Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
The initiative offers round-the-clock threat surveillance for protocols with over $10 million in deposits and a dedicated incident response network comprising security firms.
(Solana)
Key points:
- The Solana Foundation introduced Stride along with the Solana Incident Response Network (SIRN) to enhance security measures across DeFi protocols.
- This initiative was revealed shortly after the $270 million exploit involving the Drift platform, which was linked to a North Korean state-affiliated group.
- While Stride and SIRN are designed to improve technical defenses and expedite crisis management, the Drift incident highlighted that human-targeted social engineering and compromised contributor devices are significant vulnerabilities.
The Solana Foundation disclosed a range of security measures on Monday, merely five days following the $270 million exploit of the Drift Protocol, executed by a North Korean state-affiliated group after a lengthy social engineering operation lasting six months.
The focal point of these measures is Stride, a structured evaluation initiative led by Asymmetric Research that will examine Solana DeFi protocols against eight security benchmarks and publicly share its results. The foundation also rolled out the Solana Incident Response Network (SIRN), a group of security firms and researchers that will focus on real-time crisis management.
These initiatives aim to address some of the issues highlighted by the Drift incident, yet they do not tackle the underlying causes of the loss. Drift’s smart contracts remained intact, and its coding had passed audits. The vulnerability was rooted in human factors: The attackers spent six months establishing connections with Drift contributors, compromising their devices via a malicious code repository and a deceptive TestFlight application.
Through Stride, protocols with more than $10 million in total value locked (TVL) that successfully complete the evaluation will receive ongoing operational security and active threat monitoring funded by grants from the Solana Foundation, tailored to each protocol’s risk assessment.
Related Posts
For protocols with a TVL exceeding $100 million, the foundation will also provide funding for formal verification, a mathematical approach that verifies every potential execution path in a smart contract to ensure its accuracy.
In addition to Asymmetric Research, founding members consist of OtterSec, Neodyme, Squads, and ZeroShadow. The network is accessible to all Solana protocols but is prioritized based on TVL.
However, Stride’s formal verification would not have detected the North Korean attack, which leveraged compromised devices to secure multisig approvals that were subsequently locked into enduring nonce transactions and executed weeks later.
Neither would continuous monitoring of on-chain activities have detected it, as the transactions were valid by design and indistinguishable from legitimate administrative actions until they were utilized to deplete the vaults. The attack took advantage of the divide between on-chain accuracy and off-chain human trust, a gap that no smart contract audit or monitoring tool is designed to address.
Conversely, SIRN could have aided in the response. ZachXBT, an on-chain security specialist, criticized stablecoin issuer Circle Internet (CRCL) for not freezing over $230 million of its stolen dollar-pegged USDC during a six-hour period following the onset of the attack.
A specialized incident response network with established connections to bridge operators, exchanges, and stablecoin issuers might have reduced the response time. Whether it would have been swift enough to avert the Wormhole bridging and the obfuscation through Tornado Cash remains uncertain.
The foundation emphasized that the programs “do not shift the inherent responsibility away from the protocols themselves,” a statement that carries a different weight in light of Drift’s postmortem, which revealed that individual contributor devices were the entry point for a nation-state attack.
Solana already provides several complimentary security tools for developers, including Hypernative for threat detection, Range Security for real-time oversight, and Neodyme’s Riverguard for attack simulations.
