Drift wants to meet the hacker after the $280M exploit

Solana-based decentralized exchange (DEX) Drift Protocol said on Friday that foreign companies estimated that onchain connections tied to stolen funds were worth between $280 million and $286 million.

Drift claims to have started onchain communication with wallets holding the stolen Ether (ETH) in an attempt to open a line of communication on X.

The team sent onchain messages from the Ethereum address (0x0934faC) to four wallets at the time of publication, requesting access to the attacker via Blockscan chat. “We're ready to talk,” Drift said.

Onchain messaging has become a common method for exploiting the response, allowing protocols to communicate directly with attackers while maintaining anonymity. In previous cases, such as the Euler financial hack, the same service led to the partial recovery of funds.

An anonymous sender tries to install the attacker.

The Drift connection comes hours after an unknown sender found wallets linked to the attacker in an onchain message on Thursday with the name ENS readnow.eth.

The sender claimed to know the identity of the person behind the attack and demanded a payment of 1,000 ETH to avoid data capture.

Claims cannot be independently verified and may represent an attempt to mislead or impose a wallet charge. The incident shows how unauthenticated messages can be chained after crypto exploitation alongside official communications.

Solana's fall continues to spread

According to SolanaFloor, the Drift exploit has so far affected at least 20 Solana protocols, including decentralized finance (DeFi) platform Gauntlet, with an estimated $6.4 million in scale.

As of Friday morning, the impact was still spreading, blockchain security platform Syvers said, with no funds recovered 48 hours after the attack.

Syvers said the attack could have been a “weeks-long and coordinated operation,” noting that the attacker developed durable nonces, a Solana feature that allows users to pre-sign transactions for future executions, days before the exploit.

Related: Crypto Hackers Steal $169M from 34 DeFi Protocols in Q1: Defillama

“This Bybit hack, a different technique, closely mirrors the same root problem: signers unwittingly approve malicious transactions,” Syvers added.

Some industry observers, including Ledger's chief technology officer Charles Guillemette, have suggested the exploit may involve actors linked to North Korea, although the details have not been confirmed.

Magazine: No one knows if quantum secure encryption even works

Cointelegraph is committed to independent and transparent journalism. This news article is prepared in accordance with Cointelegraph's Editorial Policy and aims to provide accurate and up-to-date information. Readers are encouraged to verify information independently. Read our editorial policy