From 3d56a82bcf15a1ec4d06edb99acf467a9906eef9 Mon Sep 17 00:00:00 2001 From: Teleo Agents Date: Thu, 2 Apr 2026 13:25:02 +0000 Subject: [PATCH] rio: sync 5 item(s) from telegram staging Pentagon-Agent: Epimetheus <3D35839A-7722-4740-B93D-51157F7D5E70> --- agents/rio/learnings.md | 1 + ...0m-exploit-resulted-from-a-2-5-multisig.md | 26 +++++++++++ ...-fabianosolana-2039657017825017970-s-46.md | 33 ++++++++++++++ ...tocol-280m-hack-details-from-fabianosol.md | 26 +++++++++++ .../queue/2026-04-02-x-research-drift-hack.md | 45 +++++++++++++++++++ 5 files changed, 131 insertions(+) create mode 100644 inbox/queue/2026-04-02-tg-claim-m3taversal-drift-protocol-s-280m-exploit-resulted-from-a-2-5-multisig.md create mode 100644 inbox/queue/2026-04-02-tg-shared-fabianosolana-2039657017825017970-s-46.md create mode 100644 inbox/queue/2026-04-02-tg-source-m3taversal-drift-protocol-280m-hack-details-from-fabianosol.md create mode 100644 inbox/queue/2026-04-02-x-research-drift-hack.md diff --git a/agents/rio/learnings.md b/agents/rio/learnings.md index 87b5e0e2..5e2023de 100644 --- a/agents/rio/learnings.md +++ b/agents/rio/learnings.md @@ -16,6 +16,7 @@ Working memory for Telegram conversations. Read every response, self-written aft - The Telegram contribution pipeline EXISTS. Users can: (1) tag @FutAIrdBot with sources/corrections, (2) submit PRs to inbox/queue/ with source files. Tell contributors this when they ask how to add to the KB. ## Factual Corrections +- [2026-04-02] Drift Protocol was exploited for approximately $280M around April 1, 2026 via compromised admin keys on a 2/5 multisig with zero timelock, combined with oracle manipulation using a fake token (CVT). Attack suspected to involve North Korean threat actors. Social engineering compromised the multi-sig wallets. - [2026-03-30] @thedonkey leads international growth for P2P.me, responsible for the permissionless country expansion strategy (Mexico, Venezuela, Brazil, Argentina) - [2026-03-30] All projects launched through MetaDAO's futarchy infrastructure (Avici, Umbra, OMFG, etc.) qualify as ownership coins, not just META itself. The launchpad produces ownership coins as a category. Lead with the full set of launched projects when discussing ownership coins. - [2026-03-30] Ranger RNGR redemption was $0.822318 per token, not $5.04. Total redemption pool was ~$5.05M across 6,137,825 eligible tokens. Source: @MetaDAOProject post. diff --git a/inbox/queue/2026-04-02-tg-claim-m3taversal-drift-protocol-s-280m-exploit-resulted-from-a-2-5-multisig.md b/inbox/queue/2026-04-02-tg-claim-m3taversal-drift-protocol-s-280m-exploit-resulted-from-a-2-5-multisig.md new file mode 100644 index 00000000..43cabf7f --- /dev/null +++ b/inbox/queue/2026-04-02-tg-claim-m3taversal-drift-protocol-s-280m-exploit-resulted-from-a-2-5-multisig.md @@ -0,0 +1,26 @@ +--- +type: source +source_type: telegram-claim +title: "Claim from @m3taversal — Drift Protocol's $280M exploit resulted from a 2/5 multisig with zero timelock b" +author: "@m3taversal" +date: 2026-04-02 +domain: internet-finance +format: claim-draft +status: unprocessed +proposed_by: "@m3taversal" +contribution_type: claim-proposal +tags: [telegram-claim, inline-claim] +--- + +# Draft Claim: Drift Protocol's $280M exploit resulted from a 2/5 multisig with zero timelock being compromised through social engineering, combined with oracle manipulation via a fake token, making it the largest Solana DeFi exploit attributable to inadequate operational security rather than smart contract vulnerability. + +Contributed by @m3taversal in Telegram chat. +Flagged by Rio as a specific, disagreeable assertion worth extracting. + +## Verbatim User Message + +@FutAIrdBot drift got hacked you should learn more about this. https://x.com/fabianosolana/status/2039657017825017970?s=46 + +## Proposed Claim + +Drift Protocol's $280M exploit resulted from a 2/5 multisig with zero timelock being compromised through social engineering, combined with oracle manipulation via a fake token, making it the largest Solana DeFi exploit attributable to inadequate operational security rather than smart contract vulnerability. diff --git a/inbox/queue/2026-04-02-tg-shared-fabianosolana-2039657017825017970-s-46.md b/inbox/queue/2026-04-02-tg-shared-fabianosolana-2039657017825017970-s-46.md new file mode 100644 index 00000000..93770624 --- /dev/null +++ b/inbox/queue/2026-04-02-tg-shared-fabianosolana-2039657017825017970-s-46.md @@ -0,0 +1,33 @@ +--- +type: source +source_type: x-tweet +title: "@fabianosolana — shared via Telegram by @m3taversal" +author: "@fabianosolana" +url: "https://x.com/fabianosolana/status/2039657017825017970?s=46" +date: 2026-04-02 +domain: internet-finance +format: social-media +status: unprocessed +proposed_by: "@m3taversal" +contribution_type: source-submission +tags: ['telegram-shared', 'x-tweet', 'defi', 'crypto-infra'] +--- + +# @fabianosolana — Tweet/Thread + +Shared by @m3taversal via Telegram. +Source URL: https://x.com/fabianosolana/status/2039657017825017970?s=46 + +## Content + +Drift had a 2/5 multisig with 0 timelock + +$280M gone... + +I checked other defi protocols on Solana: + +- Jupiter Lend: 4/7 (with 12h timelock) +- Kamino: 5/10 (with 12h timelock) +- Loopscale: 3/5 +- Solstice: 3/5 (with 1d timelock) +- Exponent: 2/3 https://t.co/g1QKszPGsr diff --git a/inbox/queue/2026-04-02-tg-source-m3taversal-drift-protocol-280m-hack-details-from-fabianosol.md b/inbox/queue/2026-04-02-tg-source-m3taversal-drift-protocol-280m-hack-details-from-fabianosol.md new file mode 100644 index 00000000..2f538334 --- /dev/null +++ b/inbox/queue/2026-04-02-tg-source-m3taversal-drift-protocol-280m-hack-details-from-fabianosol.md @@ -0,0 +1,26 @@ +--- +type: source +source_type: telegram-contribution +title: "Source from @m3taversal — Drift Protocol $280M hack details from @FabianoSolana and multiple X sources. Dr" +author: "@m3taversal" +date: 2026-04-02 +domain: internet-finance +format: contribution +status: unprocessed +proposed_by: "@m3taversal" +contribution_type: source-submission +tags: ['telegram-contribution', 'inline-source', 'defi', 'market-analysis', 'crypto-infra'] +--- + +# Source: Drift Protocol $280M hack details from @FabianoSolana and multiple X sources. Drift had a 2/5 multis + +Contributed by @m3taversal in Telegram chat. +Flagged by Rio as relevant source material. + +## Verbatim User Message + +@FutAIrdBot drift got hacked you should learn more about this. https://x.com/fabianosolana/status/2039657017825017970?s=46 + +## Rio's Context + +Drift Protocol $280M hack details from @FabianoSolana and multiple X sources. Drift had a 2/5 multisig with 0 timelock. Attack involved compromised admin key and oracle manipulation via fake token "CVT" priced at $1. Ledger CTO suspects North Korean threat actors. Other Solana protocols for comparison: Jupiter Lend 4/7 with 12h timelock, Kamino 5/10 with 12h timelock, Loopscale 3/5, Solstice 3/5 with 1d timelock, Exponent 2/3. Source tweet: https://x.com/fabianosolana/status/2039657017825017970. Contributed by @m3taversal. diff --git a/inbox/queue/2026-04-02-x-research-drift-hack.md b/inbox/queue/2026-04-02-x-research-drift-hack.md new file mode 100644 index 00000000..ad401adc --- /dev/null +++ b/inbox/queue/2026-04-02-x-research-drift-hack.md @@ -0,0 +1,45 @@ +--- +type: source +source_type: x-research +title: "X research: Drift hack" +date: 2026-04-02 +domain: internet-finance +status: unprocessed +proposed_by: "@m3taversal" +contribution_type: research-direction +--- + +@Justin_Bons: @NftonElrond Unfortunately, an on-chain 2FA would not have made any difference + +As the smart contract for Drift was compromised, bypassing the security of individual users + +This type of hack would hap +@cryptoprowlcom: Solana Platform Drift Loses $250 Million In Hack https://t.co/qpmP06Xbyi #Solana #DeFi +@reallegendrob: Drift was hacked, over $250M is gone. +It wasn’t a protocol level hack, but a sophisticated social engineering attack to take over admin multi-sig wallets. + +It’s 2026 and we’re still facing DeFi explo +@cry_pto_news: Drift Protocol suffers $285M exploit due to compromised admin key and oracle manipulation. + +📊 Market Data: +📉 SOL: $77.491 (-6.95%) + +https://t.co/ClNEnkKeYg +@StreamNews_ank: Ledger CTO Suspects $280M Hack of $Drift Protocol Was Linked to North Korean Threat Actors https://t.co/bhvQ1kydQw +@AgentChainLab: @Only1temmy 🛡️ Admin control vs oracle manipulation: the April 1 2026 Drift hack + +1️⃣ Fake token “CVT” created → oracle gave $1 price. +2️⃣ Admin key compromised (2‑of‑5 multisig, no delay). +3️⃣ Admin +@AgentChainLab: @DriftProtocol 🛡️ Admin control vs oracle manipulation: the April 1 2026 Drift hack + +1️⃣ Fake token “CVT” created → oracle gave $1 price. +2️⃣ Admin key compromised (2‑of‑5 multisig, no delay). +3️⃣ Adm +@AgentChainLab: @SuhailKakar 🛡️ Admin control vs oracle manipulation: the April 1 2026 Drift hack + +1️⃣ Fake token “CVT” created → oracle gave $1 price. +2️⃣ Admin key compromised (2‑of‑5 multisig, no delay). +3️⃣ Admin +@APED_AI: Link to article: https://t.co/YSfsEziaBB +@SKuzminskiy: Drift: ~$280M drained via Solana durable nonces. Attacker swapped to USDC & bridged out for hours — Circle could've frozen funds. Centralized 'safety' ≠ accountability. https://t.co/NlG7lZIPHS #Cr