Is everyone just focused on the Strait of Hormuz or the Ukraine conflict?
Check out this link about Drift Protocol losing around 285 million dollars in a security breach that shows some serious weaknesses in DeFi governance.
How did such a major hack go unnoticed here?
Drift Security Breach 2026
16 replies 497 views
I've noticed that people have been writing about it a little, here and there, but indeed, it doesn't seem to have gotten the full attention (or maybe I've missed it).
On the other hand, imho it's "just another altcoin hack" (although probably I should not think so lightly about it, since it's a shitload of money we're talking about).
Social engineering hacks aren't really Bitcoin hacks in my opinion. That is probably why the community doesn't seem to care. You do make a good point that the government employees put in charge of things like this don't have real experience and are prone to making stupid decisions they aren't aware of the consequences. God forbid anyone in any industry or government actually hire a consultant with experience to keep them from losing hundreds of millions of dollars by being stupid...
An Api call, a cloaked one too.
Although social engineering was here to blame to get the 3 signatures.
just_bridgeSenior Member
Posts: 160 · Reputation: 1146
#5May 25, 2025, 12:43 PM
These things don't take time. I am surprised that it happened all under 15 minutes. In reality the systems that are going to always be vulnerable are those whose administrators sacrifice advanced security protocols to so as to save money for the organization. I am speaking generally as I do not know if that was the situation in this instance.
Companies as well as individuals should pay more attention to their security online and offline.
I sure know that the hackers will be caught but now they'll spend more money on getting them caught which is what they should have done to secure their systems.
I mean, I don't think it will take that long to process queries to begin with, or do you think the 15 minutes refers to their social engineering efforts and whatnot? I don't get that impression from reading the article. How would they even track that if that's what they're referring to? I always assume this timing is taken from the first time the attacker gains access to the system, not prior to that.
The 12 minutes refer to the event of downloading.
This topic belong to the altsection. I have ever mentioned it, but it seemed none interested in it. So yeah i give you an update if Tether is raising 150m to help drift protocol for the recovery purpose. As i know tether alone contributed 125m, while the rest raised from different entities.
However, there is no free lunch here. Tether push Drift to stop use USDC, but replace it with the USDT. So it's a win win solution for all of parties here.
According the sources I read this news from, this was a carefully planned and primed operation by the hackers who showed up in person and convinced security council members to sign transfers, used fake asset and then withdrew all the funds of about $285millionin real estate without triggering any alarms.
This was a long planned operation that people even thought it was an April's fools prank until it became clearly evident.
This hack has definitely changed a lot in the system of things mostly as it regards how Solana based protocols manage their admin permissions.
Visit link for better read:
https://thehackernews.com/2026/04/drift-loses-285-million-in-durable.html?hl=en-US
These days it appears that you need to be talking about billions before it'll make it into the news and we are heading into the world of trillionaires right now. Any time there is a big news event (like the war against Iran) it actually makes perfect sense for hackers to break in because it gets lost in all the other noise and potentially the consequences are not as serious. If you imagine there are nation states like North Korea which have armies of workers trying to break in at all times, it is actually industrial scale attacks of all kinds taking place each day and crypto is the perfect currency for them to target. They can sit on it and sell it off via so many different methods, because it is such convenient liquid cash.
It seem strange that such a huge story was not echoed in the news and on social media.... 285m is no joke.
Again it only goes to show that no matter how powerful you are, how rich you are, how influencial you are, you can still be scammed out of your money. Everyone is only human and DeFi is still a toddler that has barely learned how to walk on it's own. Obviously scammers target the humans using DeFi. There are many attack vectors which have been proven to be very effective.
I noticed it was reported on the other forum bro, but I did not know it had not been discussed here. But that does not make a huge difference because most of us already know that, but thanks for sharing it here. I was also shocked to hear about the hack, as I was hoping it was an April Fool's joke, but they said it was not.
The hack was so big, and if I am not wrong, it was the biggest one since the start of 2026. The time they took to move the funds was something I was not aware of, and that's really amazing too haha, to see that hackers could hack, move, and do whatever they wanted in just 15 minutes.
While that big amount would easily be suspended if it was moved through banks haha.
That sounds really bad for the firm losing such huge amount of money over fraudulent.
It is also surprising how this hacker invaded the wallet and managed to gain access of executing transactions in the wallet.
I am also wondering how the scammer could use exploit just 2 multisig out of 5 to in the wallet and still gained access.
Perhaps due to the security signatures of multisig, 3/5 is what I expected should give access to the wallet.
Well... I assume a very high sophisticated software like that.
The bitcointalk as a just discussion forum does not automatically keep Bitcoin or crypto scamming news on track, we the members are still the ones to keep it updated like you just did.
It's the side effect of getting too much hack in these past few months, these news don't make a shocking effect when you got a routine update about how a protocol somewhere in crypto land are getting their funds stolen.
Every week you got news about hacking, a week before the drift protocol exploit we are getting unlimited token minting exploit in resolv protocol resulting 25M loss.
Their biggest mistake was not enforcing timelock.
Yet another high-tech mystery-something thats becoming all too common. And once again, we see one of the fundamental problems with any decentralized system featuring fully automated workflows: the inability to intervene in a process that goes beyond legal boundaries.
Something tells me that this problem will remain, if not eternal, then close to it, since its practically impossible to reduce errors and omissions in the code of such systems to zero-especially if that code is written by those who plan to use it for their own gain.
This relates to the scandal about multiple instances of North Korean developers being hired for major crypto projects.
P.S. Ill share my opinion-the story about North Korean hackers seems like a fairy tale designed to cover up the work of representatives from a completely different country. The bottom line is this: North Korea is being turned into yet another scare story, and such crimes are being pinned on it with impunity, while someone else sits back and enjoys the fruits of the labor, with all the blame being laid on someone else entirely
Multi Signatures are to blame in this case.
How to prevent those hackers getting 3 signatures is tough that a multi signature procedure can go ahead with just 3 is also a little wahnsinnig. (Crazy)
We fully understand that simply obtaining the right to three signatures is no trivial task. Most likely, they worked purposefully using social engineering techniques. By the way, I know that many people dont use antivirus software, dont set up secure network access, and use project-related laptops or workstations for daily activities like gaming, web browsing, and other risky pastimes.
Related topics
- The Hidden Costs of 'Free' AI on Security 19
- The Gig Economy: We Overlooked What Real Security Costs 19
- US wants resources like oil and is making strategic moves 19
- Russia is definitely trading long-term growth for an extended conflict 19
- UK trained tons of doctors, then said no jobs available 19
- Indonesia's Plan for Rupiah Redenomination 2