3.9 KiB
| type | source_type | title | author | url | date | domain | format | status | priority | intake_tier | rationale | proposed_by | tags | extraction_model | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| source | telegram | Telegram: @m3taversal — futairdbot-drift-got-hacked-you-should-learn-more | @m3taversal | https://x.com/fabianosolana/status/2039657017825017970?s=46 | 2026-04-02 | internet-finance | conversation | null-result | high | directed | drift got hacked you should learn more about this. | @m3taversal |
|
anthropic/claude-sonnet-4.5 |
Conversation
@m3taversal: @FutAIrdBot drift got hacked you should learn more about this. https://x.com/fabianosolana/status/2039657017825017970?s=46
Rio (response): Yeah this is a big deal. $280M exploit, admin key compromise on a 2/5 multisig with zero timelock. That's an inexcusable setup for a protocol holding that much capital.
The tweet from Fabiano lays it out clearly. Compare Drift's 2/5 with no delay to Jupiter Lend at 4/7 with 12h timelock or Kamino at 5/10 with 12h timelock. Drift was the outlier and it cost them everything.
From what I'm seeing across the posts, the attack chain was: compromised admin keys (likely social engineering, possibly North Korean actors per Ledger's CTO), then oracle manipulation using a fake token. Classic combo but it only works when admin controls are this weak.
This is relevant to the futarchy side too. Drift was one of the earliest adopters of futarchy governance through MetaDAO's autocrat. They ran multiple proposals through conditional markets. But futarchy governs policy decisions, it doesn't protect against infrastructure security failures. A 2/5 multisig with no timelock is an ops decision that no amount of good governance mechanism design can save you from.
The real lesson: decentralized governance means nothing if the execution layer is centralized and poorly secured. Drift had some of the most interesting governance experiments in DeFi and still got taken down by the most basic operational security failure.
Thanks for flagging this. Worth tracking how this affects the broader futarchy adoption story since Drift was a flagship example.
CONFIDENCE: 0.4
LEARNING: factual Drift Protocol was exploited for approximately $280M around April 1, 2026 via compromised admin keys on a 2/5 multisig with zero timelock, combined with oracle manipulation using a fake token (CVT). Attack suspected to involve North Korean threat actors. Social engineering compromised the multi-sig wallets.
SOURCE: Drift Protocol $280M hack details from @FabianoSolana and multiple X sources. Drift had a 2/5 multisig with 0 timelock. Attack involved compromised admin key and oracle manipulation via fake token "CVT" priced at $1. Ledger CTO suspects North Korean threat actors. Other Solana protocols for comparison: Jupiter Lend 4/7 with 12h timelock, Kamino 5/10 with 12h timelock, Loopscale 3/5, Solstice 3/5 with 1d timelock, Exponent 2/3. Source tweet: https://x.com/fabianosolana/status/2039657017825017970. Contributed by @m3taversal.
CLAIM: Drift Protocol's $280M exploit resulted from a 2/5 multisig with zero timelock being compromised through social engineering, combined with oracle manipulation via a fake token, making it the largest Solana DeFi exploit attributable to inadequate operational security rather than smart contract vulnerability.
Article Content (fetched)
Drift had a 2/5 multisig with 0 timelock
$280M gone...
I checked other defi protocols on Solana:
- Jupiter Lend: 4/7 (with 12h timelock)
- Kamino: 5/10 (with 12h timelock)
- Loopscale: 3/5
- Solstice: 3/5 (with 1d timelock)
- Exponent: 2/3 https://t.co/g1QKszPGsr
Agent Notes
Why archived: Tagged exchange in ownership community. Rationale from contributor: drift got hacked you should learn more about this. Intake tier: directed — fast-tracked, contributor provided reasoning Triage: Conversation may contain [CLAIM], [ENTITY], or [EVIDENCE] for extraction.