Solana Expands Security Push After Drift Exploit – Phantom Outage Underscores Broader Risk
The Solana Foundation is rolling out a sweeping set of security initiatives aimed at strengthening its DeFi ecosystem, just days after a $270 million exploit on Drift Protocol exposed vulnerabilities that had little to do with code - and as a separate outage at Phantom wallet highlighted how fragile user-facing infrastructure can be under pressure.
Summary:
- Solana launched new security programs following the $270M Drift exploit driven by social engineering.
- A temporary Phantom wallet outage revealed additional risks at the interface layer.
- The ecosystem is shifting toward full-stack security – beyond just smart contracts.
The timing reflects a network under pressure from multiple angles.
Last week’s Drift exploit was not caused by faulty smart contracts. Instead, attackers – reportedly linked to a North Korean state-affiliated group – spent months infiltrating the project through social engineering. By compromising contributor devices using a malicious code repository and a fake TestFlight app, they bypassed traditional security layers entirely.
Then, over the weekend, Phantom – one of the most widely used wallets in the Solana ecosystem – reported a temporary outage affecting token balances and price displays. While the issue was resolved within hours and no funds were lost, the incident reinforced a separate but equally important point: even when the chain is functioning correctly, the tools users rely on can still fail.
Taken together, the two events point to the same conclusion. The risk surface is expanding – and it is no longer confined to smart contracts.
A Security Model That Moves Beyond Code
At the center of the new framework is STRIDE, a structured security evaluation program led by Asymmetric Research. Rather than focusing narrowly on code audits, STRIDE evaluates protocols across multiple layers – including infrastructure, operational processes, and overall attack surface. The results will be published publicly, creating a shared security standard across Solana DeFi.
The Foundation is also introducing 24/7 active threat monitoring for protocols with more than $10 million in total value locked. This marks a move toward continuous security rather than periodic audits – identifying threats as they develop instead of after damage is done.
For larger protocols, those exceeding $100 million in TVL, the requirements increase further. These projects will undergo formal verification, a process that mathematically proves the correctness of smart contracts. It is expensive and time-consuming, but increasingly necessary as more capital concentrates on-chain.
Building a Real-Time Response Layer
Another key piece is the launch of the Solana Incident Response Network (SIRN) – a coordinated group of security firms and researchers designed to respond to exploits in real time.
READ MORE: Circle Introduces Arc: A New Roadmap for Quantum-Resistant Crypto Infrastructure
In traditional finance, crisis response systems are embedded into the infrastructure. In DeFi, they are often improvised. SIRN is an attempt to formalize that layer, ensuring that when incidents occur, there is a predefined network capable of acting quickly.
That speed matters. In cases like Drift, minutes – not hours – can determine how much value is ultimately lost.
Phantom’s Outage and the Interface Risk
The Phantom incident, while far less severe, adds another dimension to the conversation.
Users reported incorrect token balances and pricing data during the outage, creating temporary confusion across the ecosystem.
The team confirmed it was a service disruption rather than a security breach, and functionality was restored shortly after.
Still, the episode highlights a critical point: the user experience layer – wallets, APIs, frontends – is just as important as the underlying blockchain. If users cannot trust what they see, even temporarily, confidence erodes.
It is a different category of risk than exploits like Drift, but it sits within the same broader system.
The Real Problem: Security Is Now Full-Stack
What both incidents make clear is that crypto security is no longer just about writing better code.
Drift’s contracts were audited. Phantom’s issue did not involve stolen funds. Yet both events disrupted trust – one through loss, the other through uncertainty.
The threat landscape has evolved. Attackers are targeting developers, supply chains, and operational workflows. At the same time, infrastructure complexity means that even non-malicious failures can ripple across the ecosystem.
Solana’s new initiatives are an attempt to respond to that reality by expanding security beyond the contract layer – into monitoring, response, and ecosystem-wide standards.
A Necessary Shift – But Not a Final Answer
Whether this approach is enough remains to be seen.
As DeFi grows and institutional capital continues to enter the space, the tolerance for both exploits and outages is shrinking. Security is no longer a competitive advantage – it is a baseline requirement.
Solana’s strategy is to get ahead of that shift, investing in systems that address not just known vulnerabilities, but emerging ones.
The harder challenge is that some of those vulnerabilities – particularly the human layer – are not easily solved.
What the past week has shown is that the definition of “secure” in crypto is changing. It now includes not just the code that runs the network, but the people who build it and the tools users depend on to access it. The good news is that the crypto industry is increasingly focusing on security in light of growing threats, including quantum risk.
The information presented in this article is intended for informational purposes only and should not be interpreted as financial, investment, or trading advice. Coinspress.com does not promote or advocate for any particular investment strategy, asset, or cryptocurrency project. Cryptocurrency markets are highly volatile and unpredictable – always perform your own research and seek guidance from a qualified financial professional before making any investment decisions.
Alexander Stefanov
Reporter at CoinsPress
Alex is Editor-in-Chief of Coinspress and co-founder of Millennial Media Group, with nearly a decade of experience covering financial markets - crypto first, then everything else. It started in 2016 with Bitcoin. Like most people at the time, he didn't fully understand it - so he kept digging. Blockchain, tokenomics, the projects, the cycles. That curiosity never stopped, and eventually pulled him into traditional markets too: equities, commodities, macro. Not because he left crypto behind, but because you can't properly understand one without the other. What drives him is straightforward: he wants to know why something is happening, not just that it's happening. Most market coverage stops at the headline - price up, price down, here's a chart. Alex finds that kind of reporting actively unhelpful. If you walk away from an article without understanding the mechanism behind the move, what did you actually learn? He holds a degree in Tourism from New Bulgarian University - not the most obvious path into financial markets, but markets have a way of pulling in people who are simply too curious to stay out. He has authored over 200 in-depth analyses and more than 10,000 articles across crypto and traditional finance. He still thinks every day in markets teaches him something new. That's probably why he hasn't stopped.
