The Solana Foundation announced a suite of security initiatives on Monday, just five days after decentralized finance (DeFi) platform Drift Protocol suffered a $270 million exploit carried out by a North Korean state-affiliated group following a six-month social engineering campaign.

The centerpiece is Stride, a structured evaluation program led by Asymmetric Research that will assess Solana DeFi protocols against eight security pillars and publish its findings publicly. The foundation also introduced the Solana Incident Response Network (SIRN), a membership-based group of security firms and researchers focused on real-time crisis response.

The initiatives address part of the problem exposed by Drift, but not the mechanics that actually caused the loss. Drift's smart contracts were not compromised, and its code passed audits. The vulnerability was human: The attackers spent six months building relationships with Drift contributors and compromised their devices through a malicious code repository and a fake TestFlight app.

Under Stride, protocols with more than $10 million in total value locked (TVL) that pass the evaluation will receive ongoing operational security and active threat monitoring funded by Solana Foundation grants, with coverage calibrated to each protocol's risk profile.

For protocols with more than $100 million in TVL, the foundation will also fund formal verification, a mathematical method that checks every possible execution path in a smart contract to guarantee correctness.

In addition to Asymmetric Research, founding members include OtterSec, Neodyme, Squads, and ZeroShadow. The network is available to all Solana protocols but prioritized by TVL.

Stride's formal verification, however, would not have caught the North Korean attack, which used the compromised devices to obtain multisig approvals that were then locked into durable nonce transactions and executed weeks later.

Neither would 24/7 monitoring of onchain activity, because the transactions were valid by design and indistinguishable from legitimate administrative actions until they were used to drain the vaults. The attack exploited the gap between onchain correctness and offchain human trust, a gap no smart contract audit or monitoring tool is built to cover.

SIRN, however, could have helped with the response. ZachXBT, an onchain security expert, criticized stablecoin issuer Circle Internet (CRCL) for failing to freeze over $230 million of its stolen dollar-pegged USDC during a six-hour window after the attack began.

A dedicated incident response network with established relationships to bridge operators, exchanges and stablecoin issuers might have shortened the response time. Whether it would have been fast enough to prevent the Wormhole bridging and obfuscation through Tornado Cash is an open question.

The foundation was careful to note that the programs "do not transfer the underlying responsibility away from the protocols themselves," a line that reads differently after Drift's postmortem revealed that individual contributor devices were the entry point for a nation-state attack.

Solana already hosts several free security tools for builders, including Hypernative for threat detection, Range Security for real-time monitoring, and Neodyme's Riverguard for attack simulation.