#What Happened with Drift Protocol?
Drift Protocol experienced a significant breach that began on April 1, when suspicions arose regarding unusual activity within its systems. Helius CEO brought attention to a possible exploitation, urging the community to monitor their holdings. Shortly thereafter, PeckShield detected substantial outflows involving more than 15 different tokens, confirming serious exploitations with initial losses estimated at around $270 million. The Drift Protocol team reacted swiftly by suspending all deposits and withdrawals to manage the situation while coordinating with security experts and exchanges.
#How Did the Attack Unfold?
The attack utilized a sophisticated method focusing on the Security Council's multisig, emphasizing a two-of-five administrative structure essential for controlling protocol permissions. The assailant gained unauthorized access through a pioneering technique involving durable nonces, resulting in a quick takeover of administrative rights. This required extensive preparation over several weeks, including setting up durable nonce accounts to facilitate delayed actions for pre-signed transactions. By manipulating the system, the attacker effectively gathered approval signatures from key council members using social engineering tactics.
#What Key Steps Led to the Exploit?
Execution of the attack occurred on April 1, right after legitimate withdrawal tests from Drift’s insurance fund. By targeting the Solana network, the attacker implemented two pre-signed transactions that facilitated an admin transfer of funds. Once in control, the attacker bypassed withdrawal limits and siphoned funds from various pools in about 12 minutes, impacting deposits and trading assets while leaving some assets safe, including the insurance funds not directly on the platform.
#What Are the Financial Implications?
Before the attack, Drift Protocol had a total value locked (TVL) exceeding $550 million and was considered one of the largest DeFi platforms on Solana. Following the incident, this value sharply dropped to approximately $247 million. The DRIFT token, which was previously trading above $0.07, saw a staggering decline of about 42% within 24 hours as it fell to around $0.04, drastically reducing its market capitalization.
#What Is Drift Protocol?
Established in 2021, Drift Protocol differentiates itself by operating primarily on the Solana blockchain, providing users with control over their funds. The company successfully raised $25 million in a Series B funding round, aiming to develop an extensive suite of financial services, including trading and prediction markets, under the vision of making it a pivotal player in the crypto space.