ZachXBT called the circuit “dormant” as USDC stolen from Solana flowed into Ethereum during the Drift Protocol exploit window that lasted several hours.
Blockchain investigator ZachXBT has once again criticized Circle and its CEO, Jeremy Allaire, following alleged inaction during a $280 million exploit linked to Drift Protocol.
He described the entire fiasco as a critical delay in response as funds were actively moved across the chains.
Circle under fire
In a post on X, ZachXBT He said The source of the stablecoin was “dormant” as millions of USDC were moved from Solana to Ethereum during the exploit. In a separate update, it was found that the transfers were made across nearly 100 transactions. “The value was transferred and nothing was done,” he added. He also pointed to a recent incident involving the freezing of more than 16 business portfolios Named Circle’s treatment was “incompetent” while the company and Allaire were described as “bad actors in the industry”.
These claims have been made by several market commentators It has been discussed Whether quicker action could have limited the movement of funds during the exploitation window, especially with large amounts being reported transfer For several hours without interruption.
Meanwhile, Drift Protocol revealed that the incident was caused by a highly sophisticated, coordinated attack and not due to a flaw in its smart contracts. According to the team, a fraudulent actor gained unauthorized access through a “novel attack involving non-permanent numbers,” enabling pre-signed transactions to subsequently be executed.
This allowed the attacker to effectively bypass real-time detection and quickly take control of administrative permissions associated with the protocol’s security council. Drift confirmed that the exploit was not caused by compromised seed phrases or code vulnerabilities, but instead involved unauthorized or distorted consents, likely obtained through social engineering. The attacker obtained the required approvals 2 of 5 multisig and executed a malicious administrative transfer within minutes. Then they introduced detrimental assets and removed withdrawal limits.
Drift Timeline Hack
Timeline shared by Drift open The basis for the attack began as early as March 23 through the creation of non-permanent accounts linked to both legitimate multisig members and wallets controlled by the attacker. Additional preparations continued through a multisig migration on March 27 and other informal activity on March 30, leading up to the execution phase on April 1, when pre-signed transactions were run shortly after a legitimate test transaction.
You may also like:
In response, Drift froze the protocol’s remaining functionality, removed the compromised wallet from multisig, and began coordinating with security firms, exchanges, and law enforcement to trace and possibly recover the stolen assets.
Free Binance $600 (CryptoPotato Exclusive): Use this link To register a new account and get an exclusive welcome offer of $600 on Binance (Full details).
Limited offer for Bybit’s CryptoPotato readers: Use this link To register and open a free position worth $500 on any currency!
