Overview
- Drift Protocol, which reported an active attack Wednesday, froze deposits and withdrawals after vaults lost roughly $270–$285 million.
- Investigators say the attacker used durable nonces, which allow pre‑signed transactions to run later, to collect 2‑of‑5 multisig approvals and take admin control without a code bug.
- The exploiter converted the haul to USDC, bridged it to Ethereum through Circle’s Cross‑Chain Transfer Protocol, and bought about 129,000–130,262 ETH.
- Blockchain firms Elliptic and TRM Labs linked the tactics and fast cross‑chain laundering to DPRK actors, though formal attribution and any recovery remain unresolved.
- User collateral in lending pools, vaults, and trading accounts was hit, and Drift says it is working with exchanges, bridges, and law enforcement to trace and freeze the funds.