Drift Protocol, a Solana-based decentralized exchange, confirmed it was hit in a roughly $280 million exploit, calling the breach a “highly sophisticated operation.” The team said preliminary findings show attackers abused Solana’s durable nonces — a mechanism that lets users pre-sign transactions — to gain unauthorized administrative control and rapidly drain funds. Drift paused deposits and withdrawals and coordinated with security firms, bridges and exchanges after detecting the attack.
The theft, which began Wednesday, involved multiple assets including Circle’s USDC and various altcoins. Onchain data showed the exploiter converted the bulk of stolen assets into USDC and later bridged the funds to Ethereum. Reports indicate the exploiter had purchased about 130,262 ETH (around $267 million) by the time of reporting.
The incident stands out because it appears to exploit a legitimate Solana transaction feature rather than a straightforward smart-contract bug. Durable nonces allow transactions to bypass standard expiration windows and enable pre-signed transactions for future execution, offline signing, or complex multisig workflows. Drift said the attacker leveraged durable-nonce-based pre-signed transactions to obtain administrative access and execute malicious operations almost immediately after submission. While durable nonces have not commonly been the sole cause of major exploits, developers have warned that delayed-execution features introduce complexity and can increase risk if misused or combined with other vulnerabilities.
The attack has also renewed scrutiny of Circle, issuer of USDC. Investigators and onchain sleuths noted the exploiter took hours to swap roughly $270 million into USDC before bridging to Ethereum, and argued Circle had a window of several hours to freeze the funds but did not. Critics contrasted Circle’s response with prior incidents where wallets were blacklisted. Some industry observers stressed that while Circle can freeze funds, it is not always obligated to do so — and suggested that proposed regulatory frameworks such as the GENIUS Act could change how and when centralized issuers must intervene.
The episode adds to ongoing debate over whether centralized platforms should intervene during blockchain attacks. The investigator ZachXBT has repeatedly questioned Circle’s actions in recent incidents; Circle CEO Jeremy Allaire has said the company acts on law enforcement requests when freezing funds.
Cointelegraph is committed to independent, transparent journalism. This article follows Cointelegraph’s Editorial Policy; readers are encouraged to verify information independently. Read the Editorial Policy at https://cointelegraph.com/editorial-policy