Drift Protocol Suffers Sophisticated Attack, Exploiter Offers 90% Return
Drift Protocol, a Solana-based decentralized exchange, experienced a sophisticated 'Supply Chain Attack' resulting in the theft of over 50% of its Total Value Locked (TVL). The incident involved a highly coordinated multisig takeover, using durable nonce transactions and social engineering to gain administrative control, drain assets, and take over Drift Security Council governance. Security expert Charles Guillemet characterized the incident as a sophisticated 'Supply Chain Attack', with the attack pattern sharing similarities with a previous Bybit exploit attributed to North Korean actors.
The stolen assets included $60.4 million in $USDC, $155.6 million in $JPL, and $11.3 million in $CBBTC, among dozens of other cryptocurrencies. The attacker converted these stolen cryptocurrencies into 129,000 $ETH, then bridged them from Solana to Ethereum via Circle's Cross-Chain Transfer Protocol (CCTP). The exploiter later publicly admitted to the theft, offering to return a portion of the stolen funds while retaining 10% as a bounty for identifying the vulnerability.
While $4.5 million in $DSOL was stolen from Drift Protocol's holdings, the underlying Drift Staked $SOL ($DSOL) token itself remains unimpacted. Sanctum, $DSOL's issuer, confirmed zero exposure for user funds, noting that multisig controls prevent Drift Protocol from controlling $DSOL's TVL or fees. Kamino, which uses a Net Asset Value (NAV) oracle for $DSOL, also stated that market sells do not trigger liquidations for the token. Following the news, the price of $DSOL experienced a 24-hour decline of 5.6%, trading at $93.61.
The $DRIFT token's price decreased by 40.0% over a 24-hour period and by 44.2% over seven days, trading at $0.042036. The attack was reportedly premeditated, following a week of preparation by the exploiter. Drift Protocol maintained a six-day silence before publicly confirming the incident.
Binance Alpha-Approved SIREN Token Plummets Amid Scam Allegations
The $SIREN token plummeted within hours, an event attributed to an alleged insider scam and pump-and-dump cycle. This incident led to increased examination of Binance Alpha's listing approval process, as the platform had previously endorsed the token.
The $SIREN token, an AI agent token operating on the BNB Chain, launched earlier this year and reached price peaks exceeding $3.60. Following its initial ascent, the token experienced a 95% drop from its all-time high following the latest downturn. On Binance Futures, the token saw upward spikes of up to 5.8% and downward movements of over 7% in short periods.
Community reactions noted recurring collapses for Binance Alpha-approved tokens, with sentiment around Binance Alpha dropping to 38% bullish and mindshare increasing by 15%. Allegations from market participants described the event as a "crime season," with some directly accusing "insiders" of orchestrating scams impacting retail investors. The incident prompted questions regarding Binance Alpha's due diligence and vetting procedures for token listings.
Musk Acquires Endless Protocol
Elon Musk has acquired Endless Protocol. Endless Protocol announced the acquisition via its official Twitter account, stating that additional details are expected soon.