๐จ Cyvers Alerts ๐จ|Apr 03, 2026 09:08
$280๐ @DriftProtocol ๐ธ๐ฅ๐๐๐๐๐ก, ๐๐๐ ๐คโ๐๐ก ๐๐ก ๐๐๐๐๐๐ฆ ๐ก๐๐๐๐ ๐ข๐ ๐๐๐๐ข๐ก ๐๐๐3 ๐ ๐๐๐ข๐๐๐ก๐ฆ
This wasnโt a smart contract failure. It was a failure of trust, processes, and visibility.
๐๐ก๐ ๐ฅ๐๐ญ๐๐ฌ๐ญ ๐ฎ๐ฉ๐๐๐ญ๐๐ฌ
~48 hours later, no funds recovered.
Drift has initiated on-chain communication with attacker wallets, signaling the first attempt at negotiation.
Attribution is increasingly pointing to DPRK-linked actors, with patterns similar to previous large-scale operations.
But zoom out, and the real story is this:
This was a weeks-long, coordinated operation targeting the human layer.
Now we understand how methodical it really was:
โข March 23 โ attackers began setting up durable nonce accounts and compromised signers
โข March 27 โ adapted during multisig migration
โข March 30 โ additional signer compromise
โข April 1 โ execution triggered within minutes
The blast radius continues to grow:
โข 20+ Solana protocols impacted
โข Millions in secondary losses
โข Ongoing cross-chain laundering
This aligns with a broader trend: Access control attacks are now the dominant driver of losses in Web3
๐๐ก๐๐ญ ๐ก๐๐ฉ๐ฉ๐๐ง๐๐:
No code exploit.
โข Durable nonces enabled pre-signed transactions to execute later
โข Multisig signers were socially engineered
โข Admin control was taken, withdrawal limits removed
โข ~$280M drained in minutes
Funds werenโt hacked, control was taken.
๐ง๐ต๐ถ๐ ๐ฐ๐น๐ผ๐๐ฒ๐น๐ ๐บ๐ถ๐ฟ๐ฟ๐ผ๐ฟ๐ ๐๐ต๐ฒ ๐๐๐ฏ๐ถ๐ ๐ต๐ฎ๐ฐ๐ธ. ๐จ
In both cases: Signers unknowingly approved malicious transactions.
Funds werenโt hacked, control was taken.
๐๐ก๐ฒ ๐ญ๐ก๐ข๐ฌ ๐ฆ๐๐ญ๐ญ๐๐ซ๐ฌ:
This wasnโt just a security issue. It was a governance failure.
A critical detail: 2/5 multisig, no timelock
Thatโs not decentralization, thatโs a single point of failure.
We are seeing a clear pattern:
โข Multisig approval flows are being exploited
โข Human-layer compromise is the primary attack vector
โข Operational security is now the weakest link
Multisigs donโt fail gradually, they fail all at once.
๐๐จ๐ฐ ๐ญ๐ก๐ข๐ฌ ๐๐จ๐ฎ๐ฅ๐ ๐ก๐๐ฏ๐ ๐๐๐๐ง ๐ฉ๐ซ๐๐ฏ๐๐ง๐ญ๐๐:
This is exactly where Cyvers comes in:
โข Pre-chain Wallet Firewall- Simulates transactions before signing, detects hidden risk
โข Secure Co-Signer- AI-powered validation of intent, context, and anomalies.
Even if signers are compromised, malicious transactions are blocked.
Audits and traditional Web2 security tools wonโt stop this class of attacks.
If your security depends on humans always signing correctly, you are exposed.
The future of Web3 security is real-time, pre-transaction prevention.
๐๐ฒ๐โ๐ ๐๐ฎ๐น๐ธ ๐ฎ๐ฏ๐ผ๐๐ ๐ต๐ผ๐ ๐๐ผ ๐ฝ๐ฟ๐ผ๐๐ฒ๐ฐ๐ ๐๐ผ๐๐ฟ ๐ฝ๐ฟ๐ผ๐๐ผ๐ฐ๐ผ๐น ๐ฏ๐ฒ๐ณ๐ผ๐ฟ๐ฒ ๐๐ต๐ฒ ๐ป๐ฒ๐
๐ ๐ฎ๐๐๐ฎ๐ฐ๐ธ ๐ต๐ฎ๐ฝ๐ฝ๐ฒ๐ป๐.
#Web3Security #DeFi #Solana #Crypto #Cyvers(๐จ Cyvers Alerts ๐จ)
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink