RUMA Logo
RUMA
SubscribeOpen App
BTC--0%ETH--0%XRP--0%SOL--0%DOGE--0%BNB--0%

Drift Protocol Hacked $285M

Drift Protocol, Solana, North Korea
Drift Protocol Hacked $285M

Key Takeaways

  • Drift Protocol suffers $285M exploit via six-month social engineering campaign, attributed to North Korean actors.
  • Breach bypassed smart contract audits, exploiting human element with fake TestFlight app and Solana's durable nonces.
  • $DRIFT token plunges, liquidity dries up, as $270M drained in under an hour.

Drift Protocol Suffers Exploit

Drift Protocol, the largest decentralized exchange on the Solana blockchain, suffered a significant exploit. The breach unfolded rapidly. Drift Protocol specializes in perpetual futures, spot trading, and lending/borrowing services.

Social Engineering Campaign

The exploit did not stem from a smart contract vulnerability, as Drift Protocol's code had undergone two independent audits. Instead, the breach resulted from a social engineering campaign targeting the platform's multisig signers, bypassing technical code flaws to exploit human elements and operational security. This method aligns with tactics observed in previous state-sponsored cyberattacks, where long-term deception is used to compromise high-value targets.

The campaign reportedly spanned six months. Attackers posed as a legitimate trading firm, building trust with Drift team members through real-world interactions, including conference meetings. They reinforced their facade by making a deposit of over $1 million to the protocol. This sustained trust-building allowed attackers to distribute a malicious software package, disguised as a legitimate repository or a fake TestFlight wallet application, which a Drift Protocol contributor reportedly downloaded. Once installed, the malicious software compromised the contributor's device or credentials, providing the attackers access to execute unauthorized transactions.

The transactions were executed via Solana's durable nonces, a feature allowing pre-signed approvals to be used for transactions, bypassing real-time authorization checks once initial approval is compromised. Following the incident, Solana co-founder Anatoly Yakovenko recommended enhanced security protocols for high-stakes crypto operations, specifically a dedicated MacBook for signing operations, factory reset between uses, and a separate device for general communication. This recommendation emerged from Drift's post-mortem analysis.

$DRIFT Token Plunges

Community sentiment registered as low as -93, -92, and -98 in various discussions. Over $270 million was drained from treasuries in under an hour. The $DRIFT token experienced a sharp decline in value, with liquidity drying up across exchanges.

Protocol Paused, Investigation Ongoing

Drift Protocol ($DRIFT) remains paused until further notice, following the detection of irregular activity.