From an on-chain outreach to cross-chain fund movements, this piece analyzes the drift exploit and its governance implications for DeFi.From an on-chain outreach to cross-chain fund movements, this piece analyzes the drift exploit and its governance implications for DeFi.

Drift exploit prompts on-chain outreach to $280M stolen ETH after Solana–Ethereum attack

For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com
drift exploit

In the wake of a major DeFi attack, Drift Protocol has begun direct outreach over the drift exploit as investigators trace funds across multiple blockchains.

Drift targets hacker wallets with on-chain messages

On April 3, Drift Protocol escalated its response to the recent hack by sending on-chain messages to four Ethereum wallets holding the bulk of the stolen assets. According to blockchain data, these addresses together control roughly 129,000 ETH, tied to what has become one of the largest DeFi exploits of 2026.

The exploit drained an estimated $270 million to $285 million from the protocol, severely disrupting trading and liquidity conditions. However, the team now claims to have identified key parties linked to the incident and is publicly urging them to open a dialogue rather than remain silent.

The outreach was made from a known Drift-controlled address, which transmitted a standardized message to each of the four target wallets. Moreover, the move signals that the protocol is willing to explore negotiated resolutions, a path other crypto projects have taken in previous large-scale thefts.

Message calls for communication via Blockscan chat

The content of the message was concise. Drift told the wallet owners it is “ready to speak” and requested that they respond using Blockscan chat, an off-chain communication tool linked to Ethereum addresses. This mirrors prior cases where attacked projects sought to open a communication channel with hackers.

Historically, such efforts have produced mixed outcomes. In some high-profile hacks, dialogue led to partial or even full recovery of assets, sometimes under the label of a “white-hat” arrangement. That said, in other situations, attackers ignored messages and continued moving funds, leaving victims with little hope of restitution.

In this case, security teams and on-chain analytics providers are also examining whether the theft and subsequent transfers show patterns associated with organized cybercrime. However, any potential attribution remains unconfirmed, and the focus for now is on tracking flows and preserving evidence.

How the attack bypassed smart contracts

The drift exploit stands out because it did not rely on a traditional smart contract bug. Instead, it exploited a system-level weakness around Solana durable nonces, a legitimate feature that lets developers prepare and sign transactions in advance for later submission.

The attacker used pre-signed transactions that had been created weeks earlier, then managed to obtain partial control over the protocol’s multisig governance setup. With that influence, they disabled or bypassed several risk controls designed to protect user funds. Consequently, once safeguards were weakened, the hacker could drain capital from multiple vaults in rapid succession.

The entire operation unfolded quickly, resulting in the loss of more than half of Drift Protocol’s total value locked. Moreover, the event underscores how governance design and key management can be as critical as contract code in safeguarding DeFi platforms.

Cross-chain transfers and stolen ETH concentration

After emptying the vaults, the attacker did not leave the assets on Solana. Instead, they used cross-chain infrastructure to move the funds to Ethereum, converting a large share into ETH. On-chain data, highlighted by analytics firms like Arkham, shows approximately 129,000 ETH now distributed across four key wallets.

This pattern fits a broader trend where attackers use cross chain bridged funds to complicate tracking and recovery. However, such moves also create highly visible concentrations of value that can be watched in real time by exchanges, law enforcement, and independent researchers.

Despite active monitoring, there has been criticism from some community members over what they view as a slow operational response. Specifically, users have questioned why certain tokens or positions were not frozen sooner or hedged more aggressively once anomalous governance activity was detected.

Organized crime suspicions and ongoing investigation

Several industry observers have speculated about possible links between the attacker and known cybercrime organizations, especially given the sophistication of the governance take-over and transaction planning. That said, public statements from Drift and external security teams emphasize that there is no definitive attribution yet.

Law enforcement and private incident response groups are reportedly coordinating to follow the blockchain on chain message trail and the flows of the stolen ETH. Moreover, investigators are examining historical activity on the impacted wallets to see whether older transactions connect to previously flagged entities.

For now, Drift has committed to releasing more information once third-party audits and forensic reviews are complete. The protocol’s social channels, including its official X account, have been used to aggregate updates and reference key on-chain transactions for the community.

Impact on Drift, DRIFT token, and DeFi liquidity

The fallout extends beyond the protocol’s immediate losses. Recent data indicates that nearly 20 interconnected DeFi projects suffered knock-on effects from the incident. Some protocols temporarily paused services or restricted certain operations to prevent potential contagion and manage defi liquidity impact.

The native DRIFT token reacted sharply, posting a steep decline as news of the exploit and governance compromise spread. Market confidence in leverage and derivatives products on Solana also took a hit, reflecting broader risk reassessments by professional and retail traders alike.

However, it is important to note that Solana’s base layer continues to function normally. The breach occurred at the application and governance level, not due to a consensus or protocol failure. This distinction matters for long-term ecosystem perception and for investors evaluating smart contract risk.

Lessons for governance and security design

The attack highlights how even well-reviewed code can be undermined by weaknesses in governance structures, key sharing, and operational processes. In this case, the partial multisig governance compromise enabled the attacker to weaponize previously signed transactions and legitimate protocol features.

Security experts argue that more robust key rotation policies, tighter access controls, and real-time monitoring of governance actions could have limited the damage. Moreover, clearer incident playbooks and automated circuit breakers might help protocols react faster when abnormal changes in permissions or vault behavior occur.

As the investigation into the Drift Protocol exploit continues, the case is likely to become a reference point for risk frameworks and security reviews across DeFi. In summary, the incident underlines that code audits alone are not enough; resilient governance, key management, and cross-chain monitoring are essential to prevent similar large-scale losses.

Market Opportunity
Drift Protocol Logo
Drift Protocol Price(DRIFT)
$0.01338
$0.01338$0.01338
+1.59%
USD
Drift Protocol (DRIFT) Live Price Chart

World Cup Combo: Aim for 200x

World Cup Combo: Aim for 200xWorld Cup Combo: Aim for 200x

Combine up to 20 World Cup matches in one order

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

The changing face of elder care in Malaysia — Sayed Mohammad Reza Yamani Sayed Umar

The changing face of elder care in Malaysia — Sayed Mohammad Reza Yamani Sayed Umar

JULY 10 — An elderly society is becoming increasingly prevalent in Malaysia at present. It is projected that the p...
Share
Malaymail2026/07/10 15:24
One Of Frank Sinatra’s Most Famous Albums Is Back In The Spotlight

One Of Frank Sinatra’s Most Famous Albums Is Back In The Spotlight

The post One Of Frank Sinatra’s Most Famous Albums Is Back In The Spotlight appeared on BitcoinEthereumNews.com. Frank Sinatra’s The World We Knew returns to the Jazz Albums and Traditional Jazz Albums charts, showing continued demand for his timeless music. Frank Sinatra performs on his TV special Frank Sinatra: A Man and his Music Bettmann Archive These days on the Billboard charts, Frank Sinatra’s music can always be found on the jazz-specific rankings. While the art he created when he was still working was pop at the time, and later classified as traditional pop, there is no such list for the latter format in America, and so his throwback projects and cuts appear on jazz lists instead. It’s on those charts where Sinatra rebounds this week, and one of his popular projects returns not to one, but two tallies at the same time, helping him increase the total amount of real estate he owns at the moment. Frank Sinatra’s The World We Knew Returns Sinatra’s The World We Knew is a top performer again, if only on the jazz lists. That set rebounds to No. 15 on the Traditional Jazz Albums chart and comes in at No. 20 on the all-encompassing Jazz Albums ranking after not appearing on either roster just last frame. The World We Knew’s All-Time Highs The World We Knew returns close to its all-time peak on both of those rosters. Sinatra’s classic has peaked at No. 11 on the Traditional Jazz Albums chart, just missing out on becoming another top 10 for the crooner. The set climbed all the way to No. 15 on the Jazz Albums tally and has now spent just under two months on the rosters. Frank Sinatra’s Album With Classic Hits Sinatra released The World We Knew in the summer of 1967. The title track, which on the album is actually known as “The World We Knew (Over and…
Share
BitcoinEthereumNews2025/09/18 00:02
Not a loophole: Singapore AI export controls let China tap US AI legally

Not a loophole: Singapore AI export controls let China tap US AI legally

American AI technology is reaching Chinese tech giants through a route that US export controls were never designed to close: Singapore. The city-state sits outside
Share
The Cryptonomist2026/07/10 14:46

Activate to Enjoy Special Perks

Activate to Enjoy Special PerksActivate to Enjoy Special Perks

Access 0 fees, premium support, and loss coverage.