Ember

1.2K posts

Ember banner
Ember

Ember

@embrron

A moment of pain is worth a lifetime of glory. Growing @pyronfi

Planet Earth 가입일 Temmuz 2025
272 팔로잉507 팔로워
Diverg
Diverg@DivergSec·
10/10 We continue monitoring the 3 holding wallets and investigating remaining leads. This is Lazarus Group's 18th crypto operation in 2026 (per Elliptic). $6.5B+ stolen lifetime. Funds go directly to weapons programs. Full technical findings shared with the Drift team. Investigation by @DivergSec
English
3
4
40
5.8K
Diverg
Diverg@DivergSec·
1/10 We've been investigating the @DriftProtocol exploit ($285M) since April 1. We can confirm along with TRM Labs and Elliptic that North Korea's Lazarus Group (TraderTraitor). Same unit behind Bybit ($1.5B), Ronin ($625M). Was involved. Here's what our independent on-chain forensics uncovered that hasn't been published.
English
37
42
303
96.9K
gum
gum@gumsays·
Due to the Drift hack, I just made this Solana DeFi Multisig Dashboard → Multisig Addresses → Approval Threshold → List of Multisig Members → Link to Docs of each protocol Very simple, but hopefully useful If you want your project added DM me 🔗 solmultisig.com
English
95
69
520
114.3K
Justin Bons
Justin Bons@Justin_Bons·
The Drift hack happened because of admin keys! We have to push back as an industry against their use: Make smart contracts unstoppable again! It only took fooling two people through social engineering to sign a fraudulent TX That is not DeFi! Admin keys defeat crypto's purpose
English
46
9
148
12.7K
chase
chase@therealchaseeb·
I thought we had somewhat rid ourselves of most of the worst type of people in the space as we crossed into a bear market. But DeFi hacks and other things of this nature that involve real people and real money tend to show true colors, and it’s obvious we’ve barely matured as an industry, if at all. Sad day for Solana but also sad day for DeFi and the space in general. This impacts everyone who has dedicated their life to building here every day. There are obvious lessons to be learned from this. No one is immune, even if you avoided it this time. The industry is a massive target for sophisticated state actors. Still tons of work to do to improve. Otherwise what are we even doing here?
English
31
3
104
4.3K
Ramzy
Ramzy@ramzyyalii·
Yesterday was profoundly unfortunate and unfair to everyone who has been affected. I would like to start off by thanking all the ecosystem participants and partners who sprung into action the moment the exploit happened. It is times like these that unfortunately do bring us all closer together and this was a prime example of how strong the Solana developer community is as well as how supportive our ecosystem of partners have become. I want to highlight that this was a sophisticated attack and that the objective root cause is still being investigated. What I can tell you all is that Solana remains strong and many critical components of the Solana DeFi ecosystem are completely unaffected by this attack. The Solana Foundation is working to establish support channels for teams to ensure security is robust and will be providing more information soon. We will come out of this stronger than ever - of that I am absolutely sure.
Drift@DriftProtocol

Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers. This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution.

English
18
27
244
24.2K
toly 🇺🇸
toly 🇺🇸@toly·
Do it!
wavey cavey ∿@cavemanloverboy

in light of recent events, chief puppeteer @0x_febo and I wrote a solana program and a library that allow applications to BAN the use of durable nonces within their program there are two options for you to use: 1. you can use the ensure_never_nonce function from the p-never-nonce crate that we just published within your program 2. you can cpi into the p-never-nonce program that will be deployed shortly github.com/febo/pinocchio…

English
28
2
94
15.7K
Omer Goldberg
Omer Goldberg@omeragoldberg·
** Correction on key compromise ** A week ago, Drift moved to a new multisig, created by a signer from the old multisig. This signer did not add themselves to the new one. The exploiter also initiated the proposal in the old multisig to hand over admin control to this new wallet. Of the 5 signers on the new multisig, only 1 came from the previous setup; the other 4 were brand-new. The wallet was set with a 2/5 threshold and a 0-second timelock. ~Five hours ago, that sole carryover signer used the new multisig to propose changing Drift’s admin. One of the new signers co-signed a second later, instantly meeting the 2/5 threshold. With no timelock in place, the transaction was executed immediately. ** Note ** Some of the relevant Solana programs are not verified, which limits full analysis. We're continuing to dig into the onchain data and will publish a more thorough post-mortem covering the multisig migration, Solana DeFi contagion, and vault exposure in a follow-up.
Omer Goldberg@omeragoldberg

1/ Drift's admin key was compromised. $213M+ drained from @solana's largest DEX in under 10 seconds. Unfortunately, we've seen similar patterns before: - fake collateral market - a manipulated oracle - disabled circuit breakers Let's break it down 👇 written w/ Chaos AI

English
27
27
259
166.4K
Arthur Hayes
Arthur Hayes@CryptoHayes·
If Solana had native multi sig addresses, would the Drift hack even have been possible? Actually curious, not trolling.
English
164
23
560
127K
Tracy | drift
Tracy | drift@tracybbd·
Never heard the term “grave dancing” until today. 
Usually I can appreciate dark humour, but this isn’t one of those moments. This is real loss — for all users, for the team building on us and for the team. Real people, real money. Thinking of everyone affected. I’m here if anyone needs support but please refer to @DriftProtocol for most accurate updates
English
55
8
228
21K
Paul Frambot 🦋
Paul Frambot 🦋@PaulFrambot·
Many posts about the Drift founder following the hack are straight-up misogynistic. No wonder so much female talent has left for other tech sectors. I haven't looked into the events of Drift, but Crypto's talent density is already too low, we don't need comments like that.
English
40
44
489
28.6K
Ember
Ember@embrron·
we found a solution! we don’t want to see another drift, so we spent the last 24 hours Full focus turning it into a concrete proposal. this is our proposal which defines a control framework for defi, built to reduce blast radius, add real visibility, and make failures containable. would love to hear your thoughts!
Ember@embrron

x.com/i/article/2039…

English
1
0
3
259
Olivier
Olivier@ODesenfans·
Really sorry for those impacted by the Drift hack, but a 2/5 multisig for a security council is absolute madness
English
1
0
12
3.9K
Drift
Drift@DriftProtocol·
Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers. This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution.
English
385
238
1.4K
1.4M
Ember
Ember@embrron·
@chainyoda @Blockworks @DriftProtocol 2/5 multisig for the admin key on a $500m+ protocol… that’s just a joke
Ember@embrron

@DriftProtocol tldr: we were managing a $500m+ protocol like a bunch of 4 year old kids. everything around admin key protection was wired, and you can’t seriously expect people to believe this was a 100% external attack why? 👇🏻

English
0
0
1
226
chainyoda
chainyoda@chainyoda·
Is there a @Blockworks DeFi transparency framework that would allow users to check that @DriftProtocol had over half a billion sitting on a 2/5 multisig with no delay? DeFi’s primary value proposition is pitched as transparency by advocates who don’t use DeFi at all.
English
18
5
69
14.6K
Ember
Ember@embrron·
@cindyleowtt 2/5 multisig for the admin key on a $500m+ protocol… that’s just a joke. Sorry but this is real:
Ember@embrron

@DriftProtocol tldr: we were managing a $500m+ protocol like a bunch of 4 year old kids. everything around admin key protection was wired, and you can’t seriously expect people to believe this was a 100% external attack why? 👇🏻

English
0
0
10
1.2K
cindy
cindy@cindyleowtt·
Today has been an extraordinarily difficult day for Drift. I’m incredibly grateful for the outpouring of support from the community. This is a brief incident report ahead of a full postmortem in the coming days for one of the most sophisticated and novel exploits we’ve seen in crypto. Drift has been working around the clock with partners, exchanges, and security firms to understand what happened and respond quickly.
Drift@DriftProtocol

Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers. This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution.

English
154
23
593
95.3K
Marino
Marino@marinonchain·
Tough day for Solana, the Drift team, and everyone affected. ~$200M stolen by attackers. Hoping this gets contained quickly and user funds are recovered. 🙏 Stay safe ❤️
Drift@DriftProtocol

Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke. We’ll provide additional updates from this account as more information is available to share.

English
8
0
54
3.9K

탐색

@Avicibiz @DivergSec @DriftProtocol @gumsays @Justin_Bons @therealchaseeb @ramzyyalii @toly