- Drift Protocol on Solana was exploited for about $280 million after attackers abused durable nonce-based pre-signed transactions
- Most stolen assets were converted to USDC and bridged to Ethereum, renewing debate over when Circle should freeze suspicious funds
Solana-based derivatives exchange drift suffered a major security breach this week, with attackers exploiting a core Solana transaction feature to siphon roughly $280 million in digital assets. The incident is drawing attention across the crypto sector not only for the scale of funds involved, but also for how stablecoins were moved across chains without being frozen, reigniting debate over the role of centralized issuers during on-chain attacks.
How the exploit on drift unfolded
Drift Protocol confirmed on Thursday that it had been hit by what it described as a “highly sophisticated” exploit. According to the team’s preliminary findings, the attackers abused Solana’s durable nonce mechanism, which allows pre-signed transactions to remain valid beyond normal expiration windows. By leveraging those nonce-based, pre-signed transactions, the exploiter was able to gain unauthorized administrative access and rapidly execute a series of malicious actions on the decentralized exchange.
The attack began on Wednesday and involved multiple assets, including Circle’s USDC and various altcoins listed on the Solana-based platform. Once control had been seized, the attacker drained funds from drift and then began consolidating the stolen assets. Onchain analysis later showed that the majority of tokens taken from the protocol were swapped into USDC before being bridged from Solana to Ethereum.
During the incident, drift reported an active attack, suspended deposits and withdrawals, and said it was coordinating with security firms, cross-chain bridges and centralized exchanges. Despite those measures, the exploiter managed to move funds across networks for hours, underscoring how quickly attackers can pivot between chains and into liquid stablecoins.
Solana durable nonces at the center of the attack
At the technical core of the exploit is Solana’s durable nonce feature. This mechanism allows transactions to bypass the usual blockhash expiry model and instead rely on a special account-based nonce, enabling users to pre-sign transactions for future execution. It is commonly used for workflows such as offline signing or complex multisig setups that require more time or coordination than standard transactions allow.
In this case, drift reported that the exploiter crafted durable nonce-based, pre-signed transactions that granted them elevated permissions. Because these transactions do not expire in the same way as ordinary Solana transactions, the attacker could submit them at an opportune moment to rapidly execute their plan. The incident highlights how features designed for legitimate operational flexibility can become attack vectors when not fully accounted for in protocol security models.
The fact that the breach appears tied to a mainstream Solana transaction primitive, rather than a straightforward smart contract bug, has sparked concern among developers and security teams. Protocols built on Solana may now revisit how they interact with durable nonces and how administrative actions are authorized to avoid similar abuse.
USDC flows, Circle, and renewed intervention debate
The drift exploit has also intensified ongoing discussions around centralized intervention in DeFi attacks, particularly when stablecoins like USDC are involved. After the breach, the exploiter converted most stolen assets into USDC and bridged them to Ethereum, with no reported freeze on the funds during those movements.
Industry participants quickly questioned why USDC associated with an active, high-profile exploit was not frozen in real time. Pseudonymous user Molu noted on X that Circle “could freeze it” but currently has no obligation to do so, highlighting the gap between technical capability and regulatory or policy requirements. Molu pointed to proposals such as the GENIUS Act, arguing that, if enacted, such frameworks could impose clearer obligations on stablecoin issuers to intervene under specified conditions.
The episode adds to a series of disputes over Circle’s stance on freezing USDC linked to hacks. Onchain investigator ZachXBT has repeatedly criticized the issuer’s response times and criteria, including in a case tied to a Bybit-related hack in late February. That prior criticism prompted Circle CEO Jeremy Allaire to state that the company prioritizes formal law enforcement requests before freezing funds, emphasizing that its actions are guided by legal process rather than social media pressure or ad hoc demands.
In the drift case, the multi-hour window during which the exploiter bridged and moved USDC without apparent interruption will likely fuel further scrutiny of whether existing practices are sufficient for rapidly evolving cross-chain exploits.
Conclusion
The exploit on drift underscores several converging fault lines in the crypto ecosystem: the security implications of advanced blockchain features like Solana’s durable nonces, the operational risks for DeFi platforms that rely on them, and the unresolved question of when and how centralized stablecoin issuers should intervene during on-chain attacks. As investigations continue and the protocol works with security partners, the incident is poised to influence both technical design choices on Solana and policy debates around USDC and other centralized stablecoins in future exploits.
Disclaimer
The information provided in this article is for informational purposes only and should not be considered financial advice. The article does not offer sufficient information to make investment decisions, nor does it constitute an offer, recommendation, or solicitation to buy or sell any financial instrument. The content is opinion of the author and does not reflect any view or suggestion or any kind of advise from CryptoNewsBytes.com. The author declares he does not hold any of the above mentioned tokens or received any incentive from any company.
Featured image created by AI
