Solana Strengthens DeFi Security Amid Rising Attacks

Key Points
1- Solana Foundation launches STRIDE to strengthen DeFi security.
2- Eight-pillar framework evaluates protocol safety and transparency.
3- Solana Incident Response Network (SIRN) enables real-time threat management.
4- Recent attacks, including Drift Protocol’s $280M loss, highlight urgent security needs.
5- DeFi thefts in Q1 2026 dropped compared to 2025 but remain a significant risk.

Strengthening Solana DeFi Security: STRIDE and Real-Time Incident Response

Decentralized Finance (DeFi) continues to evolve rapidly, offering innovative financial solutions—but it also faces increasingly sophisticated threats. Recognizing this challenge, the Solana Foundation, together with Web3 security firm Asymmetric Research, has unveiled a comprehensive security initiative aimed at fortifying Solana-based protocols. The program, named STRIDE (Solana Trust, Resilience, and Infrastructure for DeFi Enterprises), represents a major step forward in improving the resilience and transparency of DeFi projects.

The STRIDE Initiative: A Multi-Layered Security Framework

STRIDE is not just another auditing program—it is a structured framework designed to evaluate, monitor, and escalate security across Solana protocols. The initiative focuses on eight critical pillars of security:

1- Program Security: Ensuring smart contracts are safe from exploits.

2- Governance and Access Control: Protecting administrative privileges and decision-making processes.

3- Oracle and Dependency Risk: Securing external data feeds that protocols rely on.

4- Infrastructure Security: Safeguarding servers, nodes, and network infrastructure.

5- Supply Chain Security: Mitigating risks in software libraries and third-party dependencies.

6- Operational Security: Implementing best practices for daily protocol operations.

7- Monitoring and Incident Response: Detecting threats and managing attacks in real-time.

8- Log Management and Forensics: Capturing actionable data for post-incident analysis.

Solana Incident Response Network (SIRN): Real-Time Threat Management

Complementing STRIDE is the Solana Incident Response Network (SIRN), a collaborative network of security firms dedicated to responding to DeFi incidents as they occur. Members of SIRN share threat intelligence, coordinate rapid responses, and contribute to refining STRIDE’s security framework. This proactive approach aims to minimize the damage of attacks and help the ecosystem respond more effectively to emerging threats.

Why Now? DeFi Attacks Highlight Urgent Need for Security

The timing of STRIDE and SIRN is critical. Just a week before the announcement, the Drift Protocol suffered a devastating loss of approximately $280 million following a social engineering attack linked to North Korean threat actors. Additionally, AI agents are increasingly used in attacks, as seen in January when Step Finance lost $40 million due to automated, large-scale fund transfers.

Despite improvements in security, DeFi remains a prime target. In Q1 2026, attackers stole over $168 million from 34 DeFi protocols—a sharp decline from Q1 2025, when $1.58 billion was stolen—but the risks remain substantial. STRIDE and SIRN are designed to confront these threats head-on, offering protocols and users greater confidence in the Solana ecosystem.

Building Trust and Transparency in DeFi

One of STRIDE’s most valuable contributions is the public disclosure of security assessments. By making audits and findings openly available, Solana aims to create an environment of trust, where users and investors can clearly see which protocols maintain high security standards. This transparency is expected to encourage adoption, as both retail and institutional participants increasingly demand verifiable safety measures.

Frequently Asked Questions (FAQ)

What is STRIDE in the Solana ecosystem?
STRIDE is a security auditing framework created by the Solana Foundation and Asymmetric Research. It evaluates DeFi protocols across eight pillars of security to ensure robustness, transparency, and operational resilience.

How does the Solana Incident Response Network work?
SIRN is a collaborative network of security firms that monitors threats in real-time, shares intelligence, coordinates responses to attacks, and improves protocol security practices within the Solana ecosystem.

Why is DeFi security becoming more critical?
DeFi protocols handle large amounts of user funds and are often targets for hackers. Recent incidents, including attacks on Drift Protocol and Step Finance, demonstrate the increasing sophistication of threats, including AI-assisted exploits.

Are security findings publicly available?
Yes. Protocols audited under STRIDE have their assessments published openly. This transparency helps users and investors evaluate which projects adhere to strong security standards.

Has DeFi become safer over time?
While thefts in Q1 2026 ($168M) were significantly lower than Q1 2025 ($1.58B), attacks continue, showing that continuous vigilance and enhanced security frameworks remain essential.

Ready to Take Control of Your Crypto Journey? Start Trading Safely on BYDFi