The Drift Protocol Hack: How Privileged Access Led to a $285 Million Loss

On 1 April 2026 Drift Protocol on Solana was compromised and approximately $285 million (over 50% TVL) was drained after attackers used months-long social engineering to obtain pre-signed 'durable nonce' admin transactions, then whitelisted and deposited a fake token (CVT) as collateral to withdraw real assets; on-chain signals point to likely DPRK-linked actors and the exploit caused cascading disruption across at least 20 other protocols. The report emphasizes the sophistication and operational coordination of the attack and recommends real-time, intent-based pre-execution controls to prevent similar incidents.