Solana Foundation has launched a new series of initiatives to improve the security of decentralized finance (DeFi) platforms. These steps were taken following the recent $270 million cyber attack on Drift Protocol, which was reported to have been carried out by a group affiliated with North Korea.
Comprehensive control with Stride and SIRN initiatives
The newly launched Stride program will be managed by Asymmetric Research. Within the scope of the program, DeFi protocols on Solana will be evaluated according to eight security basic areas and the results will be shared with the public. Additionally, a membership-based network of security experts called Solana Incident Response Network (SIRN) was created. This network is designed for real-time crisis response.
The initiatives target some of the vulnerabilities exposed by the attack in Drift. However, it was stated that there was no direct damage to smart contracts or audited codes in the incident. The attackers infiltrated the system through the human factor by establishing relationships with Drift team members for six months, seizing devices with malicious software.
The Stride program will provide ongoing operational cybersecurity monitoring support to protocols that have more than $10 million in total locked assets and have successfully passed the assessment. It was stated that the level of this support will be adjusted according to the risk profile of each protocol.
Formal verification and operational support
For protocols with total locked assets over $100 million, the Foundation will provide support for formal verification processes that mathematically test all possible work in smart contracts. This type of verification is used to guarantee the accuracy of the codes of the relevant protocols.
In addition to Asymmetric Research, the founding members of the program included OtterSec, Neodyme, Squads and ZeroShadow. The SIRN network is open to all projects operating in the Solana ecosystem, and resource allocation will primarily focus on protocols with higher locked value.
However, it was emphasized that formal verification would not be possible to detect the latest attack carried out by attackers affiliated with North Korea. It was stated that attackers could access administrative approvals and initiate transactions through team members’ devices, and this process cannot be separated by traditional monitoring mechanisms.
On the other hand, it is evaluated that SIRN can contribute to rapid response after possible attacks. Onchain security researcher ZachXBT criticized USDC stablecoin issuer Circle Internet for delaying its response by not freezing more than $230 million in the six-hour period after the attack.
Solana Foundation emphasized that the new programs do not take over the primary responsibility for the protocols, meaning that the security obligations of the projects will continue. Additionally, a variety of free security tools for threat detection and attack simulation are available to developers at Solana.
