Drift Protocol, a Solana-based decentralized exchange (DEX), has initiated onchain contact with wallets tied to a $280 million cryptocurrency exploit.
The protocol sent messages from its Ethereum address (0x0934faC) to four attacker wallets, urging them to reach out via Blockscan chat. "We are ready to speak," Drift stated.
This move follows a similar outreach by an anonymous sender using the ENS name readnow.eth, who demanded 1,000 ETH to withhold attacker identity. Claims were unverified and may have been intended to pressure the attacker.
The hack has affected at least 20 Solana protocols, including Gauntlet, with an estimated impact of $6.4 million. Blockchain security firm Cyvers said the breach was a long-planned operation involving durable nonces - a Solana feature that allows pre-signed transactions.
Industry experts, including Ledger’s Charles Guillemet, speculate the attack may involve North Korea-linked actors, although no confirmation exists.
Cyvers noted: "This closely mirrors the Bybit hack-different technique, same root issue: signers unknowingly approving malicious transactions."
No funds have been recovered 48 hours after the breach, and the investigation continues.