Drift Protocol Hit by Sophisticated Attack; $280M Withdrawn, No Signs of Mnemonic Compromise

Drift Protocol said on April 2 that it has identified a sophisticated attack lasting more than a week, in which a malicious actor used durable nonces and pre-signed transactions to delay execution and ultimately seize administrative privileges of Drift's Security Council. The protocol said early findings show no vulnerability in Drift's program or smart contracts and no evidence that any mnemonic phrases were stolen. Investigators believe the attacker gained permissions via unauthorized or forged transaction approvals, potentially involving social engineering. Roughly $280 million in protocol funds were withdrawn. The incident affected lending, vault deposits, and trading funds. Drift said DSOL—assets not deposited into Drift, including assets staked with Drift validators—was not impacted. Insurance fund assets were also not affected and are being actively withdrawn as a protective measure. As a precaution, Drift has frozen all remaining protocol functions and updated its multisig to remove compromised wallets.