What is Drift Protocol?

Drift is a "quasi-exchange" composite DeFi: one of the leading trading protocols launched in 2021, starting with the Solana perpetual contract, and later expanded to spot, lending and more "one-stop protocol" narratives. Drift officials stated in 2024 that the protocol already has more than 350 million US dollars in TVL, more than 175,000 traders, and a cumulative transaction volume of more than 20 billion US dollars; in September of the same year, it completed a Series B of 25 million US dollars, and the cumulative financing reached 52.5 million US dollars.

At the mechanism level, the Drift documentation explicitly acknowledges its dependence on external oracle accounts and designs "guardrails" including oracle validity, TWAP pruning, price deviation bandwidth verification, and updating market information when necessary to limit specific actions. Its historical external narrative has also emphasized that if the oracle price is "invalid or manipulated", it may cause the exchange's assets to be drained in a short period of time. Therefore, multi-step verification and "multi-range circuit breaker" must be used to strive for a reaction window.

However, this attack shows that even if the protocol has a relatively complete "market risk control guardrail", as long as the attacker can access or affect the "authority layer" (administrator key, multi-signature, risk parameter management channel), it is possible to turn the guardrail itself into a tool that can be misappropriated — — For example, adjusting certain thresholds to distortion, raising the mortgage weight of an asset to an irrational level, and ultimately allowing the system to "legally" perform asset transfers on the premise that "the rules are rewritten."

Drift Protocol responds to $280 million loss: social engineering and durable nonce attack

Drift Protocol issued a statement regarding today's security incident. A malicious actor gained unauthorized access to the protocol through a new attack method involving durable nonces and quickly took over the management of the Drift Security Council. Drift said that this was a highly sophisticated attack that was suspected to have been prepared for weeks and executed in stages, including using durable nonce accounts to pre-sign transactions and delay execution.

According to Drift's current investigation results, this incident was not caused by a vulnerability in the Drift program or smart contract, and there is no evidence that the relevant mnemonic phrase has been leaked. Drift believes that the attacker obtained unauthorized or disguised transaction approval before execution, and that the durable nonce mechanism and complex social engineering methods likely played a key role in this. This incident resulted in a total of approximately US$280 million in assets being transferred out of the agreement.

Drift said that the attacker was able to complete this attack mainly through several steps: first, pre-deploy the access path through the durable nonce account; then obtain sufficient approval permissions in the multi-signature, that is, 2/5 of the multi-signature approvals; then perform a malicious administrator permission transfer within a few minutes to obtain protocol-level permission control; and finally use this permission to introduce malicious assets and remove all original withdrawal restrictions, thereby attacking existing funds.

Currently, all funds deposited in the lending module, vault and trading account are affected. Unaffected assets include: DSOL not deposited into Drift, including assets pledged to Drift Validator; and insurance fund assets, which will be withdrawn from the protocol and transferred to a safer environment for protection.

As a precautionary measure, Drift has frozen all remaining functions of the protocol and has updated the multi-signature configuration to remove the affected wallets.

This incident has spilled over to multiple DeFi protocols in the Solana ecosystem. Reflect Money, Ranger Finance, Neutral Trade, Elemental DeFi, Project 0, Lulo Finance, Asgard Finance, DeFi Carrot, Pyra, xPlace, Fuse Wallet and other projects have been confirmed to be affected, and some projects have suspended minting, redemption or deposit and withdrawal functions. Among them, Ranger Finance said it faced a risk exposure of about US$900,000, accounting for about 6% of its TVL; Pyra said that users had suspended related card functions due to the impact on the funds earned from Drift.

Technical Analysis: Fake CVT Tokens and Oracle Manipulation

Market immediate reaction

After Drift Protocol was attacked, its governance token DRIFT plummeted by more than 40% in the past 24 hours. The annualized negative fee rate of the DRIFT U-based perpetual contract on mainstream exchanges such as Binance has soared to the top, exceeding 6,000%, with heavy subsidies from shorts to longs.

Timeline of this incident

On March 23, the attacker completed the initial nonce layout. A total of 4 durable nonce accounts were created that day, two of which were related to multi-signature members of the Drift Security Committee and the other two were controlled by the attacker. Drift believes this means that at least 2/5 of the multisig signers have signed transactions related to durable nonce accounts, making delayed execution possible.

On March 27, Drift performed a security committee multi-signature migration as planned due to changes in security committee members.

On March 30, a new durable nonce event appeared again. A new durable nonce account is created for a member of the updated multisig. Drift believes this indicates that the attacker once again gained the actual available permissions of 2/5 of the signers in the updated multi-signature.

On April 1, the attack entered the execution phase. First, Drift executed a test withdrawal transaction from an insurance fund. About 1 minute later, the attacker quickly executed two pre-signed durable nonce transactions, and the two transactions were only 4 slots apart. The first transaction is used to create and approve the malicious admin transfer, and the second transaction is used to approve and execute the malicious admin transfer. At this point, the attacker has officially taken over the key permissions of the protocol.

From the afternoon to the evening of April 1, the on-chain monitoring tool MLM has taken the lead in detecting abnormal fund flows in related addresses, with a total scale of approximately US$270.6 million (accounting for approximately 50% of Drift TVL), mainly involving assets such as JLP and USDC. Helius CEO Mert stated that there were signs on the chain that the protocol may have been attacked; Drift officials immediately issued a statement confirming that they were observing abnormal activities in the protocol and advised users not to deposit funds into the protocol until further notice.

Drift said that the core of the attack lies in the combination of two points: First, the durable nonce transaction was signed in advance, allowing the attacker to delay execution at a future point; second, the approval of multiple multi-signature signers was breached, which was likely to be achieved through targeted social engineering attacks or transaction information disguise.

Industry expert opinions and governance reflections

Ledger Chief Technology Officer Charles Guillemet said that the attack was not a smart contract vulnerability, but a long-term latent destruction of the multi-signature mechanism. Hackers are suspected of controlling the devices or private keys of multi-sig holders and misleading operators to approve malicious transactions. This method is highly similar to the Bybit incident last year that was suspected to be related to the North Korean hacker group (DPRK). He called on the industry to improve terminal detection capabilities and adopt hardware-supported clear-text signatures to prevent operational-level risks.

Uniswap founder Hayden Adams bluntly stated that centralized projects must stop calling themselves DeFi; if the administrator key can drain all the funds, it is essentially CeFi. Omer Goldberg, founder of Chaos Labs, added that the signature key of the Drift protocol has full control over market creation, oracle allocation and withdrawal limits, and lacks time locks. The attacker allegedly only took about 10 seconds to complete the theft of funds.

Fund tracking and follow-up response

On-chain tracking shows that the suspected attacker's address (HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZES) quickly transferred/exchanged funds after the attack and transferred them cross-chain to Ethereum through Wormhole. When some USDC was transferred through the Circle CCTP bridge, Circle failed to freeze the flow of funds in time, triggering criticism from Delphi Digital co-founder Tommy Shaughnessy and on-chain detective ZachXBT, who believed that Circle was slow to respond despite having centralized freezing capabilities.

Currently, Drift is cooperating with multiple security companies to investigate the root cause of the incident. It is also cooperating with cross-chain bridges, exchanges and law enforcement agencies to track and freeze stolen assets. Drift said a more detailed postmortem report will be released in the coming days and welcomes any information relevant to the investigation.