Solana is trying to reset the way its DeFi ecosystem handles security after a series of damaging exploits culminated in the roughly $285 million Drift Protocol breach on April 1. The launch of STRIDE and the Solana Incident Response Network marks a clear move away from reactive security toward a model built on constant surveillance and faster intervention.
The two initiatives are meant to work together. STRIDE introduces a tiered, continuous security framework for DeFi protocols, while SIRN creates a 24/7 response layer designed to coordinate intelligence and mitigation during live incidents.
Solana is shifting from periodic audits to continuous defense
At the core of STRIDE is the idea that security should scale with protocol risk rather than rely on isolated audit cycles. The program applies continuous evaluations across multiple technical areas, including program integrity, governance controls and oracle dependencies, instead of treating security as a one-time checkpoint.
The framework becomes more demanding as a protocol grows. Projects with more than $10 million in total value locked are placed under round-the-clock monitoring, while those above $100 million become candidates for formal verification and deeper assurance work. That structure is designed to focus the most intensive scrutiny on the systems with the greatest potential to cause wider market damage.
Transparency is also part of the design. Independent assessments are expected to be conducted and published, giving users and counterparties a clearer view into the condition of protocols and the specific risks embedded in their architecture.
A standing response network is meant to cut reaction time
SIRN adds the operational layer that STRIDE alone cannot provide. The network is built to centralize live threat intelligence, share indicators of compromise and coordinate crisis playbooks so that active exploits can be identified and contained faster.
That matters because recent incidents exposed how quickly losses can spread once an attack begins. By focusing on detection-to-remediation speed, SIRN is intended to reduce the time gap between the first signs of exploitation and a coordinated response across the ecosystem.
The program is also tailored to the threat patterns Solana has recently faced. The security overhaul directly addresses attack vectors revealed by recent exploits, including durable nonce abuse in the Drift incident and the growing concern around automated, AI-assisted attack methods.
The broader goal is to rebuild confidence after a bruising quarter
The Foundation’s response comes after a difficult period for Solana DeFi. Roughly $168 million was stolen across 34 DeFi protocols in the first quarter of 2026, and the Drift exploit intensified a broader confidence shock that spilled into market performance and exchange operations.
That backdrop explains why the new measures go beyond technical fixes. STRIDE and SIRN are also meant to restore trust by making security standards more visible, governance and oracle dependencies easier to assess, and incident handling more structured across the ecosystem.
The Foundation is presenting both initiatives as living systems rather than static policies. Lessons from real incidents are expected to feed back into monitoring rules, verification priorities and response playbooks, creating a continuous loop aimed at reducing exploitable weaknesses over time.
