Drift revealed that the $280 million exploit on its Solana based trading platform was caused by a highly sophisticated administrative takeover involving weeks of preparation. The platform said a malicious actor gained unauthorized access using durable nonce accounts, allowing pre-signed transactions to be executed later.
According to Drift, the attacker secured multisig transaction approvals in advance, likely through social engineering or misrepresentation of transactions. This enabled the takeover of Security Council administrative powers, allowing the attacker to introduce a malicious asset and remove withdrawal limits. Drift confirmed the incident was not caused by a smart contract flaw or seed phrase compromise.
All deposits across borrow-lend, vault, and trading systems were affected. Stolen tokens included JLP, SOL, USDC, cbBTC, and wBTC. As a precaution, all remaining protocol functions were frozen, and the compromised wallet was removed from the multisig. Drift also stated it is working with exchanges, bridges, and law enforcement to trace and freeze the stolen funds.
ZachXBT Criticism of Circle USDC Response
Onchain investigator ZachXBT criticized Circle over its handling of USDC tied to the exploit. He claimed more than $230 million in USDC linked to the attack was transferred from Solana to Ethereum through the Cross-Chain Transfer Protocol without being frozen.
ZachXBT stated Circle had roughly six hours to act but did not freeze the funds. He also referenced an earlier incident in which Circle froze 16 USDC wallets tied to separate businesses without issuing an official explanation, raising concerns among community members about centralized control over stablecoin operations.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.