How a $500 fake token drained $285 million from Drift Protocol

On April 1, 2026 at 4:05 PM UTC, two transactions appeared on Solana. The first transferred admin authority over Drift Protocol — the largest perpetual futures exchange on the chain — to an address that had been created one day earlier. The second listed a token nobody had heard of as collateral and raised every withdrawal safety limit to infinity.

Ten seconds later, 31 withdrawal transactions drained $285 million from three protocol vaults. The largest DeFi hack of 2026 was over before anyone at Drift knew it had started.

We forensically reconstructed the entire attack from on-chain data. Every address, every transaction, every fund movement. This is what we found.

The con

It started six months earlier, at a crypto conference in the fall of 2025. Attendees from what appeared to be a legitimate quantitative trading firm approached several Drift Protocol contributors. They were professional, knowledgeable, and patient.

Over the following months, they built relationships that looked like real business. They created a Telegram group. They discussed trading strategies. They conducted working sessions across multiple countries. They onboarded an Ecosystem Vault with over $1 million in real capital. To everyone involved, this was a normal institutional partnership.

It was not. Multiple independent security firms — TRM Labs and Elliptic — would later attribute the operation to North Korea's Lazarus Group, the same state-sponsored unit behind the $1.4 billion Bybit hack, the $625 million Ronin Bridge exploit, and the Radiant Capital breach. Elliptic identified it as the 18th DPRK-attributed crypto operation in 2026.

After months of trust-building, the attackers delivered malware through two vectors. A Drift contributor cloned what appeared to be a normal code repository. It exploited a known vulnerability in VSCode/Cursor — likely a crafted configuration file that executed code the moment the project was opened. A second contributor downloaded a TestFlight app presented as the trading firm's proprietary wallet product. It contained a payload that compromised their machine.

Neither contributor's seed phrases were stolen. Both used hardware wallets. But the attacker didn't need seed phrases. They needed something more subtle: the ability to get two people to sign a transaction they couldn't fully read.

The feature that made it possible

Normal Solana transactions expire in about 60 seconds. If you sign one and nobody submits it in time, it becomes invalid. This is a safety feature — it limits the window in which a signed transaction can be used.

But Solana also has a feature called durable nonces. They replace the expiring blockhash with a fixed code stored on-chain, making a signed transaction valid forever. The intended use case is offline signing and institutional custody. The unintended consequence is that an attacker who obtains two signatures can hold those signatures indefinitely and submit the transaction at the perfect moment.

On February 22, 2025— over thirteen months before the Drift exploit — OtterSec published a paper titled “Solana Multisig Security” that described this exact risk:

By signing durable nonce transactions, an attacker could collect signatures and replay them at some indeterminate future point. This problem is very hard to solve with durable nonces.

— OtterSec, February 2025

The warning was public and specific. The tooling to surface this risk to multisig signers did not exist.

The setup

On March 11, the attacker withdrew 10 ETH from Tornado Cash on Ethereum. The funds moved at midnight UTC — 9:00 AM in Pyongyang. This timezone alignment would repeat throughout the operation.

The next day, they deployed CarbonVote Token on Solana. A completely fabricated token with zero intrinsic value. They minted 750 million units, seeded a Raydium liquidity pool with approximately $500, and spent the next ten days wash-trading against themselves to build an artificial price history near $1 on DexScreener. They assigned an attacker-controlled Switchboard oracle feed that would report whatever price they chose.

Meanwhile, on-chain, durable nonce accounts began appearing. Four total — two tied to compromised Security Council members, two to attacker-controlled addresses. Pre-signed transactions were assembled and held, waiting.

On March 24, the primary attacker wallet was funded with a single SOL via NEAR Intents, a cross-chain messaging layer that made the funding origin deliberately hard to trace.

On March 27, Drift executed a planned Security Council migration, swapping out a member. The new configuration used a 2-of-5 threshold with zero timelock. Only two signatures needed for any action. Instant execution upon reaching threshold. No delay for other signers to notice and veto.

The attacker adapted within three days. By March 30, a new durable nonce account appeared tied to a member of the updatedmultisig. They had compromised at least three individuals — enough to maintain two-out-of-five access even across the rotation.

Thirty seconds

On April 1 at 4:05 PM UTC, the pre-signed durable nonce transaction was submitted.

Transaction 1 — 16:05:19 UTC

Three instructions. The first advanced the durable nonce, making the pre-signed transaction live. The second approved the proposal through the Squads multisig, meeting the 2/5 threshold. The third executed a CPI call into Drift's program:

Drift's admin authority was transferred to the attacker. 69,273 compute units. 5,000 lamports in fees. Less than a penny to take over a $550 million protocol.

Transaction 2 — 16:05:39 UTC (20 seconds later)

Now signing as the new admin, the attacker executed six instructions in a single transaction. The first listed CarbonVote Token as Drift Spot Market 63. The remaining five raised withdrawal guard thresholds across major asset markets:

Withdrawal safety limits set to roughly $500 trillion. The protocol would now approve any withdrawal of any size without triggering a safety pause.

The drain — 16:06:09 to 16:06:19 UTC

The attacker deposited approximately 785 million CVT as collateral. The manipulated Switchboard oracle valued this at hundreds of millions of dollars. With collateral weights at maximum and withdrawal guards at infinity, the protocol treated it as real margin.

31 withdrawal transactions in approximately ten seconds:

Drift's TVL dropped from $309 million to $24 million.

Following the money

The laundering operation was fast, multi-chain, and methodical.

On the Solana side, all stolen tokens were swapped to USDC via Jupiter, Raydium, Orca, and Meteora within about two hours. $270.9 million consolidated into a single stablecoin.

Then the attacker did something remarkable. Over the next six hours — all during US business hours — they bridged $232 million in USDCfrom Solana to Ethereum via Circle's own Cross-Chain Transfer Protocol. More than a hundred transactions. Circle's infrastructure burning USDC on one chain and minting it on another, transaction after transaction, for six hours straight.

Circle did not intervene.

On the Ethereum side, USDC was swapped to ETH on DEXs. The accumulation was rapid:

By 5:49 PM UTC: 19,913 ETH at a single address. By 6:17 PM: 38,820 ETH across multiple wallets. By end of day: approximately 129,066 ETH — roughly $267 million— distributed across five or more wallets. Additional funds moved through HyperLiquid, Binance, and ChainFlip.

Two days later, Drift sent on-chain messages to four Ethereum attacker wallets: “Ready to speak.” There has been no response.

As of this writing, $0 has been recovered.

The Circle question

This deserves its own section.

$232 million in stolen USDC flowed through Circle's own bridge infrastructure over six hours during US business hours. Circle has the technical ability to blacklist USDC addresses and freeze funds in transit. The attacker appears to have deliberately chosen USDC over USDT, betting that Circle would be slower to act.

Circle was asleep while many millions of USDC were swapped via CCTP from Solana to Ethereum for hours from the 9-figure Drift hack during US hours.

— ZachXBT

The contradiction is striking. Just nine days earlier, Circle had frozen 16 legitimate business hot wallets — exchanges, casinos, payment processors, and the DFINITY Foundation's ckETH Minter contract — as part of a civil case. ZachXBT documented $420 million in alleged compliance failures by Circle since 2022, across at least 15 cases involving stolen funds.

Circle's stated position: they freeze assets “when legally required.”

What could have stopped it

Every red flag in this attack was detectable before any signer approved. Not in retrospect. Not theoretically. Concretely, with data that was on-chain at the time of signing.

The durable nonce. OtterSec documented this risk thirteen months before the exploit. Any tool that checked for advanceNonceAccount as the first instruction would have flagged the transaction as having no expiration.

The admin transfer.The new admin address was created one day before the exploit with zero transaction history. Any tool that resolved the destination address would have raised a critical alert: you are transferring protocol control to a wallet that didn't exist yesterday.

The fake oracle.CVT's oracle had $500 in backing liquidity and a 21-day price history. This is the same pattern as the Mango Markets exploit from 2022. Any tool that checked oracle quality for newly listed assets would have caught this.

The withdrawal guards.Raising safety limits by 100,000x in a single transaction is not ambiguous. It is not a gray area. It is the protocol's equivalent of removing the vault door.

We ran both exploit transactions through our analysis engine. It flagged every one of these findings at CRITICAL severity with a 98% confidence match to known attack patterns.

If one signer in the 2/5 multisig had seen this report before approving, $285 million stays in the vault.

The knowledge gap was not the problem. The durable nonce risk was published. Oracle manipulation is a documented pattern. 2/5 thresholds are known to be weak. Every element of this attack existed in the security research literature.

The problem was the tooling gap. Signers on Solana multisigs are presented with unreadable hex data when asked to approve transactions. OtterSec described it as “roughly equivalent to blind signing.” The information to prevent this attack existed. The mechanism to put that information in front of the right person at the right moment did not.

That is what TxScope does. It sits between “transaction proposed” and “transaction signed” and translates the raw payload into a deterministic, human-readable threat report. Durable nonces, authority transfers, oracle quality, withdrawal guard changes, known attack pattern matching — surfaced to the signer before they approve, not discovered in a post-mortem after the money is gone.