Drift Protocol, a Solana-based decentralized exchange, confirmed a $280 million exploit attributed to a highly sophisticated attack exploiting Solana’s durable nonce feature. The attackers used pre-signed transactions to gain unauthorized administrative access, draining assets including USDC and altcoins.
Onchain data revealed the thief converted the majority of stolen funds into USDC, then bridged them to Ethereum over several hours. Despite having ample time to act, Circle did not freeze the funds, drawing sharp criticism from blockchain investigators like ZachXBT.
Durable nonces, designed for offline transaction signing and multisig workflows, are not inherently flawed-but this incident underscores risks when combined with poor access controls. Experts warn such features require heightened safeguards.
Critics argue Circle, as a centralized stablecoin issuer, has both the technical ability and moral obligation to intervene in large-scale thefts. The company maintains it acts only upon law enforcement requests. The debate intensifies as regulatory proposals like the GENIUS Act loom, potentially mandating future freezes.
