Drift Protocol, a decentralized exchange (DEX) on the Solana blockchain, has begun onchain outreach to wallets associated with a $280 million exploit. The protocol, which operates on the Solana network, announced on X that it had sent messages from its Ethereum address (0x0934faC) to four wallets believed to hold stolen Ether (ETH). The messages, delivered via onchain channels, aim to establish communication with the attacker and encourage dialogue through Blockscan chat. “We are ready to speak,” Drift stated, highlighting the use of onchain messaging as a standard practice in responding to exploits. This tactic allows protocols to engage with attackers while maintaining anonymity. Similar approaches in past incidents, such as the Euler Finance hack, have occasionally led to partial fund recoveries. The outreach by Drift followed a separate onchain message from an unidentified sender using the ENS name readnow.eth. This sender claimed to possess knowledge of the attacker’s identity and demanded 1,000 ETH in exchange for withholding information. However, the authenticity of these claims remains unverified, and the message could be an attempt to mislead or pressure the wallet holder. The incident illustrates how unverified communications can proliferate onchain in the aftermath of crypto exploits, alongside official efforts. According to SolanaFloor, the exploit has impacted at least 20 Solana protocols, including the DeFi platform Gauntlet, which reportedly faced losses of approximately $6.4 million. Blockchain security firm Cyvers noted that the attack’s impact continued to unfold as of Friday morning, with no funds recovered 48 hours after the breach. Cyvers described the attack as a “weeks-long, staged operation,” citing the use of durable nonces—a Solana feature enabling pre-signed transactions for future execution—as evidence of premeditation. The attack’s methodology has drawn comparisons to the Bybit hack, with Cyvers observing that both incidents involved signers unknowingly approving malicious transactions, albeit through different techniques. Some industry experts, including Ledger’s chief technology officer Charles Guillemet, have speculated that the exploit may involve actors linked to North Korea, though these claims remain unconfirmed. The ongoing situation highlights the challenges of securing decentralized systems and the potential for coordinated, sophisticated attacks to destabilize multiple protocols simultaneously.
Sign up free to read the full analysis
Create a free account to unlock full AI-curated market articles, personalized alerts, and more.