DarkenBiz
Established Member
- Impact
- 8
On April 1st, the crypto market was rocked by the news that the Solana-based DeFi platform Drift Protocol had been hacked. Losses are estimated between $130 million and more than $280 million 
, and deposits and withdrawals were immediately frozen 
.
The key is that this wasn't a classic hack.
No code was hacked
No private keys were stolen
Hackers exploited the Solana network's "durable nonce" ⚙: they prepared transactions in advance, obtained signatures, and then executed them later. As a result, they gained control of the protocol's governance (Security Council) and, in effect, administrative access
.
Following this, a rapid withdrawal of funds began, affecting staking, lending, and trading accounts
. One of the largest tranches amounted to approximately $155 million. The stolen assets were first converted into USDC, then transferred to Ethereum and distributed across wallets 
to make tracking more difficult.
The perpetrators have not been officially named, but analysts link the attack to North Korean hacker groups
, including Lazarus, based on their characteristic patterns of activity.
Why this is important: we are witnessing a new type of attack that breaks not the code, but the processes and trust within the system ⚠. This once again demonstrates that DeFi remains a high-risk area, and social engineering is becoming one of the main tools of hackers
.
The conclusion is simple: the hackers didn't hack the system – they bypassed its rules. And that's much more dangerous.
, and deposits and withdrawals were immediately frozen .The key is that this wasn't a classic hack.
No code was hacked No private keys were stolenHackers exploited the Solana network's "durable nonce" ⚙: they prepared transactions in advance, obtained signatures, and then executed them later. As a result, they gained control of the protocol's governance (Security Council) and, in effect, administrative access
.Following this, a rapid withdrawal of funds began, affecting staking, lending, and trading accounts
. One of the largest tranches amounted to approximately $155 million. The stolen assets were first converted into USDC, then transferred to Ethereum and distributed across wallets to make tracking more difficult.The perpetrators have not been officially named, but analysts link the attack to North Korean hacker groups
, including Lazarus, based on their characteristic patterns of activity.Why this is important: we are witnessing a new type of attack that breaks not the code, but the processes and trust within the system ⚠. This once again demonstrates that DeFi remains a high-risk area, and social engineering is becoming one of the main tools of hackers
.The conclusion is simple: the hackers didn't hack the system – they bypassed its rules. And that's much more dangerous.
