Solana-based crypto exchange Drift Protocol was hacked for roughly $280 million yesterday as part of a weeks-long operation that likely used social engineering to compromise multiple multisig signers’ approvals.

On April 1, 7 pm UTC+1 time, Drift announced that there was “unusual activity” on the protocol and that users should avoid depositing funds. It stressed, “This is not an April Fools joke.” 

This followed from X users raising alarms that Drift was being exploited and that it was going to be a substantial one. 

Drift then confirmed that it was under an ongoing attack and that it would need to suspend deposits and withdrawals. Researchers began to speculate that Drift’s private keys were compromised. 

Read more: Liquity accused of ‘market manipulation’ after Circle acquisition April Fools’

Drift has since shared a detailed timeline of what took place and how. 

It said, “This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution.”

It claims the attack was not caused by a bug in Drift’s programs or smart contracts, there was no evidence of compromised seed phrases, and that the attack involved unauthorized transaction approvals before the hack’s execution.

However, it admitted that these approvals were likely facilitated by a social engineering attack against its staff and the manipulation of “durable nonce mechanisms.”

What went down with Drift

Durable nonce mechanisms are a type of blockchain tool that can bypass blockhash signing and facilitate offline translation signing. 

Drift claims that on March 23, four durable nonce accounts were created, two of which were associated with Drift Security Council multisig members and two associated with attacker-controlled accounts.

Read more: Circle rarely freezes stolen funds but wants reversible transactions

Then, on March 27, “Drift executed a planned Security Council migration due to a council member change.”

Three days later, another durable nonce account was created for a member of the updated multisig, giving the attackers “effective access to 2/5 signers in the updated multisig.”

Day of execution 

Drift claims that on April 1, it executed a test withdrawal from the insurance fund. The attacker then, with access to the multisig approvals, executed “a malicious admin transfer within minutes, gaining control of protocol-level permissions.”

Attackers could then, “Use that control to introduce a malicious asset and remove all pre-set withdrawal limits attacking existing funds.”

Drift hasn’t shared any details about how the likely social engineering attack took place. They can sometimes be the result of an attacker donning a false identity, be it over direct message, email, or phone, and tricking someone into giving them access to key privileges. 

Drift’s partner Circle hasn’t frozen funds

The incident has drawn criticism from the crypto investigator ZachXBT, who took issue with the stablecoin firm Circle and its slow efforts to freeze the stolen funds. 

Drift integrated Circle’s Cross-Chain Transfer Protocol (CTTP) in 2023. ZachXBT noted that “Circle was asleep while many millions of USDC was swapped via CCTP from Solana to Ethereum for hours from the 9 figure Drift hack during US hours.”

“6 hours is how long Circle had to freeze stolen funds from the $280M+ Drift hack,” he said.

Other users have taken issue with the classification of the protocol as “decentralized,” after the attack appears to have exploited centralised mechanisms.

Other users were annoyed that Drift only required two out of the five multig approvals to action the transaction. 

Read more: ‘Bad actor’ Circle slammed for letting stolen $3M USDC sit unfrozen

The platform said that it was working alongside security firms, law enforcement, bridges, and exchanges to figure out what happened and freeze the stolen assets. It added that a more detailed report will arrive in the coming days. 

The Chief Technology Officer for Ledger has already speculated that the events of the hack resemble a similar modus operandi “to the Bybit hack last year, widely attributed to DPRK-linked actors.”

Protos has reached out to Drift for comment and will update this piece should we hear anything back. 

Got a tip? Send us an email securely via Protos Leaks. For more informed news and investigations, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.

Key Takeaways:

• Ban Scope: Mining restrictions now cover 10 active regions – including Irkutsk Oblast, parts of Buryatia and Zabaikalsky Krai, six North Caucasus republics, and Russian-occupied Ukrainian territories – with seasonal bans running through 2031.
• Affected Miners: An estimated 50,000 operators face enforcement, with major firm BitRiver among the hardest hit due to its reliance on Irkutsk’s low-cost power infrastructure.
• Energy Context: Power shortfalls in Siberian regions have reached nearly 3,000 MW, with miners blamed for exploiting subsidized electricity at grid-destabilizing scale.
• Escalation Path: Year-round bans in southern Buryatia and Zabaikalsky Krai take effect January 1, 2026, moving beyond seasonal restrictions into permanent operational prohibition.
• What to Watch: A government commission on the electric power sector is expected to convene soon to finalize expanded year-round bans; potential amnesty programs in the North Caucasus could redirect illegal miners toward licensed operations.

French stock exchange Lise is preparing to list aerospace components supplier ST Group in what is expected to be Europe’s first fully on-chain initial public offering, according to a report from CoinDesk. The listing on the Paris-based venue would mark a milestone for tokenized primary markets in the EU, moving an IPO’s trading and settlement entirely onto distributed ledger infrastructure.finance.

Lise, short for Lightning Stock Exchange, was authorized last year under the EU’s Distributed Ledger Technology Pilot Regime, becoming the first institution in Europe approved to operate a fully tokenized equity exchange that fuses trading and settlement on-chain. Headquartered in Paris, Lise counts French financial heavyweights BNP Paribas, CACEIS — a subsidiary of Crédit Agricole — and public investment bank Bpifrance among its backers, underscoring that this is not a fringe experiment but a regulated market infrastructure project.

ST Group produces composite material components for aerospace, defense and space projects, positioning it squarely in Europe’s strategic industrial base. CoinDesk reported that potential project revenues linked to the company’s pipeline are estimated at around €59 million, roughly $68 million at current rates, over the next ten years, giving investors a sense of the growth opportunity Lise aims to channel into its tokenized venue.

By opting for an on-chain IPO rather than a listing on a traditional exchange, ST Group is effectively stress‑testing whether tokenization can offer small and mid-sized issuers a cheaper and more flexible way to tap public equity markets. Lise’s stated mission is to provide a lower-cost, more efficient listing path for SMEs and mid-caps, replacing the lengthy, document-heavy IPO process with a digital workflow where ownership is recorded, transferred and settled on a single ledger.

Under the DLT Pilot Regime, Lise is allowed to combine the functions of a multilateral trading facility and a central securities depository on one blockchain system, enabling near‑instant, atomic settlement and continuous 24/7 trading. Advocates argue that such architectures cut post‑trade risk and administrative overhead by collapsing what is now a multi‑day, multi‑intermediary chain into a single synchronized platform.

The French initiative lands as other venues experiment with tokenized securities. In one crypto.news story, tokenization specialist Securitize secured EU‑wide approval to run a regulated trading and settlement system on Avalanche under the same DLT Pilot framework, while another story covered 21X’s plans for an EU‑regulated tokenized securities market using Chainlink for cross‑chain data and interoperability. A separate crypto.news story detailed how JPMorgan executed a tokenized treasuries transaction using Ondo Finance and Chainlink, illustrating how major banks are testing on-chain rails for traditional assets.

If Lise successfully floats ST Group fully on-chain, it will provide a live case study for whether tokenized exchanges can genuinely lower issuance costs and broaden investor access, or whether regulatory and operational frictions still blunt the promise of blockchain in public equity markets.

Crypto markets are stuck in a holding pattern as geopolitical tensions in the Middle East cloud an otherwise improving macro backdrop, according to crypto asset manager Grayscale.

“The war in Iran overshadowed virtually all other market developments in March,” the Grayscale research team said in a Wednesday report.

Before the conflict escalated, global growth appeared to be strengthening and central banks were leaning toward rate cuts. That outlook has been disrupted by a sharp rise in oil prices, which has fueled inflation concerns and pushed interest rate expectations higher, weighing on risk assets and keeping investors on the sidelines, the report said.

Since the outbreak of the Middle East conflict, crypto markets have been volatile but broadly rangebound, with sharp headline-driven swings tied to oil prices and shifting risk sentiment. Bitcoin BTC$66,865.37 initially dropped into the mid-$60,000s on the first escalation, then rebounded toward the low-$70,000s before slipping back again as the conflict dragged on and macro conditions tightened.

More recently, renewed escalation has pushed bitcoin down roughly 10% from March highs, alongside declines in ether (ETH) and other tokens, as investors pulled back from risk assets. Despite the turbulence, performance has held up better than some traditional markets, with bitcoin roughly flat since the start of the war and even outperforming equities at times, underscoring both its sensitivity to macro shocks and its relative resilience.

For now, Grayscale expects many market participants to wait for greater clarity. If the conflict eases and energy prices retreat, markets could quickly reprice toward a more supportive macro environment. If not, persistently high oil prices may continue to pressure growth and delay a broader recovery.

Even so, crypto has shown notable resilience. Prices have held relatively steady through the volatility, suggesting a more durable bottom may be forming. The research team also pointed to continued inflows into spot crypto investment products and a pickup in futures positioning as signs that risk appetite is stabilizing beneath the surface.

Looking ahead, the report argued that the key catalyst for a sustained rebound will be a reduction in macro uncertainty. But it maintains that the long-term drivers of the asset class, including growing adoption of stablecoins and tokenized assets, remain intact.

The stablecoin market has expanded rapidly in recent years, with total supply rising from about $20 billion in 2020 to more than $300 billion by 2025, and sitting around $315 billion, according to industry data.

The sector added roughly $100 billion in 2025 alone, reflecting renewed growth after a brief contraction, as demand for dollar-pegged digital assets surged across trading, payments and onchain finance.

Periods of heightened uncertainty like the current one have historically presented attractive opportunities for long-term investors positioning for the next phase of growth, the report added.

Read more: Bitcoin holds ground as gold, silver slide on ETF outflows and liquidity strains: JPMorgan

Arkham flagged a 500 Bitcoin outflow from a wallet it attributes to Riot Platforms on Wednesday, in a possible sale the company had not publicly commented on by publication time.

The Bitcoin (BTC) wallet outflow sale comes shortly after Riot posted record 2025 revenue of around $647 million, driven by an increase in Bitcoin mining revenue, and amid other recent Bitcoin disposals by large listed miners.

Last week, MARA Holdings disclosed that it sold about $1.1 billion worth of Bitcoin in March to repurchase convertible debt at a discount, reflecting similar moves by other public miners that have collectively sold over 15,000 BTC in recent months as they balance operational needs and investment plans against a more volatile price and cost backdrop.

The pattern is not uniform. Bitcoin treasury companies, including Metaplanet, are still aggressively adding to their holdings. Nakamoto, meanwhile, disclosed in a recent filing that it sold about 284 Bitcoin for $20 million in March.

On the other hand, onchain tracker Lookonchain, citing Arkham data, reported that wallets it links to Empery Digital, one of the largest listed BTC treasuries, transferred out what it described as “the remaining 1,795 BTC” (about $122.5 million) to Gemini after a series of smaller BTC sales throughout March.

Delisting risk grows for miners

Listing pressures are also in focus for some mining-linked stocks. Cango, which has built out its Bitcoin mining operations, announced Wednesday it received a notice from the New York Stock Exchange after its shares traded below $1 for 30 consecutive trading days, triggering a six-month period to regain compliance with continued-listing standards.

On the same day, Cango also announced a new $65 million capital raising transaction and $10 million convertible note financing. Its share price rose on the news, closing the day at $0.42, 4.6% higher, but was trading at $0.41, 3.59% lower, in premarket Thursday, according to data from Yahoo! Finance, well below NYSE requirements.

Juliet Ye, head of investor relations and communications at Cango, told Cointelegraph that the company would maintain its strategic roadmap despite the notice, and that it had been “proactively implementing cost optimization and efficiency enhancement measures over the past several months,” including divesting obsolete capacity and migrating to lower electricity cost regions.

She added that the recent completion of the two financing transactions, alongside “the adjustment of our treasury strategy,” served as concrete examples of measures to help address both the listing requirements and current market conditions.

Related: Bitcoin mining difficulty falls 7.7% as miner pressure persists

In January, crypto mining hardware maker Canaan Inc. disclosed a similar minimum-bid deficiency notice from Nasdaq after its American depositary shares stayed under the $1 threshold for 30 straight sessions, and it likewise had 180 days to cure the issue. 

Despite share price pressure, Canaan has continued expanding operations. The company’s Bitcoin reserves increased in Q1 2026, despite many peers offloading their holdings. Earlier in March, it also acquired a 49% stake in two Texas-based mining sites, part of its broader strategy to diversify geographically and strengthen US market exposure.

Magazine: Bitcoin may take 7 years to upgrade to post-quantum — BIP-360 co-author