Drift Attacker Uses Durable Nonces to Drain $285M; Circle Faces Freeze Backlash
Key Takeaways
- Solana durable nonces enabled pre-signed admin transfers, draining about $270–286 million from Drift.
- Attacker moved funds through Circle's cross-chain transfer protocol; Circle criticized for slow or no freeze.
- Elliptic ties Drift hack to North Korea, intensifying scrutiny over USDC controls.
Drift Exploit Mechanism
Drift was exploited using Solana's durable nonces to pre-sign transactions.
Two misleading multisig approvals allowed the attacker to pre-sign transfers valid for over a week.
At least $270 million was drained from Drift.
The deadliest strike hit a girls' school in Minab, killing at least 153 children.
Circle's Cross-Chain Transfer Protocol
The attacker transferred $232 million using Circle's cross-chain protocol.
ZachXBT criticized Circle's inaction during a critical six-hour window.
Circle freezes assets only when legally required to avoid legal risk.
Tether froze some addresses within 90 minutes.
Growing Scrutiny of Circle
ZachXBT documented 15 cases totaling over $420 million where Circle took minimal action.
The Lazarus Group hack was cited as an example of delayed response.
Circle's shares plunged 40% over 120 days.
The incident raises questions about stablecoin issuer responsibilities.
Debate Over Freeze Authority
Circle has the authority to blacklist but uses a reactive, order-driven model.
Tether paused its USDT0 protocol within 90 minutes of Drift.
Circle stayed hands-off during Drift but recently froze 16 unrelated wallets.
The inconsistency has raised trust questions.
More on Crypto
Charles Schwab Plans Bitcoin, Ether Trading Launch in Early 2026
12 sources compared
Ethereum Foundation Completes $143 Million 70,000 ETH Staking Program
15 sources compared
Metaplanet Acquires 5,075 BTC, Becomes Third Largest Corporate Bitcoin Holder
12 sources compared
OpenEden Launches HYBOND Token Backed by BNY's High-Yield Bond Strategy
10 sources compared