coin-img-ETHETH-4.82%coin-img-BTCBTC-3.49%coin-img-SOLSOL-7.02%coin-img-XAUTXAUT-3.02%coin-img-PAXGPAXG-3.10%coin-img-BASEDBASED-4.36%coin-img-CDDCDD-45.61%coin-img-XRPXRP-5.09%coin-img-ETHETH-4.82%coin-img-BTCBTC-3.49%coin-img-SOLSOL-7.02%coin-img-XAUTXAUT-3.02%coin-img-PAXGPAXG-3.10%coin-img-BASEDBASED-4.36%coin-img-CDDCDD-45.61%coin-img-XRPXRP-5.09%coin-img-ETHETH-4.82%coin-img-BTCBTC-3.49%coin-img-SOLSOL-7.02%coin-img-XAUTXAUT-3.02%coin-img-PAXGPAXG-3.10%coin-img-BASEDBASED-4.36%coin-img-CDDCDD-45.61%coin-img-XRPXRP-5.09%coin-img-ETHETH-4.82%coin-img-BTCBTC-3.49%coin-img-SOLSOL-7.02%coin-img-XAUTXAUT-3.02%coin-img-PAXGPAXG-3.10%coin-img-BASEDBASED-4.36%coin-img-CDDCDD-45.61%coin-img-XRPXRP-5.09%

Drift Protocol exploiter drains $285 million, accumulates 130,262 ETH

The attacker behind the Drift Protocol exploit appears to be aggressively rotating proceeds into Ethereum after draining roughly $285 million from the project's vaults in a targeted operation against its administrative controls. On-chain tracker Lookonchain said the wallet has been buying ETH using USDC, including a recent purchase of 1,195 ETH for 2.46 million USDC. In total, the actor has accumulated 130,262 ETH—valued at about $265 million to $267 million—over the past day. Ether was trading around $2,038 at the time of reporting, down about 4% over the same period, according to CoinGecko. Drift's native token, DRIFT, slid to roughly $0.049, down more than 30% since the breach. Timeline of the incident The situation first drew public attention on April 1, when Helius CEO Mert Mumtaz warned that Drift Protocol "might be getting exploited" and urged users to monitor positions. Shortly after, PeckShield flagged abnormal outflows across more than 15 tokens and estimated initial losses near $270 million. About two hours later, Drift said it had identified an incident and paused all deposits and withdrawals. The team said it was coordinating with security firms, bridges, and exchanges. How the exploit worked In its latest update, Drift said the attacker compromised the human and procedural layer of the Security Council multisig—a 2-of-5 administrative setup governing critical protocol-level permissions. The project said unauthorized access was obtained through a novel durable nonce-based approach on Solana that enabled delayed execution of pre-signed transactions. Preparation began weeks earlier. Drift said durable nonce accounts were created as early as March 23. By securing approval signatures from at least two of the five Security Council members—likely through social engineering or misrepresenting what was being signed—the attacker amassed enough authorization to take over administrative powers. Drift said four durable nonce accounts were created on March 23: two tied to existing Security Council members and two controlled by the attacker. After Drift conducted a planned Security Council migration on March 27, the attacker created another durable nonce account on March 30 linked to a newly appointed multisig member. Execution took place on April 1, shortly after the Drift team completed a legitimate test withdrawal from its insurance fund. The attacker submitted two pre-signed durable nonce transactions four slots apart on Solana. Drift said the first transaction created and approved a malicious admin transfer; the second approved and executed it. With administrative control in hand, the attacker introduced a malicious asset, removed preset withdrawal limits, and drained funds across about 31 transactions in roughly 12 minutes. Drift said affected funds included deposits in borrow-and-lend pools, vault deposits, and assets held for trading. Drift added that the insurance fund was not impacted. It also said DSOL not deposited directly on the platform—including assets staked to the Drift validator—remained unaffected. Market impact Before the exploit, Drift Protocol's total value locked (TVL) exceeded $550 million, ranking it among Solana's largest DeFi applications, per DeFiLlama. TVL previously peaked at $1.3 billion. After the incident, TVL fell to around $247 million. DRIFT, which traded above $0.07 before the breach, dropped to about $0.04, a 42% decline in 24 hours. Market capitalization fell from roughly $41 million to $25 million. Drift said the exploit also rippled into around 11 downstream protocols. Ranger Finance was cited as having an estimated $900,000 exposure. About Drift Protocol Launched in 2021, Drift operates fully on Solana and positions itself as an on-chain alternative to centralized exchanges, emphasizing that users retain control of funds. In September 2024, the company raised $25 million in a Series B round led by Multicoin Capital, with participation from Blockchain Capital, Primitive Ventures, and Folius Ventures. Co-founder Cindy Leow has described the goal as building the "Robinhood of crypto," spanning spot and derivatives trading and a prediction market.
Selectat
ETH
ETH-4.85%
USDC
USDC-0.01%
Notă informativă/atenție: conținutul de mai sus reprezintă doar opinia autorului și nu reflectă poziția BingX. Acesta nu trebuie interpretat drept sfat de investiții din partea BingX. Pentru detalii, consultă Termenii și condițiile.