A high-profile $285 million exploit of Solana derivatives platform Drift has put Circle—and the limits of stablecoin issuer power—squarely back in the spotlight.
What happened
- On April 1, 2026, Drift, a Solana-based decentralized perpetuals exchange, was attacked. Security firm PeckShield first flagged the incident; analytics firm Arkham says attackers used a manipulated oracle and a compromised admin key to drain Drift’s main vault in roughly 12 minutes.
- The fallout was rapid: Drift’s total value locked fell from about $550 million to under $300 million within an hour, the DRIFT token plunged more than 40%, and over ten other Solana projects reported disruption.
How the funds moved
- After the exploit, most stolen assets were converted to USDC. The attacker then used Circle’s Cross-Chain Transfer Protocol (CCTP) to bridge roughly $232 million from Solana to Ethereum in more than 100 transactions spanning six consecutive hours—crucially, during U.S. business hours.
ZachXBT’s charge
- Prominent blockchain investigator ZachXBT publicly called out Circle for not freezing the stolen USDC as it transited Circle’s own bridge, posting that “Circle was asleep while many millions of USDC were swapped via CCTP from Solana to Ethereum for hours.”
- His critique is amplified by recent precedent: on March 23, Circle froze USDC in 16 unrelated business hot wallets (including one tied to the DFINITY Foundation) as part of a sealed U.S. civil case. ZachXBT labeled that action “potentially the single most incompetent” he’d seen in five years of investigations—heightening scrutiny over why Circle acted in one instance but not the other.
Responses and debate
- Circle defended its approach: “Circle is a regulated company that complies with sanctions, law enforcement orders, and court-mandated requirements. We freeze assets when legally required, consistent with the rule of law and with strong protections for user rights and privacy.”
- The episode has generated debate across the community. Security researcher Specter noted the attacker notably avoided converting to Tether’s USDT—suggesting confidence that Circle would not intervene. Legal voices warn of trade-offs: Salman Banei, general counsel at Plume, says freezing assets without clear authorization could expose issuers to legal liability. Ben Levit, CEO of stablecoin ratings agency Bluechip, called the situation “a gray area,” pointing out this was an oracle exploit rather than a straightforward theft.
- Blockchain analytics firm Elliptic added another layer, reporting multiple indicators that North Korean-linked actors may be behind the Drift attack.
Why it matters
- Crypto hack losses had moderated in the months before this incident; the $285 million drain is a stark reversal. Beyond the immediate financial damage, the affair spotlights unresolved questions about centralized controls in decentralized ecosystems: when should stablecoin issuers exercise freeze authority, how quickly, and under what legal standard?
- The answers could shape forthcoming regulatory guidance and industry norms around issuer accountability, cross-chain bridges, and the limits of custodial intervention.
Bottom line: the Drift exploit is not just a major security event—it’s reopened a contentious debate about who gets to pull the levers when stolen crypto moves through centralized infrastructure, and what safeguards (legal and technical) should govern those choices.
Read more AI-generated news on: undefined/news
