Blockchain investigator ZachXBT has strongly criticized Circle and its Chief Executive Officer Jeremy Allaire over what he described as a lack of response during the 280 million dollar exploit involving Drift Protocol.
He characterized the situation as a serious delay, noting that stolen funds were actively moved across multiple blockchain networks during the incident.
Circle Faces Criticism
In a post on X, ZachXBT claimed that Circle failed to act while millions of USD Coin were transferred from Solana to Ethereum during the exploit. He later revealed that the transfers occurred through approximately 100 transactions and stated that significant value was moved without any intervention.
He also referenced a recent case where more than 16 business wallets were frozen, describing Circle’s response as incompetent and accusing both the company and its CEO of harming the industry.
The criticism came as market observers debated whether quicker action could have reduced the scale of fund movement, especially since large volumes were reportedly transferred over several hours without disruption.
Meanwhile, Drift Protocol explained that the breach resulted from a highly coordinated and advanced attack rather than a weakness in its smart contracts. The team reported that the attacker gained unauthorized access through a new method involving durable nonces, which allowed previously signed transactions to be executed at a later time.
This approach enabled the attacker to avoid real time detection and quickly take control of administrative permissions linked to the protocol’s Security Council. Drift clarified that the incident did not involve compromised seed phrases or coding flaws. Instead, it stemmed from unauthorized or misleading approvals, likely obtained through social engineering tactics. The attacker secured the required two out of five multisignature approvals and carried out a malicious administrative transfer within minutes, later introducing a harmful asset and removing withdrawal limits.
Timeline of the Drift Exploit
According to Drift, the attack began as early as March 23 when durable nonce accounts were created and linked to both legitimate multisignature members and wallets controlled by the attacker. Additional preparations took place during a multisignature migration on March 27 and further nonce activity on March 30.
The final phase occurred on April 1, when the attacker triggered pre signed transactions shortly after a legitimate test transaction, allowing the exploit to unfold.
In response, Drift Protocol suspended remaining platform functions, removed the compromised wallet from its multisignature setup, and began working with security firms, exchanges, and law enforcement agencies to trace and potentially recover the stolen funds.#crypto#cryptonews https://coinsignals.net https://t.me/coinsignalpublic
