ทวีตที่ปักหมุด
Ember
1.2K posts
Ember
@embrron
A moment of pain is worth a lifetime of glory. Growing @pyronfi
Planet Earth เข้าร่วม Temmuz 2025
272 กำลังติดตาม507 ผู้ติดตาม
This message is not intended for residents & businesses of the UK.
Terms and conditions
avici.money/100cashbackbiz
English
Your AI tools bill this week? on us. 100% Cashback💰
On ChatGPT, Claude, and Perplexity spending with your Avici Biz card.
→ Sign up for Avici Biz
→ Get Biz card, Spend on AI tools
→ Get it all back
First come first served, ends April 10th. Full terms in the next post
Avici@AviciMoney
Avici card → spend on claude → earn claude credits back Should we ship it? show us you need it Comment “want”👇
English
@DivergSec even if that’s true, you still can’t say the drift team did what they should’ve when managing a $500M+ protocol
x.com/embrron/status…
Ember@embrron
English
10/10
We continue monitoring the 3 holding wallets and investigating remaining leads.
This is Lazarus Group's 18th crypto operation in 2026 (per Elliptic). $6.5B+ stolen lifetime. Funds go directly to weapons programs.
Full technical findings shared with the Drift team.
Investigation by @DivergSec
English
1/10
We've been investigating the @DriftProtocol exploit ($285M) since April 1.
We can confirm along with TRM Labs and Elliptic that North Korea's Lazarus Group (TraderTraitor). Same unit behind Bybit ($1.5B), Ronin ($625M). Was involved.
Here's what our independent on-chain forensics uncovered that hasn't been published.
English
Due to the Drift hack, I just made this Solana DeFi Multisig Dashboard
→ Multisig Addresses
→ Approval Threshold
→ List of Multisig Members
→ Link to Docs of each protocol
Very simple, but hopefully useful
If you want your project added DM me
🔗 solmultisig.com
English
@Justin_Bons we spent ~24h breaking down drift and turning it into a concrete solution, here’s our proposal!
would love to hear your feedback:
x.com/embrron/status…
Ember@embrron
English
The Drift hack happened because of admin keys! We have to push back as an industry against their use:
Make smart contracts unstoppable again!
It only took fooling two people through social engineering to sign a fraudulent TX
That is not DeFi! Admin keys defeat crypto's purpose
English
@therealchaseeb we spent ~24h breaking down drift and turning it into a concrete solution, here’s our proposal!
would love to hear your feedback:
x.com/embrron/status…
Ember@embrron
English
I thought we had somewhat rid ourselves of most of the worst type of people in the space as we crossed into a bear market.
But DeFi hacks and other things of this nature that involve real people and real money tend to show true colors, and it’s obvious we’ve barely matured as an industry, if at all.
Sad day for Solana but also sad day for DeFi and the space in general. This impacts everyone who has dedicated their life to building here every day.
There are obvious lessons to be learned from this. No one is immune, even if you avoided it this time. The industry is a massive target for sophisticated state actors.
Still tons of work to do to improve. Otherwise what are we even doing here?
English
@ramzyyalii we spent ~24h breaking down drift and turning it into a concrete solution, here’s our proposal!
would love to hear your feedback:
x.com/embrron/status…
Ember@embrron
English
Yesterday was profoundly unfortunate and unfair to everyone who has been affected. I would like to start off by thanking all the ecosystem participants and partners who sprung into action the moment the exploit happened. It is times like these that unfortunately do bring us all closer together and this was a prime example of how strong the Solana developer community is as well as how supportive our ecosystem of partners have become.
I want to highlight that this was a sophisticated attack and that the objective root cause is still being investigated. What I can tell you all is that Solana remains strong and many critical components of the Solana DeFi ecosystem are completely unaffected by this attack.
The Solana Foundation is working to establish support channels for teams to ensure security is robust and will be providing more information soon.
We will come out of this stronger than ever - of that I am absolutely sure.
Drift@DriftProtocol
Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers. This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution.
English
@toly we spent ~24h breaking down drift and turning it into a concrete solution and here’s our proposal!
would love to hear your feedback:
x.com/embrron/status…
Ember@embrron
English
Do it!
wavey cavey ∿@cavemanloverboy
in light of recent events, chief puppeteer @0x_febo and I wrote a solana program and a library that allow applications to BAN the use of durable nonces within their program there are two options for you to use: 1. you can use the ensure_never_nonce function from the p-never-nonce crate that we just published within your program 2. you can cpi into the p-never-nonce program that will be deployed shortly github.com/febo/pinocchio…
English
@omeragoldberg we actually spent ~24h breaking down drift and turning it into a concrete solution.
here’s our proposal, would love your feedback!
x.com/embrron/status…
Ember@embrron
English
** Correction on key compromise **
A week ago, Drift moved to a new multisig, created by a signer from the old multisig. This signer did not add themselves to the new one.
The exploiter also initiated the proposal in the old multisig to hand over admin control to this new wallet.
Of the 5 signers on the new multisig, only 1 came from the previous setup; the other 4 were brand-new.
The wallet was set with a 2/5 threshold and a 0-second timelock.
~Five hours ago, that sole carryover signer used the new multisig to propose changing Drift’s admin.
One of the new signers co-signed a second later, instantly meeting the 2/5 threshold.
With no timelock in place, the transaction was executed immediately.
** Note **
Some of the relevant Solana programs are not verified, which limits full analysis.
We're continuing to dig into the onchain data and will publish a more thorough post-mortem covering the multisig migration, Solana DeFi contagion, and vault exposure in a follow-up.
Omer Goldberg@omeragoldberg
1/ Drift's admin key was compromised. $213M+ drained from @solana's largest DEX in under 10 seconds. Unfortunately, we've seen similar patterns before: - fake collateral market - a manipulated oracle - disabled circuit breakers Let's break it down 👇 written w/ Chaos AI
English
@CryptoHayes we actually spent ~24h breaking down drift and turning it into a concrete solution.
here’s our proposal, would love your feedback!
x.com/embrron/status…
Ember@embrron
English
If Solana had native multi sig addresses, would the Drift hack even have been possible? Actually curious, not trolling.
English
@tracybbd we spent ~24h breaking down drift and turning it into a concrete solution.
here’s our proposal, would love your feedback!
x.com/embrron/status…
Ember@embrron
English
Never heard the term “grave dancing” until today.
Usually I can appreciate dark humour, but this isn’t one of those moments.
This is real loss — for all users, for the team building on us and for the team. Real people, real money.
Thinking of everyone affected. I’m here if anyone needs support but please refer to @DriftProtocol for most accurate updates
English
@PaulFrambot gm paul!
spent ~24h breaking down drift and turning it into a concrete solution.
here’s our proposal, would love your feedback!
x.com/embrron/status…
Ember@embrron
English
Many posts about the Drift founder following the hack are straight-up misogynistic. No wonder so much female talent has left for other tech sectors.
I haven't looked into the events of Drift, but Crypto's talent density is already too low, we don't need comments like that.
English
cc’ing a few folks i’d really value feedback from 👇
@squads team - @SimkinStepan @GarrettHarper_ @deni_ersht @thenouxnoux @gansersol @philjacobson
@safe team - @CSimmchen @SchorLukas @rimeissner @samlogic @rsquare @anirudh_chohan
and a couple of people whose takes i always respect: @mert @dabit3 @hosseeb
English
we found a solution!
we don’t want to see another drift, so we spent the last 24 hours Full focus turning it into a concrete proposal.
this is our proposal which defines a control framework for defi, built to reduce blast radius, add real visibility, and make failures containable.
would love to hear your thoughts!
Ember@embrron
English
Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers.
This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution.
English
@chainyoda @Blockworks @DriftProtocol 2/5 multisig for the admin key on a $500m+ protocol… that’s just a joke
Ember@embrron
@DriftProtocol tldr: we were managing a $500m+ protocol like a bunch of 4 year old kids. everything around admin key protection was wired, and you can’t seriously expect people to believe this was a 100% external attack why? 👇🏻
English
Is there a @Blockworks DeFi transparency framework that would allow users to check that @DriftProtocol had over half a billion sitting on a 2/5 multisig with no delay? DeFi’s primary value proposition is pitched as transparency by advocates who don’t use DeFi at all.
English
@cindyleowtt 2/5 multisig for the admin key on a $500m+ protocol… that’s just a joke.
Sorry but this is real:
Ember@embrron
@DriftProtocol tldr: we were managing a $500m+ protocol like a bunch of 4 year old kids. everything around admin key protection was wired, and you can’t seriously expect people to believe this was a 100% external attack why? 👇🏻
English
Today has been an extraordinarily difficult day for Drift. I’m incredibly grateful for the outpouring of support from the community.
This is a brief incident report ahead of a full postmortem in the coming days for one of the most sophisticated and novel exploits we’ve seen in crypto.
Drift has been working around the clock with partners, exchanges, and security firms to understand what happened and respond quickly.
Drift@DriftProtocol
Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers. This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution.
English
Tough day for Solana, the Drift team, and everyone affected.
~$200M stolen by attackers.
Hoping this gets contained quickly and user funds are recovered. 🙏
Stay safe ❤️
Drift@DriftProtocol
Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke. We’ll provide additional updates from this account as more information is available to share.
English