution path in a smart contract to guarantee correctness.
In addition to Asymmetric Research, founding members include OtterSec, Neodyme, Squads, and ZeroShadow. The network is available for all Solana protocols, but is prioritized by TVL.
Read more: How North Korea’s 6-Month Secret Spying Program Is Making the Crypto Community Rethink Security
However, Stride’s formal verification would not have caught the North Korean attack, which used the compromised devices to obtain multisig authentications, which were then locked into durable nonce transactions and executed weeks later.
Neither would 24/7 monitoring of onchain activity because the transactions were valid by design and indistinguishable from legitimate administrative actions until they were used to drain the boxes. The attack exploited the gap between onchain correctness and offchain human trust, a gap that no smart contract audit or monitoring tool is built to cover.
However, SIRN could have helped with the answer. ZachXBT, an onchain security expert, criticized stablecoin issuer Circle Internet (CRCL) for failing to freeze over $230 million of its stolen dollar-pegged USDC during a six-hour window after the attack began.
A dedicated incident response network with established relationships with bridge operators, exchanges and stablecoin issuers may have shortened response times. Whether that would have been fast enough to prevent the wormhole bridge and obfuscation through Tornado Cash is an open question.
The foundation was careful to note that the programs “do not shift underlying responsibility away from the protocols themselves,” a line that sounds different after Drift’s autopsy revealed that individual contributors were the entry point for a nation-state attack.
Solana already hosts several free security tools for builders, including Hypernative for threat detection, Range Security for real-time monitoring, and Neodymes Riverguard for attack simulation.
