- Drift Protocol confirms $280 million crypto theft via sophisticated attack abusing durable nonces
- Hackers hijacked Security Council powers through misrepresented transaction approvals and social engineering
- Deposits in borrow/lend, vaults, and trading affected; incident marks largest crypto heist of 2026 so far
Decentralized cryptocurrency exchange Drift has confirmed suffering a cyberattack in which threat actors stole hundreds of millions of dollars worth of tokens.
On April 1 2026,, Drift Protocol posted on X, saying it was “experiencing an active attack”, and that all deposits and withdrawals were suspended as a result.
“This is not an April Fools joke,” the maintainers tweeted. “We are coordinating with multiple security firms, bridges, and exchanges to contain the incident.”
Article continues below
Highly sophisticated attack
Soon after, an update was posted, explaining that a malicious actor was able to access the protocol “through a novel attack involving durable nonces,” resulting in a “rapid takeover of Drift’s Security Council administrative powers.”
Security Council is a governance and safety mechanism designed to act quickly in emergencies, without waiting for full DAO voting. It is a small, trusted group (usually multisig signers) within the protocol’s governance structure, who have limited, fast-track powers. Ironically enough, Security Council was supposed to prevent attacks like this one.
Drift says the attack was a “highly sophisticated operation that appears to have involved multi-week preparation and staged execution”.
It was not a bug, and no seed phrases were compromised. Instead, the attack involved “unauthorized or misrepresented transaction approvals obtained prior to execution, likely facilitated through durable nonce mechanisms and sophisticated social engineering.”
At press time, no one claimed responsibility for this attack, but Drift said roughly $280 million was withdrawn from the protocol. North Korean state-sponsored groups Lazarus and different Chollima variants (Labyrinth, Pressure, Golden) are usually tasked with stealing cryptocurrencies from organizations in the west. The country uses the stolen money to fund its government apparatus and its weapons programme, some researchers claim.
All deposits placed into borrow/lend, vault deposits, and funds deposited for trading, are affected, Drift confirmed. This is now one of the largest crypto heists ever, and the largest one this year so far.
Via The Record
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/ajrbDMvoRtyBEqwF235BUD-1920-80.jpg
Source link
