Solana Community "A Difficult Day": What Should We Reflect on After the Drift Attack?

TVL Halved, Funds Rapidly Exiting

After the April 1 attack, Drift Protocol's TVL plummeted from $550 million to $255 million, with funds accelerating their withdrawal from the Solana ecosystem.

Several security and on-chain analysis firms estimate the loss at approximately $285 million. The attacker subsequently converted over $270 million of stolen assets into USDC, bridging to Ethereum to purchase ETH.

Ultimately, about 129,000 ETH (worth approximately $278 million) were dispersed across four Ethereum addresses. The choice of ETH as the final asset makes sense: Ethereum has the highest liquidity, facilitating quick liquidation; consolidating various stolen tokens into a single asset cuts off the original funds' on-chain traceability.

Circle Under Heavy Criticism

On-chain detective ZachXBT issued strong criticism of Circle. He pointed out that during the US trading hours when Drift was hacked, USDC worth hundreds of thousands of dollars was bridged from Solana to Ethereum via cross-chain protocols, a process that "took hours with no intervention," and the related funds had been fully transferred while Circle "took no action again."

ZachXBT also noted that Circle had mistakenly frozen over 16 hot wallets, with the unfreezing process still ongoing. He named Circle CEO Jeremy Allaire, stating that Circle's performance has negatively impacted the entire crypto industry.

This controversy touches on the fundamental issue of what proactive intervention responsibilities stablecoin issuers should bear during DeFi security incidents. USDC on Ethereum has indeed been frozen by Circle, but the proportion of total stolen funds is very low, with most assets already transferred.

Drift Official Response

The project team stated that the attack was caused by multiple factors, including delayed execution of pre-signed transactions and the compromise of multi-signature approvals, possibly related to targeted social engineering or transaction misdirection. They are currently working with several security agencies to investigate the cause and collaborating with cross-chain bridges, exchanges, and law enforcement to trace and freeze related funds. A detailed post-mortem report will be released later.

Jupiter Expresses Concern

Jupiter posted on X that the company was not affected by the Drift-related attack. Jupiter clarified that its lending product Jupiter Lend did not interact with the Drift market, and JLP is fully backed by underlying assets. Jupiter described this as "a tough day for Solana DeFi" and expressed concern for the Drift team and all affected parties.

Investor Panic Spreads

Due to the involvement of multiple assets in the Solana ecosystem, tokens like SOL and JUP experienced varying degrees of sharp declines.

Drift had previously raised over $52 million, with top-tier VCs including Multicoin Capital and Polychain among investors. Even such a prestigious lineup of institutions could not prevent security vulnerabilities, which will undoubtedly shake investor confidence in the Solana ecosystem.

Industry Reflection: The "Lego Block" Risks of DeFi

DeFi's modular structure has long been considered its greatest advantage, but now this strength has turned into a domino effect of disadvantages. A protocol's vulnerability can spread throughout the ecosystem via asset pools, nested liquidity pools, and other interconnected components.

While the Solana ecosystem has made significant progress over the past year, this incident shows that no matter how excellent the blockchain performance, the human element in governance remains the biggest variable.

Follow-up Developments to Watch

· The detailed post-mortem report promised by Drift is expected to reveal more attack details
· Progress in fund recovery, involving collaboration with cross-chain bridges, exchanges, and law enforcement
· Responsibility issues of stablecoin issuers like Circle in security incidents
· Whether other protocols in the Solana ecosystem will experience a chain reaction

In Conclusion

Since its inception, security has been the Damocles sword hanging over DeFi. Every major attack prompts reflection, yet vulnerabilities continue to persist.

The Drift attack once again reminds us: code can be audited, but people cannot.

For ordinary users, diversifying assets, using hardware wallets, and promptly revoking permissions for unused protocols are fundamental practices to protect oneself in this high-risk space.

#DriftProtocol遭駭客攻擊