Drift | Crypto

The $280 million Drift Protocol attack was likely carried out by threat actors aligned with North Korea state-affiliated hackers. The hack of the Solana-based decentralized finance (DeFi) platform Drift Protocol could have been prevented if standard operational security procedures were followed by the Drift team, and may constitute “civil negligence,” according to attorney Ariel Givner. “In plain terms, civil negligence means they failed their basic duty to protect the money they were managing,” Givner said in response to the post-mortem update provided by the Drift team and how it handled Wednesday’s $280 million exploit. The Drift team failed to follow “basic” security procedures, including keeping signing keys on separate, “air-gapped” systems that are never used for developer work, and conducting due diligence on blockchain developers met through industry conferences. Read more

Attackers posed as a trading firm, met Drift contributors in person across multiple countries, deposited $1 million of their own capital, and waited half a year before executing the drain CoinDesk detailed earlier this week.

Drift Protocol initiated onchain contact with wallets tied to the $280 million exploit as an unknown sender also attempts to pressure the attacker. Drift Protocol, a Solana-based decentralized exchange (DEX), said Friday it had opened onchain contact with wallets tied to funds stolen in the exploit that outside firms have estimated at roughly $280 million to $286 million. Drift said on X that it had initiated onchain contact with wallets holding the stolen Ether (ETH), seeking to open a line of communication. The team sent onchain messages from its Ethereum address (0x0934faC) to four wallets linked to the exploiter at the time of publication, urging the attacker to reach out via Blockscan chat. “We are ready to speak,” Drift said. Read more

Drift said a durable nonce attack helped drive its Solana exploit, as critics questioned why stolen USDC moved for hours without a freeze. Drift Protocol, a Solana-based decentralized exchange (DEX), confirmed Thursday it was targeted in a roughly $280 million exploit, describing it as a “highly sophisticated operation.” The platform took to X on to share its findings from a preliminary investigation, saying that the attackers exploited Solana’s durable nonces, a mechanism enabling pre-signed transactions, to seize control and drain funds. The protocol had earlier said it was experiencing an active attack and suspended deposits and withdrawals while coordinating with security firms, bridges and exchanges. The attack began on Wednesday, with the theft involving multiple assets, including Circle’s USDC (USDC) and various altcoins. Onchain data later showed that the exploiter swapped the majority of assets into USDC, with the funds later bridged to Ethereum. Read more