Drift 损失 2.85 亿美元：黑客对熊市 DeFi 造成致命打击吗？

编辑：吴区块链 2026 年 4 月 2 日左右，多个链上监控账户和媒体报道称基于 Solana 的综合衍生品和借贷协议 Drift Protocol 出现异常资金外流。该项目后来证实它受到了攻击。总共从该协议中提取了约 2.8 亿美元。 Drift 目前已暂停充值和提现，并正在与证券公司、跨链桥和交易平台协调应对。什么是 Drift 协议？ Drift 是一种“交易所级”复合 DeFi 协议。它于 2021 年推出，最初是 Solana 上领先的永续协议之一，后来扩展到现货交易、借贷和更广泛的“超级协议”。 Drift 表示，2024 年该协议的 TVL 已超过 3.5 亿美元，为超过 175,000 名交易者提供服务，累计交易量超过 200 亿美元。同年 9 月，它还完成了 2500 万美元的 B 轮融资，使总资金达到 5250 万美元。在机制层面，Drift 的文档明确承认其对外部预言机账户的依赖，并描述了一系列保障措施，包括预言机有效性检查、TWAP 修剪、Pri

ce偏差带验证，并在必要时更新市场状态以限制特定行动。从历史上看，Drift 的公开叙述也强调，如果预言机价格变得“无效或被操纵”，交易所资产可能会在短时间内被耗尽，这就是为什么该协议依赖多步验证和“多波段熔断器”来争取响应时间。然而，这次攻击表明，即使协议具有相对全面的市场风险护栏，一旦攻击者能够访问或影响权限层（例如管理密钥、多重签名或风险参数的治理通道），那些护栏本身可以变成滥用工具。例如，某些阈值可能会被扭曲，或者给定资产的抵押品权重可能会被扭曲。

Edited by WuBlockchain

Around April 2, 2026, multiple on-chain monitoring accounts and media outlets reported unusual fund outflows from Drift Protocol, a Solana-based integrated derivatives and lending protocol. The project later confirmed that it was under attack. In total, about $280 million was withdrawn from the protocol. Drift has since suspended deposits and withdrawals and is coordinating with security firms, cross-chain bridges, and trading platforms in response.

What Is Drift Protocol?

Drift is a “exchange-grade” composite DeFi protocol. Launched in 2021, it began as one of the leading perpetuals protocols on Solana and later expanded into spot trading, lending, and a broader “super protocol” narrative. In 2024, Drift stated that the protocol had surpassed $350 million in TVL, served more than 175,000 traders, and generated over $20 billion in cumulative trading volume. In September of the same year, it also completed a $25 million Series B, bringing total funding to $52.5 million.

At the mechanism level, Drift’s documentation explicitly acknowledges its reliance on external oracle accounts and describes a set of safeguards including oracle validity checks, TWAP trimming, price-deviation band validation, and, when necessary, market-state updates to restrict specific actions. Historically, Drift’s public narrative also emphasized that if oracle prices became “invalid or manipulated,” exchange assets could be drained in a short period of time, which is why the protocol relied on multi-step validation and “multi-band circuit breakers” to buy time for response.

This attack, however, shows that even when a protocol has relatively comprehensive market-risk guardrails, once an attacker can access or influence the permission layer — such as admin keys, multisigs, or governance channels for risk parameters — those guardrails themselves can be turned into tools for abuse. For example, certain thresholds can be distorted, or the collateral weight of a given asset can be raised to irrational levels, allowing the system to execute asset transfers “legitimately” after the underlying rules have effectively been rewritten.

Drift Protocol Responds to $280 Million Loss: Social Engineering and a Durable Nonce-Based Attack

Drift Protocol issued a statement regarding today’s security incident, saying that a malicious actor gained unauthorized access to the protocol through a novel attack involving durable nonces, and rapidly took over the administrative authority of the Drift Security Council. Drift said the operation was highly sophisticated, appears to have been prepared over the course of several weeks, and was executed in stages, including the use of durable nonce accounts to pre-sign transactions and delay their execution.

According to Drift’s current investigation, the incident was not caused by a bug in Drift’s programs or smart contracts, nor is there any evidence that the relevant seed phrases were compromised. Drift believes the attacker obtained unauthorized or disguised transaction approvals prior to execution, with the durable nonce mechanism and sophisticated social-engineering tactics likely playing a key role. In total, approximately $280 million in assets was withdrawn from the protocol.

Drift said the attacker was able to carry out the exploit through several key steps. First, the attacker pre-positioned an access path using durable nonce accounts. They then obtained sufficient approvals from the multisig — specifically, 2 of 5 required signatures. Within minutes, they executed a malicious transfer of administrative authority, gaining protocol-level control. Finally, they used that authority to introduce a malicious asset and remove all pre-existing withdrawal limits, enabling the attack on user funds.

At present, all assets deposited into the lending module, vaults, and trading accounts have been affected. Assets that remain unaffected include DSOL that was not deposited into Drift, including assets staked to the Drift Validator, as well as insurance fund assets. Those assets will be withdrawn from the protocol and moved to a safer environment for protection.

As a precautionary measure, Drift has frozen all remaining protocol functionality and updated the multisig configuration to remove the affected wallets.

Technical Analysis: Fake CVT Token and Oracle Manipulation

According to earlier analysis by Helius developer Ichigo, the Drift Protocol incident may have involved the attacker creating a fake CVT token and manipulating the Switchboard oracle, thereby establishing the attack path. He said the attacker then used social-engineering tactics to enter the Security Council governance process and, under circumstances where multisig authority may already have been compromised, pushed for the token to be listed as a collateral asset with a high weight. The attacker reportedly minted the “fake token” weeks in advance, created a pricing anchor on Raydium using extremely low liquidity (around $500), and then repeatedly wash-traded it to generate artificial price action and trading history, paving the way for the oracle’s subsequent price record.

Immediate Market Reaction

Following the attack on Drift Protocol, its governance token DRIFT plunged by more than 40% over the past 24 hours. On major exchanges such as Binance, the annualized funding rate on DRIFT USDT-margined perpetuals has surged to the upper limit, exceeding 6,000%, with shorts paying massive subsidies to longs.

Timeline of the incident

March 23: The attacker completed the initial nonce setup. A total of four durable nonce accounts were created that day: two were associated with members of the Drift Security Council multisig, while the other two were controlled by the attacker. Drift believes this indicates that at least 2 of the 5 multisig signers had previously signed transactions related to durable nonce accounts, thereby making delayed execution possible.

March 27: As planned, Drift carried out a Security Council multisig migration following a change in Security Council membership.

March 30: New durable nonce activity appeared again. A new durable nonce account was created for one member of the updated multisig. Drift believes this suggests the attacker had once again obtained effective usable access to 2 of the 5 signers in the updated multisig.

On April 1, the attack entered the execution stage. Drift first carried out a test withdrawal transaction from the insurance fund. About one minute later, the attacker rapidly executed two pre-signed durable nonce transactions, with only four slots between them. The first transaction was used to create and approve a malicious admin transfer, while the second approved and executed that malicious transfer. At that point, the attacker formally took control of the protocol’s critical permissions.

Drift stated that the success of the attack hinged on the combination of two factors: first, the use of pre-signed durable nonce transactions, which allowed the attacker to delay execution until a future point in time; second, the compromise of approvals from multiple multisig signers, most likely through targeted social-engineering attacks or disguised transaction data.

Drift is currently working with multiple security firms to investigate the root cause of the incident. At the same time, it is coordinating with cross-chain bridges, exchanges, and law enforcement agencies to trace and freeze the stolen assets. Drift said it will release a more detailed post-mortem report in the coming days and welcomes any information that may assist the investigation.

Expert Views and Governance Reflections

Ledger CTO Charles Guillemet said the incident was not a smart-contract bug, but a long-running compromise of the multisig process. The attacker likely gained control of multisig holders’ devices or private keys and misled operators into approving malicious transactions. He said the method closely resembled last year’s Bybit incident, which was suspected to be linked to DPRK hackers. He urged the industry to improve endpoint detection and adopt hardware-backed clear-signing to mitigate operational-layer risks.

Uniswap founder Hayden Adams said bluntly that centralized projects must stop calling themselves DeFi; if admin keys can drain all funds, then in essence it is CeFi. Chaos Labs founder Omer Goldberg added that Drift’s signing keys had full control over market creation, oracle assignment, and withdrawal limits, and that there was no timelock. According to him, the attacker needed only about 10 seconds to steal the funds.

Fund Tracing and Subsequent Response

On-chain tracking shows that the suspected attacker address (HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZES) rapidly transferred and swapped funds after the attack, then bridged them to Ethereum via Wormhole. Some USDC was moved through Circle’s CCTP bridge, and Circle did not freeze the flows in time, drawing criticism from Delphi Digital co-founder Tommy Shaughnessy and on-chain investigator ZachXBT, who argued that Circle reacted too slowly despite having centralized freezing capabilities.

Drift 损失 2.85 亿美元：黑客对熊市 DeFi 造成致命打击吗？Drift Loses $285 Million: Did Hackers Deal a Fatal Blow to Bear-Market DeFi?