taniki

コレ地味に危なかったな 結構手をつけてる未来多かった気がする

🚨 DeFiにとって最悪の月。過去30日で25のプロトコルがハッキングされ、被害総額は約1,000億円。 KelpDAO — 2億9,300万ドル Drift — 2億8,500万ドル Rhea Lend — 1,840万ドル Grinex — 1,500万ドル Volo Vault — 350万ドル Hyperbridge — 250万ドル BSC TMM/USDT — 166万5,000ドル Giddy — 130万ドル Purrlend — 150万ドル Aftermath Finance — 114万ドル LML/USDT Staking — 95万ドル Aethir — 42万3,000ドル Singularity Finance — 41万3,000ドル Dango — 41万ドル Silo V2 — 39万2,000ドル ZetaChain — 30万ドル Judao — 22万8,000ドル Scallop Lend — 15万ドル Zerion Wallet — 10万ドル Kipseli — 8万ドル MONA — 6万950ドル SubQuery Network — 6万ドル Juicebox V3 — 5万2,000ドル Thetanuts Finance — 5万ドル

分散型とは一体なんだったのか

まさかの、tetherか。 朗報とはいえ、まだ全然帰ってくるきせんな

When the industry faces challenges, Tether steps up. 🛡️ We are leading an up to $150M recovery plan alongside the @SolanaFndn to support user recovery and safely relaunch @DriftProtocol Watch the video to see how we're protecting the community and expanding $USDT on Solana. 👇

Today, Drift is announcing a collaboration with @tether and other partners totaling up to nearly $150 million to support our commitment to a relaunch with USDT at the center, and a path to user recovery. These funds encompass a $100M revenue-linked credit facility, an ecosystem grant, and loans to market makers, designed to fund a dedicated user recovery pool. Learn more 👇

drift、関連プロダクトが発信してるのにしら切り続けてる。 今後誰もdefi触りたくなるなるで。

ワロタ

大いなる発展に伴い淘汰される物が多いよなあ。 クリプトも躓くよねえ。

Stop virtue signaling you conveniently left out the fact that you had a DPRK IT worker on payroll at Elemental for years. Name: Keisuke Watanabe X: kasky53 GitHub alias: keisukew53, kdevdivvy, kasky53, 0xWoo Email: keisukew53@gmail[.]com Related addresses: JBxidGWnhtPTGg8xw7sFT9tF4cfGtHnjYNp5GDJvGveh 8mdfRML7z3s8gqDYd72bywcEgQtcvkoJCw2bukv8X71R BjGhtq5Vh9Lv1xxBJ6pZKx3ZCmsEHPVoWNZZGdHkVQ4p DybGDChJMvX9Jnza4XTQVDyUGZ6jYrRg9Q3CdLiEJeh2 0x1b89aecc0f8c128150db67d7d0c4b1daeb43eda4 0x3b6cdb27d54c5773893be72973eacc8681fa21ff 0x161dea4d7ac627f2bc4358dfece386c0e9f4cc8f

Zach, I am not trying to virtue signal anything. I am saying that when people make mistakes (especially of this order of magnitude) they should at minimum apologize and take accountability for it. From the moment we found out about the Drift exploit, we communicated what we could and I answered questions from sad people, angry people, rationale people, irrational people. I didn’t want to do that; nobody wants to face an angry mob. But I did it because I knew it was the minimum that I should do. And yes, Elemental unfortunately had worked with Keisuke (or whatever his true name is) some time ago before eventually discovering he wasn’t who he claimed to be. But as you can see, even with that history, users never had to wake up to seeing losses on their account until this Drift incident. Maybe because we kept stuff isolated? Maybe it was pure dumb luck? I don’t discount that our favorable outcome took some stars aligning. I count my blessings all the time. But you can be damn sure that I would at minimum faced my users and kept them updated on whatever was going on and whatever we were going to do, accepting full accountability. I don’t think the crypto world is going to get safer. In fact, I think it’s going to get even more dangerous. As numbers climb higher, more elaborate schemes are going to get hatched. Nations have spies planted literally for entire lives. If billions and trillions are at stake, that’s going to be the likely direction. But we should at least have the humility to own up and apologize when we done messed up.

このレベルの方がこの見解なら結構その線あるのか。 学びももっとせなですね。

driftハッカーすごいって見かけるけど、なんでハックされたら全部ブッコ抜かれるようなPCで諸々作業してたん？って感想なんだが。

Great PR from Drift to make it sound complicated Reality is those dudes been asleep at the wheel since the first time they got rekt in 2022 They were spending $100k a month on security and $500k on infra btw

メンタル折れはしてないけど、流石にdriftの動向追ってしまう週末だったな。 二転三転して結局nkのhackerか。。 後は誠意にお祈りタイムすかね。

i can't stop thinking about the drift protocol hack. not because of the $280m. we've seen big numbers before. i can't stop thinking about how it happened. and what it says about everything we're building. on april 1st, while people were posting jokes, an attacker drained $280 million from drift protocol in minutes. the team had to literally tweet "this is not an april fools joke." but this didn't start on april 1st. it started on march 23rd. that's when the attacker created four durable nonce accounts. two tied to drift's own security council multisig members. two controlled by the attacker. quietly. no alarms. no flags. on march 27th, drift migrated their security council due to a routine member change. by march 30th, the attacker had already compromised a signer on the new multisig too. then on april 1st, they executed. a test transaction first. then one minute later, two pre-signed transactions fired four slots apart. admin takeover. withdrawal limits removed. a malicious asset introduced. every vault drained. jlp. sol. btc. usdc. over 15 tokens gone. the entire thing took minutes. this wasn't a bug. this wasn't a smart contract exploit. this wasn't a flash loan or an oracle manipulation. drift's own report confirms it (you can check @DriftProtocol's latest to confirm). no compromised seed phrases. no code vulnerability. this was social engineering. the attacker got 2 out of 5 multisig signers to approve transactions they didn't fully understand. used durable nonces to pre-sign them. then waited. patiently. for over a week. two signatures out of five. that was the security standing between users and $280 million. two out of five. i keep coming back to that number because this is the part that should make everyone uncomfortable. not the hack itself. the architecture that made it possible. we've seen this before. we've seen this so many times. bybit. $1.4 billion. the attacker compromised the signing infrastructure and tricked signers into authorizing malicious transactions. same concept. social engineering. not code. ronin bridge. $625 million. compromised validator keys. same story. cetus protocol. $223 million. different method but same result. hundreds of millions gone. in 2025 alone, $3.4 billion was stolen in crypto. and the pattern is almost always the same. not brilliant code exploits. not zero-day vulnerabilities. someone was tricked. a key was exposed. a human made a mistake. only 19% of hacked protocols even used multi-sig wallets. and the ones that did, like drift, got beaten anyway. because the weakest link was never the code. it was always the person holding the key. now here's what makes me angry. i've seen people dunking on solana over this. blaming svm. questioning the entire chain. the same thing happened after bybit when people started questioning evm and ethereum's security model. this is not a solana problem. this is not an ethereum problem. this is not chain-specific at all. drift's own report says it clearly. the programs and smart contracts worked exactly as designed. the chain did what it was supposed to do. a human was tricked into signing something they shouldn't have. that can happen on any chain. any protocol. any ecosystem. pointing fingers at solana is a deflection. and it's net negative for the entire space because it distracts from the real conversation we need to have. which brings me to circle. nine days before the drift hack, circle froze 16 business wallets overnight. legitimate companies. crypto exchanges. forex platforms. payment processors. no criminal charges. a sealed civil lawsuit that nobody could even read. no advance warning. businesses woke up and couldn't process payments, couldn't settle trades, couldn't serve their customers. zachxbt called it "potentially the single most incompetent freeze" he'd seen in over five years of investigations. one of the frozen wallets wasn't even a business. it was a dfinity bridge contract used by thousands of users who had nothing to do with the case. then nine days later, $280 million is being drained from drift in real time. the attacker is converting stolen tokens through jupiter, bridging them to ethereum, moving funds through circle's own cross-chain transfer protocol. and the freeze didn't come fast enough. so circle can shut down 16 legitimate businesses overnight for a civil case. but a quarter billion being actively stolen through their own infrastructure? different speed. i'm not saying circle is the villain here. i'm saying the system is broken in ways that should concern everyone. now think about who's actually affected by drift. it's not just traders. protocols are built on top of drift. neobanks integrate with defi infrastructure. real customers with no idea what a multisig even is woke up and saw they couldn't access their money. some platforms said user funds are safe. but nobody could withdraw. your money is "safe" but you can't touch it. think about what that feels like for someone who just wanted a better savings rate. i know what it feels like on a smaller scale. i lost $5,000 to social engineering. it's nothing compared to $280 million. but the feeling is the same. that moment when you realize the funds are gone and there's nothing you can do. it doesn't scale with the dollar amount. it's the same pit in your stomach whether it's $5k or $280m. and here's the question i keep circling back to. we say defi is the future. we say we're going to onboard the next billion users. we say this technology will replace traditional finance and bank the unbanked and give people financial sovereignty. but how do we onboard millions of people into a system where a social engineering attack can drain a quarter billion dollars in minutes? where 2 out of 5 signatures is considered security for $280m? where the attacker sets up wallets two weeks early, runs a test transaction, and nobody notices? where circle can freeze legitimate businesses overnight but can't stop a live heist fast enough? where the same attack, the same playbook, the same human error keeps happening year after year after year? ronin. bybit. cetus. now drift. same cause. different name. different chain. same result. defi doesn't have a code problem. it has a people problem. and we keep solving for the code. i haven't interacted with a protocol in a while. i like money. but i love safety more. and right now this space is asking me to choose between the two. security can't keep being the last conversation. it can't keep being the thing we talk about after the hack and forget about before the next one. it has to be the first priority. not the last. because right now we're not ready for the next billion users. we're barely keeping the ones we have safe.

退場するわけではないけど、これは何もやる気せんな 葬式終わってひと段落した日になんてことしやがるんだ

あー、これdriftで25000ドル持ってかれたか？税金払えるけど、これは勘弁してくれよ、、

Limbo starts now See you at TGE March 23