In-Depth Reconstruction of the $285 Million Drift Hack: How Should DeFi Governance Move Beyond "Amateur Hour"?

marsbitОпубликовано 2026-04-13Обновлено 2026-04-13

Введение

On April 1, 2026, Drift Protocol, the largest perpetual futures DEX on Solana, suffered a catastrophic hack resulting in a loss of $285 million. The attack, attributed to a sophisticated social engineering campaign rather than a technical exploit, unfolded over several months. Hackers first infiltrated Drift’s internal circles by posing as a legitimate market maker, building trust over time. They then exploited Solana’s "Durable Nonce" feature to trick core team members into blindly signing transactions that granted administrative control. A critical vulnerability was introduced when Drift migrated to a 2/5 multisig structure without a timelock, allowing instant execution of privileged transactions with just two signatures. The attackers finally triggered the attack by adding a fake token (CVT) to the whitelist, manipulating its oracle price, and using it as collateral to drain the protocol’s treasury. The incident highlights fundamental flaws in DeFi governance, including overreliance on multisig mechanisms that lack intent verification and are vulnerable to social engineering. It underscores the misalignment between retail-grade security tools and institutional-scale treasury management. The hack signals the need for a security paradigm shift in DeFi, including adoption of Hardware Security Modules (HSMs) for key management, intent-based policy engines for transaction validation, and professional third-party custody solutions to ensure institutional-grade safety.

On April 1, 2026, Drift Protocol, the largest decentralized perpetual exchange on Solana, suffered a catastrophic blow. Within just over ten minutes, a staggering $285 million in crypto assets was drained, marking the largest security incident in the DeFi space so far this year.

As on-chain data was meticulously analyzed and security firms delved deeper, the full picture of this suspected APT attack, allegedly led by a North Korean hacker group, gradually came to light. Ironically, what destroyed this billion-dollar DeFi fortress was not some ingenious zero-day vulnerability, but a months-long, meticulously planned social engineering hunt targeting human nature.

This disaster was not only Drift's darkest hour but also starkly exposed the "amateur hour" state of current DeFi industry practices in governance and key management.

The Long-Planned Hunt: How Did Drift Fall Step by Step?

Reconstructing the hacker's attack path reveals an extremely meticulous, patient, and multi-pronged coordinated operation. The attackers perfectly exploited the Web3 geek community's blind faith in "code is law" and their negligence towards the weakest link: people.

Step 1: Infiltration Disguised as a "Market Maker"

As early as half a year before the incident, the attackers disguised themselves as a well-funded quantitative trading firm. They not only socialized with Drift's core team at major crypto conferences but also genuinely deposited millions of dollars into the protocol. By participating in product testing and offering high-quality strategic suggestions, the hackers successfully infiltrated Drift's internal communication channels, building deadly trust.

Step 2: Planting a Time Bomb with "Durable Nonces"

After gaining the trust of key contributors, the hackers began exploiting Solana's unique "Durable Nonces" mechanism. This mechanism allows transactions to be signed offline in advance and broadcast for execution at any future time. Through clever rhetoric and disguised testing needs, the hackers tricked members of Drift's security council into performing "blind signing" on several seemingly ordinary transactions. The true payload of these transactions was the transfer of the protocol's highest Admin control privileges.

Step 3: The Fatal 2/5 Multisig and Zero Timelock

On March 27th, Drift implemented a fatal governance update: migrating the security council to a new 2/5 multisignature architecture and removing the timelock. This meant that with just two signatures, any instruction modifying the protocol's underlying logic would be executed instantly, leaving no time to even "pull the plug."

Step 4: The Mirage of a "Shitcoin" ATM

On April 1st, the hackers detonated all deployed elements simultaneously. They broadcast the multisig instructions obtained earlier, instantly seizing the protocol's Admin privileges. Subsequently, the hackers whitelisted a fake token called CVT (CarbonVote Token) and maxed out its borrowing limit. Coupled with oracle price manipulation, the hackers used a pile of worthless tokens as collateral to "legitimately" borrow $285 million worth of USDC, SOL, and ETH from Drift's treasury.

Legitimate Signature ≠ Legitimate Intent: The Achilles' Heel of DeFi Security

The most disheartening aspect of the Drift incident is this: in the eyes of the blockchain virtual machine, every step the hackers took was "legitimate." They didn't exploit an overflow bug, nor did they perform a reentrancy attack. They simply obtained the legitimate admin keys and walked openly into the vault.

This exposes a massive misalignment in how current DeFi protocols manage funds: using retail-level tools designed for managing a few hundred dollars to manage institutional-level treasuries worth hundreds of millions.

Currently, most mainstream DeFi protocols still heavily rely on traditional smart contract-based multisignature wallets (e.g., Safe or native multisig mechanisms). This architecture has two fatal flaws:

  1. Vulnerable to Social Engineering: The防线 collapses as soon as hackers compromise (via phishing, coercion, or bribery) a few key individuals holding the private keys.
  2. Lack of Intent Verification: Multisig only verifies "did these specific people sign?" but does not check "did they just sign away the farm?"

From Geek Experiment to Financial Infrastructure: The Inevitable Evolution of Web3 Security

Drift's $285 million lesson was extremely costly: as Web3 accelerates its integration with traditional finance, DeFi protocols must abandon governance models that rely solely on developer自律 (self-discipline) and simple multisigs, moving towards institutional-grade standards.

Currently, leading industry players and security observers have reached a consensus that the next security iteration for DeFi infrastructure must include upgrades across these core dimensions:

Upgrading the Cryptographic Foundation: Moving Towards HSM (Hardware Security Modules)

Compared to the software aggregation of multisigs, HSMs store a protocol's private keys within certified, military-grade encrypted chips, from which the keys cannot be exported. This hardware-level physical isolation and security control fundamentally eliminates risks arising from social engineering attacks on insiders or device compromises, providing vault security far superior to traditional multisigs.

Introducing an "Intent-Based" Policy Engine

Future DeFi management permission approvals cannot remain solely at the "signature verification" stage. The system needs built-in risk control logic. For example, when a transaction attempts to modify the borrowing limit of an unknown token (like CVT in the Drift case) to unlimited, the policy engine should automatically识别 its anomalous intent, trigger a circuit breaker, and mandate higher-level verification (e.g., multi-tiered manual risk control, video verification, or enforced timelocks).

Embracing Independent, Compliant Custodial Power

As TVL continues to balloon, protocol developers should focus their energy on code logic and business innovation, while entrusting the control and security defense of billion-dollar treasuries to professional third-party compliant custodial institutions. Just as in traditional finance, exchanges don't keep user assets in the CEO's personal safe. Introducing institutional-grade risk control processes, with strong offensive and defensive capabilities and audited practices, is a necessary path for DeFi's mass adoption.

As institutional service providers like Cactus Custody, who have long been deeply involved in digital asset security, advocate: DeFi's decentralization should not be an excuse to evade systematic risk control.

The Drift hack might be a watershed moment. It宣告 the bankruptcy of "amateur hour" governance and heralds the arrival of a new security paradigm centered on hardware architecture, intent verification, and professional custody. Only by fortifying this line can Web3 truly bear the weight of a trillion-dollar future.

Связанные с этим вопросы

QWhat was the total value of assets stolen in the Drift Protocol hack, and when did it occur?

AA total of $285 million in crypto assets was stolen from Drift Protocol on April 1, 2026.

QWhat specific mechanism did the attackers exploit to gain control of the protocol's admin privileges?

AThe attackers exploited Solana's 'Durable Nonces' mechanism to get security committee members to blindly sign transactions that transferred the protocol's admin control, which were executed later.

QWhat critical change did Drift make to its security committee on March 27 that increased its vulnerability?

ADrift migrated its security committee to a 2/5 multisig architecture and removed the timelock, meaning only two signatures were needed to execute critical changes instantly.

QHow did the attackers ultimately drain funds from the protocol after gaining admin control?

AAfter gaining admin control, the attackers whitelisted a fake token called CVT, manipulated its oracle price, and used it as collateral to 'borrow' $285 million in USDC, SOL, and ETH from the protocol's treasury.

QWhat are the three key security upgrades proposed to prevent similar DeFi governance failures in the future?

AThe three key security upgrades are: 1) Adopting Hardware Security Modules (HSM) for secure key storage, 2) Implementing a 'Policy Engine' for intent-based risk control, and 3) Leveraging professional third-party compliant custody services for treasury management.

Похожее

Over $31 Million Stolen from Humanity, Is the Team Behind It Paving the Way for a New Project?

The article reports a major security incident involving Humanity Protocol (H), resulting in over $31 million stolen. The team attributes the hack to a private key leak from a Humanity Foundation member, leading to a rapid sale of H tokens and a 90% price drop. However, prominent on-chain investigator ZachXBT suggests the event might be an "exit scam" orchestrated by the team, rather than an external hack. This suspicion is fueled by the team's controversial history, including past management failures, legal issues, and previous scandals like outsourced technology and problematic airdrops. Further investigation reveals that the core team behind Humanity is already involved with a new project called "Everything," which recently secured funding. This has led to community speculation that the alleged hack is a deliberate scheme to abandon the H project while shifting focus and resources to their new venture, leaving investors to bear the losses. The article questions whether this is a genuine security failure or a premeditated "rug pull" strategy.

Odaily星球日报56 мин. назад

Over $31 Million Stolen from Humanity, Is the Team Behind It Paving the Way for a New Project?

Odaily星球日报56 мин. назад

SoftBank's Son, Bankrupted by Good Stories, Awaits His Next Alibaba

Masayoshi Son is back. After years defined by Vision Fund's massive losses and costly missteps like WeWork—which shattered market confidence and led to billions in write-downs—Son has found redemption through AI. His early, high-conviction bets are paying off handsomely. Arm, acquired for $32 billion in 2016 and once a heavily leveraged burden, has become a gold mine amid the AI compute boom, delivering roughly a 10x return for SoftBank after its 2023 IPO. More crucially, SoftBank has made an enormous, concentrated bet on OpenAI, committing over $64 billion for a roughly 13% stake. This investment is already showing massive paper gains, contributing significantly to SoftBank's soaring valuation and propelling Son back to the top as Asia's richest person. The narrative has shifted from the "fool" who fell for grandiose stories to the visionary who endured a brutal downturn and is now being rewarded for his early faith in artificial intelligence.

marsbit1 ч. назад

SoftBank's Son, Bankrupted by Good Stories, Awaits His Next Alibaba

marsbit1 ч. назад

WeChat Agent Issues a 'Heroic Summons,' Half of the Internet Responds

WeChat AI Agent is on the horizon. The WeChat Open Platform has issued a guide for developers, offering them ways to integrate into the WeChat AI ecosystem. This will enable mini-programs to be discovered and invoked by the AI. Meituan has already announced its integration, allowing users to access services like food delivery through WeChat AI. Other platforms like Ctrip and Tongcheng have followed suit. Furthermore, WeChat is collaborating with major smartphone manufacturers to enable their native AI assistants to perform actions within WeChat, such as initiating calls or sending messages, through a controlled protocol called Agent-to-Agent (A2A). Reports indicate the WeChat AI Agent will be accessible by swiping right on the main interface. It aims to understand user intent within the rich context of chats, groups, and past interactions, then automatically call upon relevant mini-programs to complete tasks like ordering coffee or booking restaurants. This positions it as a potential "super app" with direct access to WeChat's vast ecosystem of services, social connections, and payment systems. Technically, this is a complex endeavor. It requires advanced natural language understanding, a "world model" to predict interactions within mini-programs (UI-Oceanus), multi-model orchestration for cost efficiency, and careful coordination with millions of third-party service providers. Tencent's development follows a "Co-Design" approach, where product teams and the Hunyuan model team collaborate closely, allowing capabilities honed in other AI products (like Yuanbao for chat, ima for search, WorkBuddy for office tasks) to be transferred to the WeChat Agent. Tencent is strategically opting for the A2A protocol over GUI-based automation (which it has blocked in the past), maintaining control over its ecosystem. To manage the immense scale and cost of serving 1.4 billion monthly active users, Tencent is deepening its ties with DeepSeek, known for its cost-effective training, to secure a low-cost inference backbone. The ultimate goal is to solve practical, everyday problems for users within the WeChat ecosystem, moving beyond technical benchmarks to deliver real utility, which Tencent sees as the key to winning in the long-term AI game.

marsbit1 ч. назад

WeChat Agent Issues a 'Heroic Summons,' Half of the Internet Responds

marsbit1 ч. назад

Strategy Erases Last Week’s Bitcoin Sale With 1,550 BTC Purchase

Strategy, a major Bitcoin treasury firm, has made a substantial purchase of 1,550 BTC for approximately $101 million. This acquisition completely offsets the company's sale of 32 BTC just one week prior, which had negatively impacted market sentiment. Following this buy, Strategy's total Bitcoin holdings have reached a new record of 845,256 BTC. The company's leadership, including Chairman Michael Saylor and CEO Phong Le, emphasized their ongoing strategy to accumulate Bitcoin over time. Concurrently, Strategy added $100 million to its USD reserve, bringing its total to $1 billion, to ensure dividend payments. The purchase was reportedly funded through sales of the company's stock. Meanwhile, U.S. Bitcoin spot ETFs experienced a fourth consecutive week of net outflows, totaling $1.72 billion last week. Bitcoin's price is currently around $63,400, reflecting a nearly 12% decline over the past seven days.

bitcoinist1 ч. назад

Strategy Erases Last Week’s Bitcoin Sale With 1,550 BTC Purchase

bitcoinist1 ч. назад

Humanity Loses $31 Million in Attack, Token Price Plummets 90% Due to a Single Private Key

On June 9th, the digital identity project Humanity Protocol suffered a major security breach resulting in over $31 million in losses. According to on-chain analyst Specter, hundreds of wallets holding the project's H token were drained. The attack was confirmed by founder Terence Kwok to be caused by the compromise of a foundation member's private key. As a precaution, users are advised to avoid interacting with Humanity's cross-chain bridge or liquidity pools. The incident caused the H token price to crash over 90%, from around $0.70 to a low of $0.052, wiping its market cap from $2 billion to approximately $35.7 million. The attacker allegedly minted 100 million new H tokens and is selling them for BNB. This breach adds to existing controversies surrounding Humanity Protocol. Founded in 2024, it aimed to verify human users via palm-print biometrics and zero-knowledge proofs. However, a leaked conversation in 2025 revealed that only about 1 million of its 9 million claimed Human IDs had completed biometric verification, suggesting 88% might be bots. Furthermore, the project has faced allegations of being a repackaged product from a Chinese access control vendor, raising privacy and authenticity concerns. Founder Terence Kwok's previous venture, Tink Labs, a hotel smartphone startup that raised $170 million, failed and entered bankruptcy in 2020 after burning through its funding. The current attack highlights the persistent critical issue of private key management in crypto. Unlike smart contract exploits, a private key compromise bypasses all on-chain security mechanisms. With no user compensation plan announced yet, this $31 million breach may be a final blow to the project's credibility, already weakened by previous controversies and a heavily depreciated token.

marsbit2 ч. назад

Humanity Loses $31 Million in Attack, Token Price Plummets 90% Due to a Single Private Key

marsbit2 ч. назад

Торговля

Спот
Фьючерсы

Популярные статьи

Как купить MOVE

Добро пожаловать на HTX.com! Мы сделали приобретение Movement (MOVE) простым и удобным. Следуйте нашему пошаговому руководству и отправляйтесь в свое крипто-путешествие.Шаг 1: Создайте аккаунт на HTXИспользуйте свой адрес электронной почты или номер телефона, чтобы зарегистрироваться и бесплатно создать аккаунт на HTX. Пройдите удобную регистрацию и откройте для себя весь функционал.Создать аккаунтШаг 2: Перейдите в Купить криптовалюту и выберите свой способ оплатыКредитная/Дебетовая Карта: Используйте свою карту Visa или Mastercard для мгновенной покупки Movement (MOVE).Баланс: Используйте средства с баланса вашего аккаунта HTX для простой торговли.Третьи Лица: Мы добавили популярные способы оплаты, такие как Google Pay и Apple Pay, для повышения удобства.P2P: Торгуйте напрямую с другими пользователями на HTX.Внебиржевая Торговля (OTC): Мы предлагаем индивидуальные услуги и конкурентоспособные обменные курсы для трейдеров.Шаг 3: Хранение Movement (MOVE)После приобретения вами Movement (MOVE) храните их в своем аккаунте на HTX. В качестве альтернативы вы можете отправить их куда-либо с помощью перевода в блокчейне или использовать для торговли с другими криптовалютами.Шаг 4: Торговля Movement (MOVE)С легкостью торгуйте Movement (MOVE) на спотовом рынке HTX. Просто зайдите в свой аккаунт, выберите торговую пару, совершайте сделки и следите за ними в режиме реального времени. Мы предлагаем удобный интерфейс как для начинающих, так и для опытных трейдеров.

601 просмотров всегоОпубликовано 2024.12.13Обновлено 2026.06.02

Как купить MOVE

Обсуждения

Добро пожаловать в Сообщество HTX. Здесь вы сможете быть в курсе последних новостей о развитии платформы и получить доступ к профессиональной аналитической информации о рынке. Мнения пользователей о цене на MOVE (MOVE) представлены ниже.

活动图片

Топ вопросы

Популярные категорииright-arrow

Популярные тегиright-arrow