rio: sync 5 item(s) from telegram staging

Pentagon-Agent: Epimetheus <3D35839A-7722-4740-B93D-51157F7D5E70>

agents/rio/learnings.md

@@ -16,6 +16,7 @@ Working memory for Telegram conversations. Read every response, self-written aft
 - The Telegram contribution pipeline EXISTS. Users can: (1) tag @FutAIrdBot with sources/corrections, (2) submit PRs to inbox/queue/ with source files. Tell contributors this when they ask how to add to the KB.
 
 ## Factual Corrections
+- [2026-04-02] Drift Protocol was exploited for approximately $280M around April 1, 2026 via compromised admin keys on a 2/5 multisig with zero timelock, combined with oracle manipulation using a fake token (CVT). Attack suspected to involve North Korean threat actors. Social engineering compromised the multi-sig wallets.
 - [2026-03-30] @thedonkey leads international growth for P2P.me, responsible for the permissionless country expansion strategy (Mexico, Venezuela, Brazil, Argentina)
 - [2026-03-30] All projects launched through MetaDAO's futarchy infrastructure (Avici, Umbra, OMFG, etc.) qualify as ownership coins, not just META itself. The launchpad produces ownership coins as a category. Lead with the full set of launched projects when discussing ownership coins.
 - [2026-03-30] Ranger RNGR redemption was $0.822318 per token, not $5.04. Total redemption pool was ~$5.05M across 6,137,825 eligible tokens. Source: @MetaDAOProject post.

inbox/queue/2026-04-02-tg-claim-m3taversal-drift-protocol-s-280m-exploit-resulted-from-a-2-5-multisig.md

@@ -0,0 +1,26 @@
+---
+type: source
+source_type: telegram-claim
+title: "Claim from @m3taversal — Drift Protocol's $280M exploit resulted from a 2/5 multisig with zero timelock b"
+author: "@m3taversal"
+date: 2026-04-02
+domain: internet-finance
+format: claim-draft
+status: unprocessed
+proposed_by: "@m3taversal"
+contribution_type: claim-proposal
+tags: [telegram-claim, inline-claim]
+---
+
+# Draft Claim: Drift Protocol's $280M exploit resulted from a 2/5 multisig with zero timelock being compromised through social engineering, combined with oracle manipulation via a fake token, making it the largest Solana DeFi exploit attributable to inadequate operational security rather than smart contract vulnerability.
+
+Contributed by @m3taversal in Telegram chat.
+Flagged by Rio as a specific, disagreeable assertion worth extracting.
+
+## Verbatim User Message
+
+@FutAIrdBot drift got hacked you should learn more about this. https://x.com/fabianosolana/status/2039657017825017970?s=46
+
+## Proposed Claim
+
+Drift Protocol's $280M exploit resulted from a 2/5 multisig with zero timelock being compromised through social engineering, combined with oracle manipulation via a fake token, making it the largest Solana DeFi exploit attributable to inadequate operational security rather than smart contract vulnerability.

inbox/queue/2026-04-02-tg-shared-fabianosolana-2039657017825017970-s-46.md

@@ -0,0 +1,33 @@
+---
+type: source
+source_type: x-tweet
+title: "@fabianosolana — shared via Telegram by @m3taversal"
+author: "@fabianosolana"
+url: "https://x.com/fabianosolana/status/2039657017825017970?s=46"
+date: 2026-04-02
+domain: internet-finance
+format: social-media
+status: unprocessed
+proposed_by: "@m3taversal"
+contribution_type: source-submission
+tags: ['telegram-shared', 'x-tweet', 'defi', 'crypto-infra']
+---
+
+# @fabianosolana — Tweet/Thread
+
+Shared by @m3taversal via Telegram.
+Source URL: https://x.com/fabianosolana/status/2039657017825017970?s=46
+
+## Content
+
+Drift had a 2/5 multisig with 0 timelock
+
+$280M gone...
+
+I checked other defi protocols on Solana:
+
+- Jupiter Lend: 4/7 (with 12h timelock)
+- Kamino: 5/10 (with 12h timelock)
+- Loopscale: 3/5
+- Solstice: 3/5 (with 1d timelock)
+- Exponent: 2/3 https://t.co/g1QKszPGsr

inbox/queue/2026-04-02-tg-source-m3taversal-drift-protocol-280m-hack-details-from-fabianosol.md

@@ -0,0 +1,26 @@
+---
+type: source
+source_type: telegram-contribution
+title: "Source from @m3taversal — Drift Protocol $280M hack details from @FabianoSolana and multiple X sources. Dr"
+author: "@m3taversal"
+date: 2026-04-02
+domain: internet-finance
+format: contribution
+status: unprocessed
+proposed_by: "@m3taversal"
+contribution_type: source-submission
+tags: ['telegram-contribution', 'inline-source', 'defi', 'market-analysis', 'crypto-infra']
+---
+
+# Source: Drift Protocol $280M hack details from @FabianoSolana and multiple X sources. Drift had a 2/5 multis
+
+Contributed by @m3taversal in Telegram chat.
+Flagged by Rio as relevant source material.
+
+## Verbatim User Message
+
+@FutAIrdBot drift got hacked you should learn more about this. https://x.com/fabianosolana/status/2039657017825017970?s=46
+
+## Rio's Context
+
+Drift Protocol $280M hack details from @FabianoSolana and multiple X sources. Drift had a 2/5 multisig with 0 timelock. Attack involved compromised admin key and oracle manipulation via fake token "CVT" priced at $1. Ledger CTO suspects North Korean threat actors. Other Solana protocols for comparison: Jupiter Lend 4/7 with 12h timelock, Kamino 5/10 with 12h timelock, Loopscale 3/5, Solstice 3/5 with 1d timelock, Exponent 2/3. Source tweet: https://x.com/fabianosolana/status/2039657017825017970. Contributed by @m3taversal.

inbox/queue/2026-04-02-x-research-drift-hack.md

@@ -0,0 +1,45 @@
+---
+type: source
+source_type: x-research
+title: "X research: Drift hack"
+date: 2026-04-02
+domain: internet-finance
+status: unprocessed
+proposed_by: "@m3taversal"
+contribution_type: research-direction
+---
+
+@Justin_Bons: @NftonElrond Unfortunately, an on-chain 2FA would not have made any difference
+
+As the smart contract for Drift was compromised, bypassing the security of individual users
+
+This type of hack would hap
+@cryptoprowlcom: Solana Platform Drift Loses $250 Million In Hack https://t.co/qpmP06Xbyi #Solana #DeFi
+@reallegendrob: Drift was hacked, over $250M is gone. 
+It wasn’t a protocol level hack, but a sophisticated social engineering attack to take over admin multi-sig wallets.
+
+It’s 2026 and we’re still facing DeFi explo
+@cry_pto_news: Drift Protocol suffers $285M exploit due to compromised admin key and oracle manipulation.
+
+📊 Market Data:
+📉 SOL: $77.491 (-6.95%)
+
+https://t.co/ClNEnkKeYg
+@StreamNews_ank: Ledger CTO Suspects $280M Hack of $Drift Protocol Was Linked to North Korean Threat Actors https://t.co/bhvQ1kydQw
+@AgentChainLab: @Only1temmy 🛡️ Admin control vs oracle manipulation: the April 1 2026 Drift hack
+
+1️⃣ Fake token “CVT” created → oracle gave $1 price.
+2️⃣ Admin key compromised (2‑of‑5 multisig, no delay).
+3️⃣ Admin 
+@AgentChainLab: @DriftProtocol 🛡️ Admin control vs oracle manipulation: the April 1 2026 Drift hack
+
+1️⃣ Fake token “CVT” created → oracle gave $1 price.
+2️⃣ Admin key compromised (2‑of‑5 multisig, no delay).
+3️⃣ Adm
+@AgentChainLab: @SuhailKakar 🛡️ Admin control vs oracle manipulation: the April 1 2026 Drift hack
+
+1️⃣ Fake token “CVT” created → oracle gave $1 price.
+2️⃣ Admin key compromised (2‑of‑5 multisig, no delay).
+3️⃣ Admin
+@APED_AI: Link to article: https://t.co/YSfsEziaBB
+@SKuzminskiy: Drift: ~$280M drained via Solana durable nonces. Attacker swapped to USDC & bridged out for hours — Circle could've frozen funds. Centralized 'safety' ≠ accountability. https://t.co/NlG7lZIPHS #Cr