Drift Hack Exposes Crypto’s Social Engineering Risk
A raw postmortem of the $270M Drift exploit: social-engineered multisig signatures, Solana nonce mechanics, and urgent security fixes for DeFi teams and users.
Key Takeaways
- Exploit summary: Attackers used presigned transactions, durable nonces, and social-engineered two-of-five multisig signers to drain roughly $270M from Drift within minutes.
- Multisig & ops fixes: Raise thresholds (prefer 3-of-5+), enforce signer selection, add time delays, require full-address checks, and remove routine presigning for high-value actions.
- Solana-specific risk: Durable nonces prevent Solana transaction expiry—enabling delayed execution—so Solana ops need different guardrails than EVM chains.
- User protections & response: Recovery is uncertain—Bybit-style borrowing rescued past losses, but Drift lacks obvious revenue; expect legal/PR review and phased postmortem.
- Systemic threat: Stablecoin scale and AI-enhanced social engineering raise systemic loss potential; industry must adopt shared security standards, audits, and automated intent verification.
- Market context: Hosts flagged a $15B U.S. Treasury buyback and weekend geopolitical risk impacting crypto; advised cautious, short-term trades (Hyperliquid) and liquidity awareness.
Original Source
Drift Hack Exposes Crypto’s Social Engineering Risk
Visit Source