hodler

7 Apr 2026, 10:52

Solana Foundation unveils security overhaul days after $270 million Drift exploit

The program includes 24/7 threat monitoring for protocols with more than $10 million in deposits and a dedicated incident response network of security firms.

7 Apr 2026, 08:00

Solana rolls out “Crisis Mode” to counter DeFi threats

The Solana Foundation announced rolling out a fresh set of security initiatives. It aims at tightening how DeFi projects are monitored, tested, and defended. This comes just days after a $280 million exploit hit Solana-based Drift Protocol. The hack turned out to be messy as attackers managed to gain control through a niche mechanism involving durable nonces. It led them to quickly take over administrative permissions. Hackers took advantage of a loophole that most users wouldn’t even know exists. However, analysts suggest that the pattern adopted by the attackers looks similar to previous attacks linked to North Korea. Solana moves to 24/7 monitoring The foundation highlighted that it’ll now be leaning into something more continuous, real-time monitoring. It includes formal verification for larger protocols, and a coordinated response network that can step in when things break. The idea seems to be simple. Solana wants to stop treating security as a one-time checklist. It is moving ahead with STRIDE (Solana Trust, Resilience, and Infrastructure for DeFi Enterprises) for security. The foundation explained it as a security program for all Solana DeFi. This will work with independent security evaluations. However, there will be public reporting of findings and tiered monitoring requirements based on total value locked (TVL). A post mentioned that protocols managing over $10 million in TVL will get 24/7 threat monitoring. Those who exceed $100 million will qualify for formal verification funded by the Solana Foundation . The foundation also launched the Solana Incident Response Network (SIRN). It is a dedicated network of security firms for real-time crisis response. The network aims to mobilize quickly during exploits. It turns out to be a power that has often been missing in past DeFi attacks, where response times proved critical. The Solana ecosystem will also gain access to a suite of security tools at no cost. This includes threat detection infrastructure from Hypernative and real-time risk monitoring from Range Security. However, it also holds attack simulation via Riverguard by Neodyme, and static analysis tools from Sec3 and AuditWare. Amid the hack, the Solana ecosystem had taken a hit to hover around $125 billion. SOL price has dropped by more than 4% over the last 7 days. It is trading at an average price of $80.03 at the press time. XRP voices back Solana’s Security push Around the same time, voices from the XRP side pointed out that this direction isn’t new. A validator known as Vet said Solana’s push lines up closely with what’s already being discussed between XRPL Foundation and RippleX. He mentioned recent conversations with RippleX engineers, including Ayo Akinyele, around what “next level” security actually looks like for XRPL. Vet suggested that security upgrades can’t just happen inside one ecosystem anymore. If attackers are getting more coordinated, defenses probably need to follow the same path. He also hinted that some of the work already done on XRPL has started to show results. DeFi needs to be safer across the ecosystem. Great to see Solana doubling down. Their initiatives reflect the intuition of the @XRPLF and @RippleXDev collab on the next level of XRP security blog post last week. We talked earlier this week with Ayo and Mayukha about the next… https://t.co/yGPVdn72tz — Vet (@Vet_X0) April 6, 2026 The ongoing selling pressure has also led Ripple’s XRP to dip by around 4% over the past 30 days. XRP is trading at an average price of $1.31 at the press time. The urgency behind these measures became clear following the exploit of Drift Protocol. Blockchain analytics firm Elliptic noted that the attacks’ on-chain patterns remained closely the same. North Korean threat actors have been applying similar tactics. Chainalysis estimates that North Korea was responsible for around $2 billion in crypto theft in 2025 alone. This accounts for about 60% of global illicit crypto activity. The fallout didn’t end with the exploit. Onchain Lens flagged a wallet tied to the Drift team moving over 56 million DRIFT tokens (approx worth $2.4 million) to CEX. For a long time, DeFi security mostly meant audits before launch and patches after something went wrong. As of now, it looks more like traditional systems where there is constant monitoring, simulation of attacks, and teams actively trying to break things before attackers do. There’s a middle ground between leaving money in the bank and rolling the dice in crypto. Start with this free video on decentralized finance .

7 Apr 2026, 07:00

North Korean Agents Have Been Inside DeFi For Nearly A Decade, Researcher Says

A $280 million exploit against Drift Protocol last week wasn’t just a heist — it was the latest operation tied to a network of North Korean agents who have quietly worked inside some of crypto’s biggest projects for years. Seven Years Of Cover, 40+ Platforms Breached MetaMask developer and security researcher Taylor Monahan said Sunday that North Korean IT workers have been embedded inside more than 40 decentralized finance platforms, some of them household names in the crypto space. Their infiltration goes back to what the industry calls “DeFi Summer” — roughly 2020, when decentralized finance exploded in popularity. oh god uhhhh like sushi, thorchain, yam, pickle, harvest, reclaim, swing, paid, naos, shezmu, qrolli, saffron, sifu, napier, harmony, blueberry, stabble, onering, elemental, divvy, la token, impermax, kira, cook, fantom, ankr, gamerse, metaplay, spice, beanstalk, deltaprime,… — Tay (@tayvano_) April 5, 2026 Monahan said the “seven years of blockchain development experience” these workers list on their resumes isn’t fabricated. They actually built the protocols. The Lazarus Group — the name given to North Korea’s state-sponsored cyber operation — has pulled an estimated $7 billion from the crypto industry since 2017. Reportedly: In 2026 Lazarus made 18 attacks on protocols in 3 months Stolen funds are funding “North Korea’s Nuclear Weapons” It’s the most successful venture fund built on hacks Here is the complete attack timeline https://t.co/GuNL4FTCqv pic.twitter.com/7YJzYrTEJj — jussy (@jussy_world) April 5, 2026 That figure comes from analysts at creator network R3ACH. Major attacks attributed to the group include the $625 million Ronin Bridge breach in 2022, the $235 million WazirX hack in 2024, and the $1.4 billion Bybit theft in 2025. Not All North Korean — Third-Party Proxies Now Involved What sets the Drift case apart is who showed up in person. The protocol said that face-to-face meetings connected to the breach were not conducted by North Korean nationals. Instead, reports indicate the group used third-party intermediaries — people with built-out fake identities, fabricated employment histories, and professional networks constructed to pass scrutiny. Lazarus Group is the collective name for all DPRK state sponsored cyber actors. The main issue is everyone groups them all together when the complexity of threats are different. Threats via job postings, LinkedIn, email, Zoom, or interviews are basic and in no way… pic.twitter.com/NL8Jck5edN — ZachXBT (@zachxbt) April 5, 2026 Sleuth: Companies That Still Fall For This Are Negligent Blockchain investigator ZachXBT pushed back on how the industry discusses these threats, saying not all attack types carry the same weight. Recruitment-based schemes — job postings, LinkedIn outreach, Zoom interviews — are, in his words, basic. They require no technical sophistication. What makes them effective is sheer persistence. “If you or your team still falls for them in 2026, you’re very likely negligent,” ZachXBT wrote. For companies looking to screen out bad actors, the US Office of Foreign Assets Control maintains a public database where crypto businesses can check counterparties against updated sanctions lists and watch for patterns tied to IT worker fraud. Featured image from Unsplash, chart from TradingView

7 Apr 2026, 04:27

Solana Enhances Security with STRIDE and SIRN

Solana Foundation announces STRIDE audit framework and SIRN network. Drift hack investigation reveals additional details. SOL 79.70$, strong supports 76-78$. 2026 Q1 DeFi losses 168M$. Transparency...

7 Apr 2026, 01:30

Solana Foundation Unveils Crucial Security Initiatives STRIDE and SIRN to Fortify DeFi Ecosystem

BitcoinWorld Solana Foundation Unveils Crucial Security Initiatives STRIDE and SIRN to Fortify DeFi Ecosystem In a significant move to bolster user confidence and systemic resilience, the Solana Foundation has launched two pivotal security initiatives, STRIDE and SIRN, marking a proactive step in safeguarding its rapidly expanding decentralized finance (DeFi) landscape. Announced in partnership with security research firm Asymmetric Research, these programs aim to establish new benchmarks for protocol safety and incident response across one of blockchain’s most active networks. This development arrives at a critical juncture for the broader Web3 industry, where security remains a paramount concern for developers and users alike. Solana Foundation’s STRIDE Program Sets New Security Standards The Solana Foundation designed the STRIDE program to systematically evaluate, monitor, and strengthen protocols built on its network. Consequently, this initiative will provide independent security assessments based on a comprehensive framework of eight distinct security standards. The foundation plans to disclose all assessment results transparently, thereby creating a public ledger of protocol security postures. Furthermore, this transparency allows users and developers to make more informed decisions. Independent security firms will conduct these evaluations, ensuring objective and rigorous scrutiny. The program’s structure addresses a common industry challenge: the lack of standardized, comparable security metrics for DeFi applications. Historically, the blockchain sector has relied on a patchwork of audit reports with varying methodologies. The STRIDE program seeks to unify this process specifically for the Solana ecosystem. For instance, the eight core standards likely cover critical areas like smart contract integrity, key management, and economic design. This structured approach provides a consistent baseline. Moreover, continuous monitoring differentiates STRIDE from one-time audits. Protocols must maintain their security posture over time to retain a favorable STRIDE rating. This ongoing vigilance is essential in a dynamic environment where new threats constantly emerge. The Eight Pillars of DeFi Security While the Solana Foundation has not publicly detailed all eight standards, industry experts anticipate they will align with established security frameworks. Typically, these encompass: Smart Contract Code Review: Analysis for vulnerabilities and logic errors. Access Control & Privilege Management: Ensuring proper authorization mechanisms. Financial Logic & Economic Safety: Checking for exploits like flash loan attacks. Oracle Reliability: Assessing data feed security and decentralization. Upgradeability & Governance: Reviewing admin key risks and timelock controls. Dependency Security: Auditing external libraries and cross-contract calls. Front-end Security: Protecting user interfaces from phishing and injection. Operational Security: Evaluating team procedures and incident response plans. SIRN Network Provides Rapid Security Incident Response Complementing the preventive measures of STRIDE, the Solana Incident Response Network (SIRN) establishes a coordinated coalition of professional security firms. This network exists to provide immediate, expert-led response during active security incidents. When a protocol faces an exploit or attack, SIRN members can mobilize quickly to contain the threat, analyze the breach, and guide remediation efforts. This model draws inspiration from traditional cybersecurity Computer Security Incident Response Teams (CSIRTs) but adapts it for the decentralized and fast-paced nature of blockchain. The need for such a network became evident following several high-profile exploits across the crypto industry. Often, project teams lack the specialized expertise or connections to respond effectively during the critical first hours of an incident. SIRN aims to fill this gap by providing a pre-vetted, on-call resource pool. Asymmetric Research will help coordinate this network, leveraging its expertise in blockchain security intelligence. The establishment of SIRN represents a maturing infrastructure within the Solana ecosystem, moving beyond post-mortem analysis to active defense. Context and Impact on the Solana DeFi Ecosystem The launch of these initiatives occurs against a backdrop of remarkable growth for Solana’s DeFi sector. Total Value Locked (TVL) on the network has seen significant recovery and expansion, attracting both new capital and sophisticated financial products. However, with growth comes increased attention from malicious actors. The Solana Foundation’s proactive stance signals to institutional and retail participants that security is a top priority. This commitment can enhance the network’s overall credibility and attractiveness for serious financial applications. Comparatively, other blockchain ecosystems have pursued different security strategies. Ethereum boasts a long-established culture of audits and bug bounties. Meanwhile, newer networks often rely on their core development teams for security guidance. The Solana Foundation’s structured, foundation-led approach with STRIDE and SIRN creates a middle path. It provides centralized coordination and standards while leveraging decentralized, independent experts for execution. This hybrid model could become a blueprint for other Layer-1 and Layer-2 networks seeking to scale securely. The Evolving Landscape of Blockchain Security Blockchain security is no longer solely about writing flawless code. It now encompasses economic design, game theory, and real-time operational response. The Solana Foundation’s dual-initiative launch acknowledges this complexity. STRIDE addresses the pre-deployment and continuous monitoring phase, while SIRN handles the crisis management phase. Together, they form a more complete security lifecycle for protocols. This holistic view is becoming the industry standard, as seen in the growing adoption of security ratings and insurance products. Data from various blockchain analytics firms shows that a majority of major exploits stem from preventable issues like access control flaws or oracle manipulations. Programs like STRIDE that enforce standards in these areas could dramatically reduce the frequency and severity of incidents. Moreover, a transparent security rating system empowers users. It allows them to assess risk before depositing funds, fostering a more informed and resilient community. This shift from “buyer beware” to “verified security” is crucial for mainstream adoption. Conclusion The Solana Foundation’s launch of the STRIDE and SIRN security initiatives represents a strategic investment in the long-term health and trustworthiness of its ecosystem. By establishing clear security standards and a rapid response network, the foundation is building essential public infrastructure for its DeFi landscape. These measures aim to reduce systemic risk, protect user assets, and provide developers with the tools and frameworks needed to build secure applications. As the blockchain industry matures, such proactive, structured security efforts will likely become a critical differentiator for networks competing for the future of finance. FAQs Q1: What is the main goal of the Solana Foundation’s STRIDE program? The primary goal of the STRIDE program is to systematically evaluate and strengthen the security of protocols on Solana through independent audits based on eight standardized criteria, with results published transparently to inform users and developers. Q2: How does the SIRN network function during a security incident? The Solana Incident Response Network (SIRN) functions as a coordinated group of pre-vetted security firms that can be mobilized quickly to provide expert analysis, containment guidance, and remediation support to a project experiencing an active exploit or security breach. Q3: Are participation in STRIDE and SIRN mandatory for Solana projects? While not explicitly stated as mandatory, participation is strongly encouraged by the Solana Foundation. Projects that undergo STRIDE assessments and are covered by SIRN will likely signal higher security standards to the community, potentially attracting more users and capital. Q4: How do these initiatives compare to security measures on other blockchains like Ethereum? Unlike Ethereum’s more decentralized and organic audit culture, Solana’s STRIDE and SIRN represent a foundation-coordinated, standardized approach. It provides a unified framework and rapid response system, which is somewhat analogous to corporate CSIRT models adapted for Web3. Q5: What does this mean for an average user of Solana DeFi applications? For the average user, these initiatives aim to create a safer environment. STRIDE’s transparent ratings will allow users to identify which protocols have undergone rigorous security checks, while SIRN provides a safety net for faster incident response, potentially minimizing fund losses during exploits. This post Solana Foundation Unveils Crucial Security Initiatives STRIDE and SIRN to Fortify DeFi Ecosystem first appeared on BitcoinWorld .

6 Apr 2026, 23:30

Solana Foundation Launches STRIDE Security Program for DeFi Protocols Following Drift Incident

The Solana Foundation and Asymmetric Research launched STRIDE on Monday, a tiered security program built to protect decentralized finance ( DeFi) protocols across the Solana ecosystem with ongoing evaluations, threat monitoring, and formal verification. The initiative follows the Drift Protocol hack that saw $286 million pilfered in 12 minutes last week. Key Takeaways: The Solana