Drift Hack Update: Team Sends On-Chain Messages to Four ETH Wallets

TLDR

• Drift sent on-chain messages to four Ethereum wallets tied to stolen funds.
• The messages were sent from wallet 0x0934faC45f2883dd5906d09aCfFdb5D18aAdC105.
• Drift said parties linked to the exploit have been identified.
• The protocol said the attack involved durable nonce transactions.
• Drift is working with security firms, exchanges, and law enforcement.

Drift Protocol said it has sent on-chain messages to four Ethereum wallets that it says are holding funds linked to its recent exploit, as the platform continues its response to the incident. In a public update, the team said critical information related to parties connected to the exploit had been identified and that it was ready to communicate through Blockscan chat. The message was sent from wallet address 0x0934faC45f2883dd5906d09aCfFdb5D18aAdC105.

The four wallet addresses listed by Drift were 0xAa843eD65C1f061F111B5289169731351c5e57C1, 0xD3FEEd5DA83D8e8c449d6CB96ff1eb06ED1cF6C7, 0xbDdAE987FEe930910fCC5aa403D5688fB440561B, and 0x0FE3b6908318B1F630daa5B31B49a15fC5F6B674. Drift also published timestamps for each message sent on April 3, 2026, between 05:17:23 AM UTC and 05:25:11 AM UTC. The team said more updates would be shared after third-party attribution work is completed.

The latest statement came after Drift disclosed that a malicious actor had gained unauthorized access to the protocol through what it described as a novel attack involving durable nonces. According to the company, the exploit allowed a rapid takeover of Drift’s Security Council administrative powers. Drift said the operation appeared to involve multi-week preparation and staged execution.

Drift Details Attack Method and Security Breakdown

In earlier updates, Drift said the breach was enabled by pre-signed durable nonce transactions that allowed delayed execution. The company also said the incident involved the compromise of approvals from multiple multisig signers, likely through targeted social engineering or transaction misrepresentation. Drift has not said that the exploit was caused by a direct smart contract code failure.

The protocol had first warned users on April 1 that it was observing unusual activity and advised them not to deposit funds while the matter was being investigated. In follow-up posts on April 2, the company provided more detail about how the attacker appears to have gained control over administrative permissions. Drift said the use of durable nonce accounts enabled pre-signed transactions to remain inactive until execution at a later time.

The attack drew broad attention across the crypto market because it appeared to combine governance access, delayed transaction execution, and compromised signer approvals. Public commentary around the incident focused on the risks tied to multisig administration and the possibility that signers approved transactions they did not fully understand. Drift itself described the operation as sophisticated and said the attacker appeared to have planned the exploit over several weeks.

Investigation Expands Across Firms and Platforms

Drift said it is coordinating with multiple security firms to determine the cause of the incident and trace the movement of assets. The team also said it is working with bridges, exchanges, and law enforcement to freeze stolen funds where possible. It asked anyone with relevant information to contact [email protected] as the investigation continues.

The protocol has not yet released its full postmortem, but said a more detailed report will follow in the coming days as additional information becomes available. The public outreach to the four Ethereum wallets marks a new phase in the response, indicating that the team is now attempting direct contact with holders of wallets believed to contain stolen assets.

On-chain messages have increasingly been used in crypto investigations when teams seek to open communication with wallet holders without relying on offchain contact details. In this case, Drift said it was prepared to speak and invited the recipients to respond through Blockscan chat. The decision to publish the wallet addresses and timestamps also added a public record to that outreach.

The post Drift Hack Update: Team Sends On-Chain Messages to Four ETH Wallets appeared first on CoinCentral.