Drift loses $280 million as hackers seize Security Council powers

Published:

2 april 2026 om 19:03:39

Alert date:

2 april 2026 om 20:02:35

Source:

bleepingcomputer.com

Data Breach & Exfiltration, Web Technologies

The Drift Protocol, a decentralized finance (DeFi) platform, suffered a massive security breach resulting in the loss of at least $280 million. Threat actors executed a sophisticated, planned operation to seize control of the platform's Security Council administrative powers. This represents one of the largest DeFi protocol exploits to date, highlighting critical vulnerabilities in decentralized governance mechanisms. The attack demonstrates the ongoing risks facing cryptocurrency and blockchain platforms, particularly around administrative privilege escalation and governance token manipulation.

Technical details

Attackers used durable nonce accounts and pre-signed transactions to delay execution and strike with accuracy at a chosen time. The attack was prepared between March 23-30, with attackers obtaining 2/5 multisig approvals from Security Council members to meet the required threshold. On April 1st, the attacker performed a legitimate transaction and immediately executed pre-signed malicious transactions, transferring admin control to themselves within minutes. After gaining admin control, they introduced a malicious asset, removed withdrawal limits, and drained funds. No flaws in programs or smart contracts were exploited, and no seed phrases were compromised.

Mitigation steps:

Users were urged not to deposit any funds until further notice. All protocol functions are frozen. The platform is working with security firms, cryptocurrency exchanges, and law enforcement authorities to trace and freeze stolen funds. A detailed post-mortem report will be published.

Affected products:

Drift Protocol - DeFi trading platform built on Solana blockchain