DRIFT Token Crashes 40% After Protocol Exploited for About $280mn

The protocol suspended deposits and withdrawals, and said it was coordinating with security firms, bridges and exchanges to contain the incident. "This is not an April Fools' joke," the protocol said on X.  

The attacker began converting part of the stolen funds into USDC before bridging to Ethereum to buy Ether (ETH), having already acquired roughly 19,913 ETH worth approximately $43mn, according to a Lookonchain X post. 

DRIFT was trading at around $0.04 at 06:18UTC, down about 40% since 16:45UTC.

The attack is one of the largest decentralized finance (DeFi) exploit on Solana since the $326mn Wormhole bridge breach in 2022, according to Rekt's leaderboard. DeFi is a term used to describe financial activities carried out on the blockchain without the use of third parties.

Attacker exploits transaction system

The attackers used vulnerabilities in Solana’s settlement systems, along with social engineering tricks to perpetrate the $280mn exploit. Social engineering is a way to gain access to a user’s information by tricking them online into revealing private details without hacking their system.

Solana offers a durable nonce mechanism to give users a way to process a transaction at a time of their choosing. While blockchain settlements are generally instantaneous, on Solana users can approve a transaction and send it for execution at a later time.

During this attack, the Drift attackers firstly scheduled numerous transactions using durable nonce accounts and then, using the information from social engineering, gained access to the protocol’s admin accounts. After removing the transaction guardrails, the 
attackers siphoned off as many funds as they could from the exchange's treasury.

Drift said it is working with law enforcement and exchanges to freeze the stolen assets and retrieve them, according to an updated incident report.