How Solana's Largest Perp DEX Was Exploited for $285 Million
A $285M admin-key exploit drained Drift’s TVL — a technical, premeditated attack revealing multisig, timelock, oracle and supply‑chain failures and clear remediation steps.
Key Takeaways
- Attack combined admin-key phishing, durable nonces, a fake token and a manipulated oracle to pump a low-liquidity pool, enabling a $285M drain of Drift’s collateral.
- Root causes: a 2-of-5 multisig migration with no time lock, compromised old keys, and missing alerts allowed immediate execution and delayed detection by integrators.
- Immediate mitigations: adopt 3+/5+ multisig thresholds, enforce time locks for sensitive ops, use signer biometrics, and require peer review for collateral listings.
- Monitoring & response: deploy PagerDuty-style on-call alerts, circuit breakers, and notify integration partners to shorten reaction time and reduce contagion.
- Supply-chain risk: vet open-source dependencies and developer environments—package compromise (e.g., Axios) can give attackers developer-level access; use endpoint security tooling.
- Attribution & remediation: techniques match DPRK tradecraft but need standardized forensic criteria; trace funds, pursue legal remedies, and debate centralized freeze policies (e.g., Circle).
Original Source
How Solana's Largest Perp DEX Was Exploited for $285 Million
Visit Source