๐Ÿšจ Cyvers Alerts ๐Ÿšจ
๐Ÿšจ Cyvers Alerts ๐Ÿšจ|Apr 03, 2026 09:08
$280๐‘€ @DriftProtocol ๐ธ๐‘ฅ๐‘๐‘™๐‘œ๐‘–๐‘ก, ๐‘Ž๐‘›๐‘‘ ๐‘คโ„Ž๐‘Ž๐‘ก ๐‘–๐‘ก ๐‘Ÿ๐‘’๐‘Ž๐‘™๐‘™๐‘ฆ ๐‘ก๐‘’๐‘™๐‘™๐‘  ๐‘ข๐‘  ๐‘Ž๐‘๐‘œ๐‘ข๐‘ก ๐‘Š๐‘’๐‘3 ๐‘ ๐‘’๐‘๐‘ข๐‘Ÿ๐‘–๐‘ก๐‘ฆ This wasnโ€™t a smart contract failure. It was a failure of trust, processes, and visibility. ๐“๐ก๐ž ๐ฅ๐š๐ญ๐ž๐ฌ๐ญ ๐ฎ๐ฉ๐๐š๐ญ๐ž๐ฌ ~48 hours later, no funds recovered. Drift has initiated on-chain communication with attacker wallets, signaling the first attempt at negotiation. Attribution is increasingly pointing to DPRK-linked actors, with patterns similar to previous large-scale operations. But zoom out, and the real story is this: This was a weeks-long, coordinated operation targeting the human layer. Now we understand how methodical it really was: โ€ข March 23 โ€” attackers began setting up durable nonce accounts and compromised signers โ€ข March 27 โ€” adapted during multisig migration โ€ข March 30 โ€” additional signer compromise โ€ข April 1 โ€” execution triggered within minutes The blast radius continues to grow: โ€ข 20+ Solana protocols impacted โ€ข Millions in secondary losses โ€ข Ongoing cross-chain laundering This aligns with a broader trend: Access control attacks are now the dominant driver of losses in Web3 ๐–๐ก๐š๐ญ ๐ก๐š๐ฉ๐ฉ๐ž๐ง๐ž๐: No code exploit. โ€ข Durable nonces enabled pre-signed transactions to execute later โ€ข Multisig signers were socially engineered โ€ข Admin control was taken, withdrawal limits removed โ€ข ~$280M drained in minutes Funds werenโ€™t hacked, control was taken. ๐—ง๐—ต๐—ถ๐˜€ ๐—ฐ๐—น๐—ผ๐˜€๐—ฒ๐—น๐˜† ๐—บ๐—ถ๐—ฟ๐—ฟ๐—ผ๐—ฟ๐˜€ ๐˜๐—ต๐—ฒ ๐—•๐˜†๐—ฏ๐—ถ๐˜ ๐—ต๐—ฎ๐—ฐ๐—ธ. ๐Ÿšจ In both cases: Signers unknowingly approved malicious transactions. Funds werenโ€™t hacked, control was taken. ๐–๐ก๐ฒ ๐ญ๐ก๐ข๐ฌ ๐ฆ๐š๐ญ๐ญ๐ž๐ซ๐ฌ: This wasnโ€™t just a security issue. It was a governance failure. A critical detail: 2/5 multisig, no timelock Thatโ€™s not decentralization, thatโ€™s a single point of failure. We are seeing a clear pattern: โ€ข Multisig approval flows are being exploited โ€ข Human-layer compromise is the primary attack vector โ€ข Operational security is now the weakest link Multisigs donโ€™t fail gradually, they fail all at once. ๐‡๐จ๐ฐ ๐ญ๐ก๐ข๐ฌ ๐œ๐จ๐ฎ๐ฅ๐ ๐ก๐š๐ฏ๐ž ๐›๐ž๐ž๐ง ๐ฉ๐ซ๐ž๐ฏ๐ž๐ง๐ญ๐ž๐: This is exactly where Cyvers comes in: โ€ข Pre-chain Wallet Firewall- Simulates transactions before signing, detects hidden risk โ€ข Secure Co-Signer- AI-powered validation of intent, context, and anomalies. Even if signers are compromised, malicious transactions are blocked. Audits and traditional Web2 security tools wonโ€™t stop this class of attacks. If your security depends on humans always signing correctly, you are exposed. The future of Web3 security is real-time, pre-transaction prevention. ๐—Ÿ๐—ฒ๐˜โ€™๐˜€ ๐˜๐—ฎ๐—น๐—ธ ๐—ฎ๐—ฏ๐—ผ๐˜‚๐˜ ๐—ต๐—ผ๐˜„ ๐˜๐—ผ ๐—ฝ๐—ฟ๐—ผ๐˜๐—ฒ๐—ฐ๐˜ ๐˜†๐—ผ๐˜‚๐—ฟ ๐—ฝ๐—ฟ๐—ผ๐˜๐—ผ๐—ฐ๐—ผ๐—น ๐—ฏ๐—ฒ๐—ณ๐—ผ๐—ฟ๐—ฒ ๐˜๐—ต๐—ฒ ๐—ป๐—ฒ๐˜…๐˜ ๐—ฎ๐˜๐˜๐—ฎ๐—ฐ๐—ธ ๐—ต๐—ฎ๐—ฝ๐—ฝ๐—ฒ๐—ป๐˜€. #Web3Security #DeFi #Solana #Crypto #Cyvers(๐Ÿšจ Cyvers Alerts ๐Ÿšจ)
+4
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads