Drift protocol (DRIFT)

Kinda crazy to see 50% of TVL just wiped out in 2 days https://t.co/S0sq5HDmqp https://t.co/CRg1mfm56r

Call me dummy cuz im not technical But drift protocol had huge red flags if people could see it Imo if people knew anything about the security layer of this protocol, they could minimize their loss before the attack 😢 Drift protocol: - running 2/5 multisig - ZERO timelock - durable nonces Industry standard for $500 mil+ tvl: - min 3/5 or 4/7 multisig - Mandatory 24-28 hrs on all admin actions - separation of powers ( different keys for different functions) Why? 😭

Just yesterday the Drift protocol was hacked. The loss is estimated at over 400 billion KRW, which accounts for more than half of Drift's TVL. The root cause of the hack, loosely put, is the biggest hacking incident in crypto history—the Bybit hack—and the recent Resolve hack. An admin‑privileged multi‑sig account was stolen through social engineering, and the attack leveraged Solana’s unique Durable Nonce mechanism. In simple terms, the hacker fooled the Drift administrators by signing as if it were a normal transaction, gathered those signatures, and when they judged everything was ready, detonated them all at once. In fact, when I saw this series of events, a photo came to mind: workers building skyscrapers in New York during the 1920s–30s. Modern people can’t help but be shocked by the image—workers sitting on steel beams eating lunch, smoking, even taking naps, all without any basic safety measures. Yet for them it was normal. Everyone worked that way, safety rules and equipment didn’t exist, and if they did, they were just cumbersome demands from outsiders. I think today’s crypto scene isn’t that different from that picture. We are constructing skyscrapers that embody cutting‑edge science, yet the workers seem to operate without proper safety gear; the crypto industry is growing daily and now sits at a historic turning point with governments and institutions entering. Still, we rely on worn‑out, outdated safety mechanisms, holding assets worth hundreds of billions to trillions as collateral. The hack is described as a sophisticated attack using social engineering and Durable Nonce, but in reality it could have been prevented with very simple safety measures. For example, even if the admin transaction is approved via multi‑sig, without a final execution check …

i can't stop thinking about the drift protocol hack. not because of the $280m. we've seen big numbers before. i can't stop thinking about how it happened. and what it says about everything we're building. on april 1st, while people were posting jokes, an attacker drained $280 million from drift protocol in minutes. the team had to literally tweet "this is not an april fools joke." but this didn't start on april 1st. it started on march 23rd. that's when the attacker created four durable nonce accounts. two tied to drift's own security council multisig members. two controlled by the attacker. quietly. no alarms. no flags. on march 27th, drift migrated their security council due to a routine member change. by march 30th, the attacker had already compromised a signer on the new multisig too. then on april 1st, they executed. a test transaction first. then one minute later, two pre-signed transactions fired four slots apart. admin takeover. withdrawal limits removed. a malicious asset introduced. every vau

🚨 Massive hack shakes the DeFi ecosystem on Solana: 💸 Protocol @DriftProtocol suffers a breach valued over $220 million 📉 The token crashes 30% in minutes 🔴 Largest DeFi hack on @solana since the Wormhole breach https://t.co/k61ZnALozl

1/10 We've been investigating the @DriftProtocol exploit ($285M) since April 1. We can confirm along with TRM Labs and Elliptic that North Korea's Lazarus Group (TraderTraitor). Same unit behind Bybit ($1.5B), Ronin ($625M). Was involved. Here's what our independent on-chain forensics uncovered that hasn't been published.

The exploit that occurred on @DriftProtocol yesterday became one of the biggest incidents of 2026. Compared to that, the loss value from the exploit even surpasses the combined total of all hacking incidents that have occurred this year. Below is the hacking timeline for the entire year of 2026.