🤑 DRIFT EXPLOIT WASN’T JUST A HACK, IT WAS A LONG CON ⛔ CHAPTER 1: THE MASK OF TRUST It did not begin with a breach. It began with a story. In late 2025, the attackers entered Drift’s world as a quant trading firm. They showed up at conferences, started conversations, and slowly built real relationships. Over time, they became familiar faces in the ecosystem. They opened wallets, deposited funds, and even contributed more than $1M to look completely legitimate. By the time anyone could question them, trust had already done its job. 😈 CHAPTER 2: THE HIDDEN MACHINE Around March 11, the real setup began. Behind the scenes, the attackers minted a fake token called CVT, created a tiny Raydium pool, and used wash trading to build a believable price history. It looked like a real market, but it was only a setup designed to fool the system. The goal was simple. Create collateral that appeared valuable while being backed by almost nothing. 🫢 CHAPTER 3: THE DOOR LEFT OPEN Then came the critical moment. TRM reports that the attackers used social engineering to get multisig signers to pre-sign hidden approvals. Soon after, on March 27, Drift’s Security Council shifted to a 2/5 setup with zero timelock. That meant there was no delay left to catch suspicious actions. The system was no longer protected by time. 🪙 CHAPTER 4: THE APRIL 1 HEIST On April 1, everything moved at once. The attacker listed CVT as valid collateral, raised withdrawal limits, deposited hundreds of millions of CVT, and began extracting real assets. In about 12 minutes, the protocol was drained. Large amounts of USDC and JLP were taken, and funds were quickly moved out, with major portions bridged to Ethereum within hours. What looked sudden was actually planned for months. 🤓 CHAPTER 5: THE REAL LESSON This was not just a smart contract issue. It was a combination of trust manipulation, fake identity, pre-signed approvals, oracle abuse, and weak governance controls. The attackers did not force their way in. They earned their way in. And that is what makes this different. When attackers become your partners first, they don’t need to break anything. They are already inside.
Share
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.