Articles
Solana

Drift explains $280M exploit as critics question Circle over USDC freeze

User Image

โดย ไม่ระบุชื่อ

สร้างแล้ว April 02, 2026|อ่านใน 2 นาที
Main Image

Drift said a durable nonce attack helped drive its Solana exploit, as critics questioned why stolen USDC moved for hours without a freeze.

Drift Protocol, a Solana-based decentralized exchange (DEX), confirmed Thursday it was targeted in a roughly $280 million exploit, describing it as a “highly sophisticated operation.”

The platform took to X on to share its findings from a preliminary investigation, saying that the attackers exploited Solana’s durable nonces, a mechanism enabling pre-signed transactions, to seize control and drain funds. The protocol had earlier said it was experiencing an active attack and suspended deposits and withdrawals while coordinating with security firms, bridges and exchanges.

The attack began on Wednesday, with the theft involving multiple assets, including Circle’s USDC (USDC) and various altcoins. Onchain data later showed that the exploiter swapped the majority of assets into USDC, with the funds later bridged to Ethereum.

The incident has attracted scrutiny not only because it appears to involve abuse of a legitimate Solana transaction feature rather than a plain smart contract failure, but also for how funds moved across chains for hours without being frozen, raising questions about intervention by centralized stablecoin issuers.

Solana’s durable nonces are a unique feature allowing transactions to bypass certain expiration windows and enabling users to pre-sign transactions for future execution, offline signing, or complex multisig workflows.

Drift said the attacker used durable nonce-based, pre-signed transactions to gain unauthorized administrative access and execute malicious actions quickly after submission.

Durable nonces have not been widely associated with major exploits on their own, but developers have noted that features enabling delayed execution can introduce complexity and potential risks if misused or combined with other vulnerabilities.

The incident has sparked criticism of the USDC issuer Circle, as the attacker took hours to swap $270 million to the stablecoin before bridging to Ethereum.

Onchain sleuth ZachXBT and others said the company had at least six hours to freeze funds but did not act, contrasting the response with previous cases where wallets were blacklisted.

Some industry figures pointed to the gap between Circle’s ability to freeze funds and any obligation to do so.

“Circle could freeze it. But they’re not required to,” pseudonymous user Molu wrote on X, adding that proposed regulatory frameworks such as the GENIUS Act could change that dynamic by requiring intervention under finalized rules.

Related: Balancer Labs shuts down 4 months after $100M+ exploit, protocol to continue

The incident marks yet another case in the ongoing debate over intervention by centralized platforms during attacks, with ZachXBT repeatedly criticizing Circle over the issue.

The investigator previously questioned Circle’s response to USDC tied to a Bybit-related hack in late February, prompting a response from Circle CEO Jeremy Allaire, who said the company acts on law enforcement requests before freezing funds.

Magazine: Nobody knows if quantum secure cryptography will even work

Source: CoinTelegraph


บทความอื่นๆที่เผยแพร่เมื่อเร็วๆนี้

Ripple once weighed shutting down and handing XRP to shareholders, CEO says
Ripple once weighed shutting down and handing XRP to shareholders, CEO says

Crypto Market Analysis

Ripple's Brad Garlinghouse says he and co-founder Chris Larsen considered winding the company down a...

Bitcoin, ether little changed as U.S. launches fresh Iran strikes
Bitcoin, ether little changed as U.S. launches fresh Iran strikes

Bitcoin

The U.S. hit Iran for the third time this week and Tehran has reportedly closed the Strait of Hormuz...

Bitcoin is nearing a power law support line Fidelity has tracked since 2015
Bitcoin is nearing a power law support line Fidelity has tracked since 2015

Bitcoin

The group's Dir. of Global Macro Jurien Timmer calls it an accumulation zone but notes the lack of a...

Cambridge study puts Ethereum near the lower end of PoS energy intensity
Cambridge study puts Ethereum near the lower end of PoS energy intensity

Ethereum

Cambridge estimated that Ethereum consumes 7.87 GWh annually and has the second-lowest market-value-...

Bitcoin’s BIP 110 fork deadline nears with miner support at zero
Bitcoin’s BIP 110 fork deadline nears with miner support at zero

Bitcoin

The BIP 110 proposal would cap arbitrary data on Bitcoin for a year, but Saylor, Adam Back and other...

Empery Digital shares rise after selling Bitcoin to fund AI data center project
Empery Digital shares rise after selling Bitcoin to fund AI data center project

Bitcoin

The sales come months after a major Empery shareholder demanded the firm ditch its Bitcoin treasury ...