- Solana Foundation security framework includes STRIDE audits and protocol monitoring.
- SIRN Incident network coordinates response activities and supports protocols in the event of an active threat.
- In Q1 2026, more than $168 million was lost due to exploits, fueling new Solana security controls.
The Solana Foundation announced a new security program on Monday to standardize risk assessments and enhance response coordination across Solana-based protocols, after several high-profile exploits of decentralized finance.
The framework proposes a formal auditing framework and an incident-response network, with funding for security work allocated by Asymmetric Research.
According to the announcement, the initiative aims to address evolving threat patterns while providing structured evaluation tools and coordinated response mechanisms. The Solana Foundation said adversaries are “rapidly innovating,” and positioned the rollout as an additional layer of support for protocols operating within its ecosystem.
Solana Foundation defines STRIDE and the eight-pillar security model
The Solana Foundation structured its new framework around eight core areas of assessment: program security; governance and access control; oracle and dependency risk; infrastructure security; supply chain security; operational security; monitoring and incident response; and log management and forensics.
These categories form the basis of a standardized review process intended to evaluate security across multiple layers of protocol operations.
At the center of this approach is STRIDE, short for Solana Trust, Resilience, and Infrastructure for DeFi Enterprises. The Solana Foundation described STRIDE as a continuous evaluation and monitoring program for projects within the ecosystem.
Under this model, Asymmetric Research will conduct independent assessments using its own framework, with results scheduled for public release after completion.
The publication of evaluation outcomes introduces a disclosure mechanism that allows users and investors to access security assessments. While the format of these disclosures was not specified, the Solana Foundation confirmed that the findings would be made available after review. The framework, therefore, combines structured evaluation with public reporting, expanding visibility into protocol-level security conditions.
Solana Foundation links STRIDE support to TVL thresholds
The Solana Foundation established a tiered support system tied to total value locked, linking access to security resources with protocol size. Protocols holding more than $10 million in TVL that pass STRIDE evaluations will receive ongoing operational security support, including active threat monitoring funded by the foundation.
However, projects with TVL exceeding $100 million will be eligible for additional formal verification tools for smart contract validation. These tools are intended to support higher-value systems following successful evaluation within the STRIDE framework.
The Solana Foundation indicated that participation in STRIDE enables protocols to qualify for continued monitoring and support services.
At the same time, access to higher tiers of assistance depends on both TVL thresholds and successful completion of the evaluation process. The announcement did not indicate that participation in the framework is mandatory.
Solana Foundation introduces SIRN to coordinate incident response
Also under the auditing framework, the Solana Foundation launched the Solana Incident Response Network (SIRN), a membership-based program that coordinates responses to security incidents.
Nonetheless, security firms and researchers are also involved in the network, and the founders are known as Asymmetric, OtterSec, and Neodyme.
SIRN can be used by any Solana-based protocol, but access to resources will be based on TVL levels. According to the Solana Foundation, the network will be used to coordinate response activities in the event of active threats, enabling communication between protocol teams and security providers.
The introduction of SIRN separates incident response from evaluation processes. Whereas STRIDE focuses on monitoring and assessment, SIRN focuses on real-time response coordination.
Exploit data provides context for Solana Foundation rollout
The Solana Foundation announcement follows a sequence of incidents affecting decentralized finance protocols.
According to an earlier report by CoinRaftar, Drift Protocol suffered a loss of approximately $280 million in one of the year’s largest exploits. The attack was described as a social engineering operation linked to North Korean threat actors.
In a separate incident earlier in January, Step Finance experienced a loss of around $40 million.
Further information provided by DefiLlama reveals that over $168 million was stolen by 34 DeFi protocols in the first quarter of 2026. This figure is a reduction from the same period in 2025, when losses amounted to $1.58 billion.
