𝕋𝕖𝕞𝕞𝕪🦇🔊@Only1temmy
i can't stop thinking about the drift protocol hack.
not because of the $280m. we've seen big numbers before. i can't stop thinking about how it happened. and what it says about everything we're building.
on april 1st, while people were posting jokes, an attacker drained $280 million from drift protocol in minutes. the team had to literally tweet "this is not an april fools joke."
but this didn't start on april 1st. it started on march 23rd.
that's when the attacker created four durable nonce accounts. two tied to drift's own security council multisig members. two controlled by the attacker. quietly. no alarms. no flags.
on march 27th, drift migrated their security council due to a routine member change. by march 30th, the attacker had already compromised a signer on the new multisig too.
then on april 1st, they executed.
a test transaction first. then one minute later, two pre-signed transactions fired four slots apart. admin takeover. withdrawal limits removed. a malicious asset introduced. every vault drained. jlp. sol. btc. usdc. over 15 tokens gone.
the entire thing took minutes.
this wasn't a bug. this wasn't a smart contract exploit. this wasn't a flash loan or an oracle manipulation. drift's own report confirms it (you can check @DriftProtocol's latest to confirm). no compromised seed phrases. no code vulnerability.
this was social engineering.
the attacker got 2 out of 5 multisig signers to approve transactions they didn't fully understand. used durable nonces to pre-sign them. then waited. patiently. for over a week.
two signatures out of five. that was the security standing between users and $280 million.
two out of five.
i keep coming back to that number because this is the part that should make everyone uncomfortable. not the hack itself. the architecture that made it possible.
we've seen this before. we've seen this so many times.
bybit. $1.4 billion. the attacker compromised the signing infrastructure and tricked signers into authorizing malicious transactions. same concept. social engineering. not code.
ronin bridge. $625 million. compromised validator keys. same story.
cetus protocol. $223 million. different method but same result. hundreds of millions gone.
in 2025 alone, $3.4 billion was stolen in crypto. and the pattern is almost always the same. not brilliant code exploits. not zero-day vulnerabilities. someone was tricked. a key was exposed. a human made a mistake.
only 19% of hacked protocols even used multi-sig wallets. and the ones that did, like drift, got beaten anyway. because the weakest link was never the code. it was always the person holding the key.
now here's what makes me angry.
i've seen people dunking on solana over this. blaming svm. questioning the entire chain. the same thing happened after bybit when people started questioning evm and ethereum's security model.
this is not a solana problem. this is not an ethereum problem. this is not chain-specific at all.
drift's own report says it clearly. the programs and smart contracts worked exactly as designed. the chain did what it was supposed to do. a human was tricked into signing something they shouldn't have. that can happen on any chain. any protocol. any ecosystem.
pointing fingers at solana is a deflection. and it's net negative for the entire space because it distracts from the real conversation we need to have.
which brings me to circle.
nine days before the drift hack, circle froze 16 business wallets overnight. legitimate companies. crypto exchanges. forex platforms. payment processors. no criminal charges. a sealed civil lawsuit that nobody could even read. no advance warning. businesses woke up and couldn't process payments, couldn't settle trades, couldn't serve their customers.
zachxbt called it "potentially the single most incompetent freeze" he'd seen in over five years of investigations. one of the frozen wallets wasn't even a business. it was a dfinity bridge contract used by thousands of users who had nothing to do with the case.
then nine days later, $280 million is being drained from drift in real time. the attacker is converting stolen tokens through jupiter, bridging them to ethereum, moving funds through circle's own cross-chain transfer protocol.
and the freeze didn't come fast enough.
so circle can shut down 16 legitimate businesses overnight for a civil case. but a quarter billion being actively stolen through their own infrastructure? different speed.
i'm not saying circle is the villain here. i'm saying the system is broken in ways that should concern everyone.
now think about who's actually affected by drift.
it's not just traders. protocols are built on top of drift. neobanks integrate with defi infrastructure. real customers with no idea what a multisig even is woke up and saw they couldn't access their money. some platforms said user funds are safe. but nobody could withdraw.
your money is "safe" but you can't touch it. think about what that feels like for someone who just wanted a better savings rate.
i know what it feels like on a smaller scale. i lost $5,000 to social engineering. it's nothing compared to $280 million. but the feeling is the same. that moment when you realize the funds are gone and there's nothing you can do. it doesn't scale with the dollar amount. it's the same pit in your stomach whether it's $5k or $280m.
and here's the question i keep circling back to.
we say defi is the future. we say we're going to onboard the next billion users. we say this technology will replace traditional finance and bank the unbanked and give people financial sovereignty.
but how do we onboard millions of people into a system where a social engineering attack can drain a quarter billion dollars in minutes? where 2 out of 5 signatures is considered security for $280m? where the attacker sets up wallets two weeks early, runs a test transaction, and nobody notices? where circle can freeze legitimate businesses overnight but can't stop a live heist fast enough? where the same attack, the same playbook, the same human error keeps happening year after year after year?
ronin. bybit. cetus. now drift. same cause. different name. different chain. same result.
defi doesn't have a code problem. it has a people problem. and we keep solving for the code.
i haven't interacted with a protocol in a while. i like money. but i love safety more. and right now this space is asking me to choose between the two.
security can't keep being the last conversation. it can't keep being the thing we talk about after the hack and forget about before the next one. it has to be the first priority. not the last.
because right now we're not ready for the next billion users. we're barely keeping the ones we have safe.
