Drift disclosed more details on Wednesday's attack on the Solana-based trading platform, which drained approximately $280 million, marking one of the largest exploits in DeFi history.
According to a post published to X early Thursday morning, Drift described the attack as a "highly sophisticated operation" involving weeks of preparation.
"A malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers," the team wrote.
Drift said the attacker pre-positioned access using durable nonce accounts, which allow pre-signed transactions to be executed later, and obtained multisig approvals in advance, likely through social engineering or transaction misrepresentation.
This granted control over protocol-level permissions, enabling the attacker to introduce a malicious asset and eliminate withdrawal limits to drain the funds. Drift ruled out the possibility of a smart contract flaw or a seed phrase compromise.
As a result, Drift said all deposits into the platform's borrow-lend, vault, and trading deposits were affected. Earlier reports said stolen tokens include JLP, SOL, USDC, cbBTC, and wBTC.
"As a precautionary measure, all remaining protocol functions have been frozen, and the multisig has now been updated to remove the compromised wallet," Drift noted, adding that it is working with bridges, exchanges, and law enforcement to track and freeze the stolen $280 million.
Drift Protocol is a decentralized, open-source trading platform built on the Solana blockchain. It is often considered to be a core part of the Solana ecosystem, particularly for perps trading, with a total value locked above $550 million, according to DeFiLlama.
Meanwhile, prominent onchain sleuth ZachXBT published harsh criticism of USDC issuer Circle in connection to the Drift exploit.
Citing onchain data, ZachXBT claimed that over $230 million worth of USDC linked to the attack were moved from Solana to Ethereum via Circle's Cross-Chain Transfer Protocol (CCTP).
"Value was moved and nothing was done yet again," ZachXBT wrote. "Six hours is how long Circle had to freeze stolen funds from the $280M+ Drift hack."
The onchain investigator had previously denounced Circle for freezing 16 USDC wallets linked to separate businesses without giving an official explanation. At the time, ZachXBT said the wallets were likely tied to an ongoing U.S. civil case. Nonetheless, this attracted significant scrutiny from the crypto community, who raised concerns about the centralized nature of Circle's oversight of USDC.
The Block has reached out to Circle for comment.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.