DeFi Shock: Drift Hack Drains $280M Through Advanced Multisig Takeover

• Drift exploit exposes critical weakness in multisig governance systems today
• Hackers drain $280 million using advanced nonce transaction strategy
• Cross-chain transfers raise concerns over delayed stablecoin freeze response

A major disruption has shaken decentralized finance after a highly coordinated exploit targeted Drift, a Solana-based trading platform, resulting in losses estimated at approximately $280 million and drawing immediate attention across the crypto market due to its scale and execution method.

Durable Nonce Exploit and Multisig Access Takeover

According to Drift’s official update shared on X, the attacker carried out a carefully structured operation over several weeks, relying not on typical smart contract flaws or compromised private keys, but instead on a more advanced mechanism involving durable nonce accounts. Moreover, these nonce accounts enabled the attacker to prepare pre-signed transactions that could be executed at a later time, which ultimately allowed unauthorized access to Drift’s Security Council administrative permissions without triggering early detection systems.

Also Read: Battle of the CEOs: Avalanche CEO Takes Direct Jab at Ripple (XRP), Brad Garlinghouse Responds

Additionally, the attacker appears to have obtained multisig approvals in advance, likely through social engineering tactics or misleading transaction requests, which created the conditions necessary to bypass internal safeguards and escalate privileges within the protocol. Consequently, once control was secured, the attacker introduced a malicious asset and removed key withdrawal limits, which enabled a rapid and large-scale drain of funds across multiple components of the platform.

How Multisig Control Enabled Rapid Fund Drain

Following the takeover of administrative permissions, the attacker moved swiftly to exploit system-level access, which exposed funds held in Drift’s borrowing, lending, vault, and trading systems, thereby amplifying the overall impact of the breach within a very short period.

Besides that, reports confirmed that several major assets were affected, including SOL, USDC, wrapped Bitcoin, and liquidity pool tokens, which indicates that the attacker targeted a broad range of holdings rather than focusing on a single asset category.

Furthermore, Drift responded by freezing all remaining protocol functions immediately after detecting the exploit, while also updating its multisig configuration to remove the compromised wallet and prevent any further unauthorized actions.

Cross-Chain Movements Raise Concerns Over Response Delays

Meanwhile, blockchain investigator ZachXBT raised concerns regarding the handling of stolen funds, noting that a significant portion of the assets, particularly over $230 million in USDC, was moved across chains using Circle’s transfer infrastructure. According to ZachXBT, this movement highlighted a delay in freezing the affected funds despite a clear response window, which has intensified ongoing discussions about the role of centralized entities in managing stablecoin security.

Additionally, this situation has renewed scrutiny around coordination between platforms and issuers, as market participants continue to question whether faster intervention could have reduced the scale of losses recorded during the incident.

Drift has stated that it is actively working with exchanges, cross-chain bridges, and law enforcement agencies to trace the stolen funds and explore recovery options as the investigation continues. The incident highlights how attackers are increasingly targeting governance structures instead of code vulnerabilities, while also reinforcing the need for stronger operational safeguards across decentralized platforms.

Also Read: XRP News: Ripple Treasury Just Got a Major Upgrade – Here’s What’s New

The post DeFi Shock: Drift Hack Drains $280M Through Advanced Multisig Takeover appeared first on 36Crypto.