Drift Protocol $285M Drained

on april 1st, solona based dex "drift" protocol got drained for $285M stemming from a compromised admin key which allowed the threat actor to manipulate oracle pricing and artificially inflate his fake token "carbon vote token" (750M units minted). he initially seeded the liquidity pool for said token for $500 via raydium weeks prior. with drift admin access he was able to list his token and drain the protocol within 12 minutes, turning a $500 investment into $285M. he then bridged sol to eth via circle. drift addressed the matter on twitter by stating "this is not an april fools joke". 

absolutely mad! how did the admin get compromised? 2/5 sigs were needed, why did the 2nd confirm right away without verifying specifics? inside job?

Mad indeed. Events like these look to be quite common in the smart contract or DeFi industry. It's why I keep it simple by just storing my money in a wallet/ledger. I treat it like what it is: An alternate currency, not an investment.

i agree not worth the commitment, one exploit and everything's gone. apparently 2/5 multi sigs approved the transactions via durable nonces which granted the actor pre signed admin transfers. the 2/5 drift multisig signers thought they were signing a routine transaction and described them as "misrepresented transaction approvals". they granted authorization not once, but twice about a week apart. no bug exploit, no private keys, a legitimate solana transactional feature lead to drift's loss.

Is there any resource where I may learn about this DeFi network exploitation (not the code the human).

Thanks your,
Beautiful.

UPDATE: Drift says the exploit was caused by North Korea. they described it as "an attack six months in the making." drift claims they were approached by a group of individuals at a major crypto conference who disguised themselves as a quant trading firm seeking collaboration with the platform. they connected via telegram over a 6 month period and established credibility by committing 1M in capital. they believe DPRK used proxies for their in person meetings and shared malicious files once trust was established.

i find this rather hilarious and personally think drift is scrambling with their pr team to find an excuse for their incompetence and took the north korean scapegoat route.

Imagine being clueless for 6 months and then crying about it. Drift, more like Grift.