Security Council Powers Seized: Drift’s $280 Million Loss

The Drift Protocol Faces $280 Million Loss in Cyberattack

The Drift Protocol suffered a significant financial blow, losing over $280 million as a result of a sophisticated cyberattack that saw hackers gain control of its Security Council administrative powers.

The attack was meticulously planned, with the threat actor leveraging durable nonce accounts and pre-signed transactions to strategically delay execution and strike with precision at a predetermined time, as explained by the platform.

It is important to note that the hacker did not exploit any vulnerabilities within Drift’s programs or smart contracts, and there has been no compromise of seed phrases.

Drift Protocol operates as a decentralized finance (DeFi) trading platform on the Solana blockchain, offering users a non-custodial exchange where they have complete control over their funds while engaging with on-chain markets.

By the end of 2024, the platform boasted a user base of 200,000 traders, facilitating total trading volumes exceeding $55 billion with a daily peak of $13 million.

According to a report by Drift, the cyber heist was meticulously planned between March 23 and 30, with the attacker establishing durable nonce accounts and obtaining 2/5 multisig approvals from Security Council members to meet the necessary threshold.

This granted them the ability to pre-sign malicious transactions that were not immediately executed.

On April 1st, the attacker carried out a legitimate transaction before promptly executing the pre-signed malicious transactions, effectively transferring administrative control to themselves within minutes.

With control secured, the hacker introduced a malicious asset, removed withdrawal limits, and ultimately siphoned off funds from the platform.

Estimates from Drift Protocol place the losses at approximately $280 million, while blockchain tracking entity PeckShieldAlert calculates the figure to be $285 million.

Upon detecting unusual activity on the platform, Drift issued a public warning to users, announcing an ongoing investigation and advising against depositing any funds until further notice.

In the aftermath of the attack, borrow/lend deposits, vault deposits, and trading funds have been impacted, leading to a freeze on all protocol functions. However, Drift assured users that DSOL remains unaffected, and the assets in the insurance fund are secure.

The platform is currently collaborating with security firms, cryptocurrency exchanges, and law enforcement agencies to track and freeze the stolen funds.

Drift has committed to releasing a comprehensive post-mortem report in the near future.

Automated pentesting confirms vulnerabilities, while BAS determines the effectiveness of your security controls. Many teams overlook one while focusing on the other.

This whitepaper delineates six validation surfaces, identifies coverage limitations, and equips practitioners with three key questions for evaluating any security tool.

Obtain Your Copy Today