A sophisticated attack on Drift Protocol drained $280 million in assets, prompting scrutiny of Circle's response to the incident.
Drift Protocol, a decentralized exchange on Solana, confirmed on Thursday that it suffered a $280 million exploit, describing it as a highly sophisticated operation. The platform announced the incident on X, stating that attackers used Solana's durable nonces to gain unauthorized access and drain funds.
According to Drift's preliminary investigation, the exploit involved pre-signed transactions enabled by Solana's durable nonce feature, which allows for offline signing and delayed execution. This mechanism was manipulated to seize control and execute malicious actions quickly.
Details of the Attack
The attack began on Wednesday and targeted multiple assets, including Circle's USDC and various altcoins. Onchain data showed that the exploiter swapped most assets into USDC and bridged them to Ethereum, with the theft amounting to approximately $280 million.
Solana's durable nonces are designed for legitimate uses like complex multisig workflows, but developers have noted that they can introduce risks if misused. Drift stated that the attackers exploited this feature to bypass normal security measures.
Criticism of Circle's Response
Critics, including onchain investigator ZachXBT, questioned why Circle did not freeze the stolen USDC funds, which moved for hours after the exploit. The exploiter converted about $267 million into Ether by the time of reporting, highlighting a potential gap in intervention protocols.
Industry figures noted that while Circle has the ability to freeze funds, it is not obligated to do so without specific requests, such as from law enforcement. This incident adds to ongoing debates about the role of centralized stablecoin issuers in security responses, referencing past cases like a Bybit-related hack.
The exploit has drawn attention to vulnerabilities in decentralized finance platforms, with Drift suspending deposits and withdrawals while coordinating with security firms and exchanges to mitigate further risks.