Drift Protocol: Tidak ada bukti yang menunjukkan kata sandi dicuri, serangan sangat kompleks, dan dipersiapkan selama beberapa minggu

BlockBeats Message, 2 April, Drift Protocol posted that a malicious actor gained unauthorized access through a new type of attack involving durable nonces, quickly taking over administrative control of the Drift Security Committee. The attack is highly complex, requiring several weeks of preparation, including using durable nonce accounts to pre-sign transactions for delayed execution.

Current investigation indicates that the cause of this incident is not a vulnerability in the Drift protocol or smart contracts; there is no evidence that the seed phrase was stolen; the attacker obtained access through unauthorized or forged transaction approvals (possibly involving social engineering). The final outcome resulted in approximately $280 million in protocol funds being withdrawn. All lending, gold vault deposits, and transaction funds are affected. DSOL (not deposited into Drift, including assets staked to Drift validators) and the insurance fund assets are not affected; the latter are being extracted for protection. As a precautionary measure, all remaining protocol functionalities have been frozen, and the multisig has been updated to remove the compromised wallets.