Solana Foundation Launches STRIDE and SIRN Security Programs Following $286 Million Drift Exploit

Solana Foundation announced on April 6, 2026 a comprehensive security expansion for its DeFi ecosystem, introducing STRIDE (Solana Trust, Resilience and Infrastructure for DeFi Enterprises) and the Solana Incident Response Network (SIRN) to evaluate protocols, provide continuous threat monitoring, and enable real-time crisis response.

The rollout comes less than a week after Drift Protocol suffered a $286 million exploit that blockchain analytics firm Elliptic linked to North Korean state-sponsored hackers, with compromised administrator private keys identified as the likely attack vector.

STRIDE Program Establishes Eight Security Pillars with Public Findings

Asymmetric Research and Solana Foundation jointly announced STRIDE, a structured program for evaluating, monitoring, and escalating security across Solana projects. Asymmetric has outlined a new framework across eight security pillars and will conduct independent evaluations of ecosystem protocols to ensure they meet the framework’s requirements. Findings will be published publicly, providing users and investors transparency into the protocols they rely on.

For protocols with more than $10 million in total value locked (TVL) that pass evaluation, STRIDE will provide ongoing operational security and active threat monitoring, funded by Solana Foundation grants. Coverage is calibrated to each product’s risk profile, with protocols securing the most value receiving the most rigorous protection. The program is designed to flag suspicious activity before it escalates into an incident.

For protocols with more than $100 million in TVL, Solana Foundation will additionally fund formal verification: a mathematical, proof-based method that guarantees smart contract correctness by exhaustively checking every possible state and execution path.

SIRN Provides 24/7 Incident Response Network

While STRIDE establishes and evaluates security standards, the Solana Incident Response Network (SIRN) launched to respond and act when security incidents occur. SIRN is a dedicated, membership-based network of security firms and researchers focused on protecting the Solana ecosystem. SIRN is available to all Solana protocols but prioritized based on TVL.

Founding participants of SIRN include Asymmetric Research, OtterSec, Neodyme, Squads, and ZeroShadow. Members will share threat intelligence, coordinate response to active incidents, and contribute to the ongoing evolution of the STRIDE framework, providing the ecosystem with dedicated, round-the-clock incident response capabilities.

Drift Exploit Highlights Need for Enhanced Security

The security expansion follows the April 1, 2026 exploit of Drift Protocol, the largest DeFi hack of 2026 with approximately $286 million stolen. Elliptic’s analysis pointed to compromised administrator private keys, reinforcing that DeFi failures often extend beyond smart contract code into governance, access control, and operational security. The incident marks the second-largest security breach in the Solana ecosystem after the $326 million Wormhole bridge exploit in 2022.

Solana Foundation’s announcement noted that leading protocols already maintain strong security practices: Squads Multisig is formally verified with over 10 audits, Kamino has completed nine independent audits, and Jupiter Lend is formally verified with seven audits. However, the foundation stated that adversaries are rapidly innovating, requiring elevated ecosystem-wide defenses.

Ongoing Security Resources Available at No Cost

STRIDE and SIRN add to a robust set of security resources Solana Foundation has made available to the ecosystem over the past few years. The following services are now available to all projects in the Solana ecosystem at no cost:

• Hypernative provides institutional-grade security infrastructure for protocols building on Solana, enabling teams to detect threats early and prevent malicious transactions before execution.

• Range Security offers real-time risk, security, and alerting for multisigs, wallets, and programs across the ecosystem, with 100 free API credits per month for Solana teams.

• Riverguard by Neodyme simulates attacks on Solana programs to help teams triage findings, free for any protocol deployed on Solana.

• Sec3 offers X-Ray, a static analysis tool to automate security best practices, plus free 45-minute security consultations.

• AuditWare’s Radar tool enables developers to write, share, and utilize templates to identify security issues while building.

Solana Foundation is also a member of the Crypto Defenders Alliance, a coalition of exchanges, blockchain projects, and cybersecurity organizations dedicated to stopping fraud, theft, and liquidation of stolen digital assets.

Responsibility Remains with Protocols

Solana Foundation emphasized that while it will continue to deploy resources to ensure a safer ecosystem, this does not transfer the underlying responsibility away from the protocols themselves. For protocols managing significant user funds, rigorous security measures are mandatory, and these resources are offered to ensure security, not replace what individual teams must do themselves.

As Solana continues to scale, this expanded security program reflects an ongoing commitment to builders, users, and the long-term health of the network.

FAQ

What are STRIDE and SIRN?

STRIDE (Solana Trust, Resilience and Infrastructure for DeFi Enterprises) is a security evaluation and monitoring program that assesses Solana protocols across eight security pillars and publishes public findings. SIRN (Solana Incident Response Network) is a membership-based network of security firms and researchers that provides 24/7 incident response and threat intelligence sharing for the Solana ecosystem.

Which protocols are eligible for enhanced security support?

Protocols with more than $10 million in TVL that pass STRIDE evaluation receive ongoing operational security and active threat monitoring. Protocols with more than $100 million in TVL additionally receive foundation-funded formal verification. SIRN is available to all Solana protocols but prioritized based on TVL.

What prompted the timing of this security expansion?

The rollout comes less than a week after the $286 million Drift Protocol exploit, which Elliptic linked to North Korean state-sponsored hackers. The incident involved compromised administrator private keys, highlighting that DeFi vulnerabilities extend beyond smart contract code into governance, access control, and operational security. The attack is the second-largest security breach in Solana’s history after the 2022 Wormhole bridge exploit.