How Solana's Largest Perp DEX Was Exploited for $285 Million

Key Takeaways

• •

  The Drift exploit was a masterclass in methodical planning - The attacker spent over three weeks preparing the hack, timing the execution for April Fool's Day to create confusion while draining over half of the protocol's total value locked.

  “This one was very technical, well thought out. And from what we know today, spend at least three weeks.”

• •

  Multi-sig security without time locks is a critical vulnerability - Drift migrated to a 2-of-5 multi-sig shortly before the attack, but the lack of an execution delay allowed the hacker to seize control immediately after compromising developer machines via a supply chain attack.

  “Notably, it had zero time lock on any of the functions it could execute.”

• •

  Oracle manipulation remains a potent DeFi death blow - The hacker created a fake token (CVT), whitelisted it as collateral using compromised admin keys, and manipulated its price via a custom oracle to borrow and drain the protocol's blue-chip assets.

  “This enabled the user or the exploiter to add CVT as a new collateral asset on the Drift Protocol. So depositing it as collateral, they then continued to pump the price of that pool, because they also, as they could figure the market, could decide which oracle was being used.”

Episode Description

Chaos Labs' Omer Goldberg unpacks the $285 million Drift Protocol exploit. Did the perp DEX fail to implement best practices? Sponsored by ⁠Nexo⁠: A crypto lending and borrowing platform that lets users earn interest on digital assets and access credit against their holdings. Now available in the US with exclusive privileges for new clients. Get started today:⁠ http://nexo.com/unchained⁠ Solana's biggest perp DEX Drift Protocol was exploited for $285 million on April Fool's Day in a compromise observers have described as “methodical” and “chilling.” Chaos Labs founder Omer Goldberg unpacks how the exploit, which is among the 10 largest in DeFi history, went down, including how hackers leveraged a Solana feature to lie in wait without triggering alarms and how the attack bore some resemblance to the Mango DAO and Resolv exploits. He also weighs in on criticism against Circle for its slow response and whether the exploit has the markings of a North Korean state sponsored attack. In Omer's telling, the loss could have been avoided.  Listen to find out more! Guest: ⁠Omer Goldberg, Founder and CEO of Chaos Labs Previous appearances on Unchained: How the Resolv Hack Was a Web2 Exploit, Not a Crypto One - Uneasy Money Links Unchained: Drift Protocol Suffers $285 Million Exploit After Admin Key Compromise and Oracle Manipulation Uneasy Money: How the Resolv Hack Shows an Audit Doesn’t Mean ‘Secure’ The Mango Markets Attacker on Whether His ‘Trade’ Was Ethical or Not North Korean Hackers Are Winning. Is the Crypto Industry Ready to Stop Them? Learn more about your ad choices. Visit megaphone.fm/adchoices