How Solana's Largest Perp DEX Was Exploited for $285 Million
A deep dive into the $285M Drift Protocol exploit: how compromised keys, permissive multisigs, and oracle fakery cascaded across DeFi integrations — and the practical fixes teams must adopt now.
Key Takeaways
- Drift lost ~$285M after an admin key was phished; attackers abused a 2-of-5 multisig with no timelock and used Solana durable nonces to sign and execute delayed transactions.
- Attackers created fake tokens (CBT/CVT), spoofed an oracle to pump low-liquidity pools, then used the inflated collateral to drain blue‑chip assets in a coordinated multistep exploit.
- Contagion impacted ~20 teams — vaults, borrowing/lending and yield integrations built on Drift were drained because monitoring, alerts, and partner communication were insufficient.
- Operational recommendations: adopt 3+/5 multisigs, implement timelocks (hours–days), require stronger signer verification (biometrics), enable PagerDuty alerts and circuit breakers, and disclose centralization tradeoffs.
- Recovery and compliance gaps: attackers converted funds to USDC and used CCTP; Circle’s freeze policy and bridge blacklist practices drew criticism, underscoring need for clearer coordination during incidents.
- Broader lessons: harden supply‑chain dependencies and developer tooling, monitor durable-nonce/authority transfers, adopt enterprise ops practices, and watch for DPRK-style fingerprints for attribution.
Original Source
How Solana's Largest Perp DEX Was Exploited for $285 Million
Visit Source