Overview
- Drift Protocol, which disclosed an active attack Wednesday, froze deposits and withdrawals as losses reached an estimated $270–$285 million.
- The attacker took over Security Council admin powers using Solana durable nonce accounts that let pre-signed transactions execute later without expiring.
- Drift says the actor secured 2-of-5 multisig approvals in advance, then removed withdrawal limits and drained borrow/lend pools, vaults and trading deposits in about 12 minutes.
- On-chain trackers report rapid swaps into USDC, bridging to Ethereum via Circle’s CCTP, and purchases of roughly 130,000 ETH using the stolen funds.
- The protocol is working with security firms, exchanges, bridges and law enforcement to trace assets, and its total value locked has fallen from about $550 million to below $250 million.