Drift Protocol, a decentralized exchange on Solana, said it had opened onchain contact with wallets tied to an exploit estimated by outside firms at roughly $280 million to $286 million.
In a post on X, Drift said it sent onchain messages from its Ethereum address (0x0934faC) to four wallets linked to the exploiter, urging the attacker to communicate via Blockscan chat. The team wrote, “We are ready to speak.”
Onchain messaging has become a common response tactic for projects seeking to engage attackers while preserving anonymity. Similar outreach in past incidents, such as the Euler Finance hack, helped secure partial recoveries.
An unrelated anonymous sender using the ENS name readnow.eth also contacted wallets tied to the exploiter on Thursday, claiming to know identities behind the attack and demanding 1,000 ETH in exchange for withholding information. Those claims could not be independently verified and may be attempts to mislead or pressure the wallet holders.
The fallout on Solana has been broad. Data from SolanaFloor indicates the exploit has impacted at least 20 Solana projects, including DeFi firm Gauntlet, which is estimated to have lost about $6.4 million. Blockchain security firm Cyvers reported the incident’s effects were still expanding as of Friday morning and that no funds had been recovered 48 hours after the attack.
Cyvers characterized the operation as likely a “weeks-long, staged operation,” noting the attacker used durable nonces — a Solana feature that allows users to pre-sign transactions for later execution — in the days before the exploit. The firm said that pattern resembles the Bybit hack, in which signers may have unknowingly approved malicious transactions.
Some observers, including Ledger CTO Charles Guillemet, have suggested the attack may involve actors linked to North Korea, but those allegations remain unconfirmed.
The situation is still developing. Reporting aims to provide accurate, timely information; readers are encouraged to verify details independently as updates emerge.