Nation-state actors are now deploying fully constructed professional identities and depositing $1 million in capital to build institutional trust before attacking.
βIt was a long-term, at least six-month intelligence operation... it involved in-person crypto professionals interacting with the Drift team, building their confidence.β
Attackers utilized Solana's 'durable nonces' to secure signatures weeks in advance, creating a dormant transaction ready to execute the moment they finished their social engineering.
βThey created this little Potemkin village... they had verifiable professional backgrounds, and were familiar with how Drift operated.β
The industryβs reliance on 'booth babes' and temporary conference staff represents a critical, overlooked physical attack vector for sophisticated intelligence agencies.
βThey were able to essentially get those signatures weeks in advance of the actual attack... using durable nonces, something of Solana.β
Circleβs decision not to freeze stolen USDC during a six-hour bridging window exposes the friction between regulatory compliance and emergency security response.
βWho are you allowing access to prospective customers at a conference? Who are you allowing to be in your booth representing your space?β
