Massive Heist in Solana: All the Details of the Drift Hack
<p class="text-left mb-4 ">Drift Protocol, one of the leading decentralized derivatives platforms in the <a href="https://jrkripto.com/tr/coin/sol" target="_blank" rel="noreferrer" class="text-primary underline">Solana</a> ecosystem, has shared new details following a massive attack worth approximately $280 million. The incident, recorded as one of the largest security breaches in DeFi history, has generated widespread attention in the industry due to its technical structure and subsequent events.</p><p class="text-left mb-4 ">
<figure class="my-6">
<img src="https://minio-api-1.jrkripto.com/blog/ekran-g-r-nt-s-2026-04-02-143025-574b469b.webp" alt="Ekran görüntüsü 2026-04-02 143025.png" width="auto" height="auto" class="w-full rounded-lg border" />
</figure>
</p><p class="text-left mb-4 ">According to Drift's statement, the attack did not stem from a classic smart contract vulnerability or the theft of users' private keys. Instead, it is stated that the attackers, after weeks of preparation, gained prior access to multisig (multi-signature) transactions. This access is believed to have been obtained most likely through social engineering methods or the manipulation of transaction confirmations.</p><h2 class="text-left text-foreground text-3xl font-bold mb-3 mt-1">How did the attack occur?</h2><p class="text-left mb-4 ">The protocol team emphasized that the attack was an "extremely sophisticated" operation. According to the statement, the attackers used a special account structure known as "durable nonce," which allows for the later execution of pre-signed transactions. This allowed specific transactions to be prepared in advance and activated at the appropriate time.</p><p class="text-left mb-4 ">This technique, along with obtaining multisig confirmations in advance, gave the attacker control over Drift's Security Council. Following this critical transfer of authority, the attacker was able to make changes at the protocol level; add a malicious asset and remove withdrawal limits, draining funds from the system. It was reported that many areas of the platform were affected after the attack, including lending, vaults, and transaction accounts. Initial findings indicate that the stolen assets included significant tokens such as SOL, USDC, JLP, cbBTC, and wBTC.</p><h2 class="text-left text-foreground text-3xl font-bold mb-3 mt-1">Emergency measures were implemented</h2><p class="text-left mb-4 ">The Drift team announced that all critical functions on the platform were halted after the attack was detected. Furthermore, the compromised multisig structure was updated, and the vulnerable wallet was removed from the system. The team stated that they are working with bridges, centralized exchanges, and law enforcement to track the stolen $280 million in assets. The goal is to freeze or recover as much of the funds as possible by tracking their movement.</p><p class="text-left mb-4 ">With a total locked value (TVL) exceeding $550 million, Drift Protocol held a significant position on the Solana network, particularly in terms of perpetual transactions. Therefore, the attack directly affected not only the platform but also the overall security perception of the Solana DeFi ecosystem.</p><h2 class="text-left text-foreground text-3xl font-bold mb-3 mt-1">Harsh criticism of Circle</h2><p class="text-left mb-4 ">Following the attack, discussions were not limited to technical details. On-chain researcher ZachXBT harshly criticized stablecoin issuer Circle. According to ZachXBT, approximately $230 million worth of USDC linked to the attack was transferred from Solana to the Ethereum network using Circle's Cross-Chain Transfer Protocol (CCTP) infrastructure. However, it was alleged that Circle did not take action to freeze these funds during this process. ZachXBT criticized the company for not taking any action despite having hours to intervene, suggesting that inconsistent behavior had been observed in similar incidents before. These criticisms reignited discussions about the control mechanisms of centralized stablecoins like USDC. The fact that some wallets were frozen without explanation in the past, but the same reflex was not shown in such large-scale attacks, brought the "selective intervention" debate to the forefront in the sector.</p>
