: : [Issue] Reflections on the Drift Protocol Hacking Incident Author: Calvin - On April 1, 2026, at 16:05 UTC, an exploit worth approximately $285 million occurred on Drift Protocol, a leading Solana-based perpetual DEX. It was a sophisticated collateral manipulation attack that used stolen admin keys to list worthless tokens on a new spot market, bypassed withdrawal safeguards, and then withdrew large amounts of real assets using collateral of manipulated value. - This attack was a combination of securing pre-signatures using a durable nonce and sophisticated social engineering. Starting on March 23, the attackers created durable nonce accounts for two multisig signers and two attacker-controlled accounts, and regained signer access for the new multisig even after the normal multisig operation on March 27. The attacker obtained pre-signatures from legitimate signers through transaction misrepresentation, stored them in a durable nonce, and executed them in batches on April 1 to seize administrator privileges. It was confirmed that there were no seed syntax leaks or smart contract bugs. - This incident is another major operational security failure that erupted just 10 days after the Resolv exploit. Resolv collapsed because it lacked multisig, while Drift collapsed despite having multisig due to low thresholds and the absence of additional security mechanisms. These two consecutive incidents demonstrate the need for a fundamental redesign of the authority structure. 🌎 Full Article (Website) 📱 Article Excerpt (X) FP Website | Telegram (EN / KR) | X (EN / KR)