285m Human Error: Solana-Based Drift Protocol
285m Human Error: Solana-Based Drift Protocol
A recent exploit on the Solana-based Drift Protocol has resulted in a loss of nearly $300 million, with the primary keyword 285m human error solanabased drift being a major concern in the crypto space.
Solana-Based Drift Protocol Exploit
The exploit, which occurred on April Fool's Day, was a highly sophisticated operation that involved a novel attack using durable nonces, resulting in a rapid takeover of Drift's Security Council administrative powers. The attack lasted less than 20 minutes and stole around $285 million in multiple assets, including USDC, JPL, USDT, JUP, USDS, WBTC, and WETH, from nearly 20 vaults.
Attack Details
- The exploiter swapped $270.9 million into USDC, bridged them from Solana to Ethereum via the CCTP TokenMessengerMinterV2, and purchased 129,000 ETH, splitting them across multiple wallets.
- The attack wiped out half of the Solana-based project's total value locked (TVL), which fell from roughly $550 million to $252 million, per DeFiLlama data.
Human Error and Social Engineering
The Solana-based DEX emphasized that the exploit was not the result of a bug in Drift's programs or smart contracts, but rather a result of human error and social engineering. The project noted that the attack involved unauthorized or misrepresented transaction approvals obtained prior to execution, likely facilitated through durable nonce mechanisms and sophisticated social engineering.
Expert Insights
Lily Liu, President of the Solana Foundation, addressed the incident, stating that it is a blow to the whole Solana ecosystem. Liu pointed out that smart contracts held up, but the real targets now are humans: social engineering and opsec weaknesses more than code exploits.
Key Takeaways
- The Solana-based Drift Protocol exploit resulted in a loss of nearly $300 million.
- The attack was a highly sophisticated operation that involved a novel attack using durable nonces.
- Human error and social engineering were the primary causes of the exploit.
- The incident highlights the growing threat of human-targeted attacks in the crypto space.
Frequently Asked Questions
What was the cause of the Solana-based Drift Protocol exploit?
The exploit was caused by human error and social engineering, rather than a bug in Drift's programs or smart contracts.
How much was stolen in the exploit?
Approximately $285 million was stolen in the exploit, which lasted less than 20 minutes.
