Solana Foundation adds 24/7 DeFi monitoring post $270M Drift hack

The Solana Foundation announced a new security program on April 7, 2026, five days after DeFi platform Drift Protocol lost $270 million on Solana. The package includes Stride, a formal review of DeFi projects, and the Solana Incident Response Network (SIRN). The plan provides 24/7 threat monitoring for protocols with more than $10 million in deposits, with support scaled by total value locked.

Stride, led by Asymmetric Research, will assess Solana-based DeFi protocols against eight security pillars and publish the results. Projects with more than $10 million in deposits that pass will receive ongoing operational security support and round-the-clock monitoring funded by foundation grants, with coverage adjusted to each project’s risk profile. For protocols with more than $100 million in deposits, the foundation will fund formal verification, a method that checks every possible execution path in a smart contract to confirm correctness.

Alongside Stride, the foundation introduced SIRN, a membership group of security firms and researchers focused on real-time crisis coordination. Founding members include Asymmetric Research, OtterSec, Neodyme, Squads and ZeroShadow. The network is open to all Solana protocols and will be prioritized by assets under management.

Drift’s loss did not stem from a smart contract bug. Attackers built relationships with contributors over six months and compromised their devices using a malicious code repository and a fake TestFlight app. They obtained multisig approvals and locked them into durable nonce transactions that were executed weeks later.

Because the onchain transactions were valid administrative actions, standard onchain monitoring and formal verification would not have flagged them before the funds moved. The new measures aim to raise baseline operational security and improve coordination during active incidents.

SIRN is designed to shorten response times by linking protocols with security teams and key infrastructure operators during an attack. On-chain analyst ZachXBT criticized stablecoin issuer Circle for not freezing more than $230 million of stolen USDC during a six-hour window after the attack began. The foundation plans to maintain established contacts with bridge operators, exchanges and stablecoin issuers to help close such windows.

The foundation noted that the programs “do not transfer the underlying responsibility away from the protocols themselves.”

Solana already offers free tools for builders, including Hypernative for threat detection, Range Security for live monitoring and Neodyme’s Riverguard for attack simulation. The new initiatives add structured evaluations, continuous monitoring for larger protocols and a coordinated response framework.

Evaluations and recommendations from Stride will be public. Participation in SIRN is available across the Solana ecosystem, with support calibrated to protocol size and risk.