Drift Data Breach 2026

[WillyAp]

Is everyone that immersed into the strait of Hormuz, Ukraine wars?

On April 1, 2026, Drift Protocol suffered a $285 million security breach after attackers exploited a 2/5 multisig configuration and used social engineering to gain control. The theft occurred in under 15 minutes, with funds drained through a fraudulent token. The incident revealed critical flaws in governance and key management. Experts are now urging a protocol update to incorporate hardware security modules and professional custody solutions.

https://www.kucoin.com/news/flash/drift-protocol-loses-285m-in-security-breach-exposing-defi-governance-weaknesses?lang=en_US&

A hack subtracting around 285 m Dollar and bitcointalk did not notice? 

[NeuroticFish]

A hack subtracting around 285 m Dollar and bitcointalk did not notice?  

I've noticed that people have been writing about it a little, here and there, but indeed, it doesn't seem to have gotten the full attention (or maybe I've missed it).

On the other hand, imho it's "just another altcoin hack" (although probably I should not think so lightly about it, since it's a shitload of money we're talking about).

[OgNasty]

Is everyone that immersed into the strait of Hormuz, Ukraine wars?

On April 1, 2026, Drift Protocol suffered a $285 million security breach after attackers exploited a 2/5 multisig configuration and used social engineering to gain control. The theft occurred in under 15 minutes, with funds drained through a fraudulent token. The incident revealed critical flaws in governance and key management. Experts are now urging a protocol update to incorporate hardware security modules and professional custody solutions.

https://www.kucoin.com/news/flash/drift-protocol-loses-285m-in-security-breach-exposing-defi-governance-weaknesses?lang=en_US&

A hack subtracting around 285 m Dollar and bitcointalk did not notice? 

Social engineering hacks aren't really Bitcoin hacks in my opinion.  That is probably why the community doesn't seem to care.  You do make a good point that the government employees put in charge of things like this don't have real experience and are prone to making stupid decisions they aren't aware of the consequences.  God forbid anyone in any industry or government actually hire a consultant with experience to keep them from losing hundreds of millions of dollars by being stupid...

[WillyAp]

Social engineering hacks aren't really Bitcoin hacks in my opinion.  That is probably why the community doesn't seem to care.  You do make a good point that the government employees put in charge of things like this don't have real experience and are prone to making stupid decisions they aren't aware of the consequences.  God forbid anyone in any industry or government actually hire a consultant with experience to keep them from losing hundreds of millions of dollars by being stupid...

An Api call, a cloaked one too.
Although social engineering was here to blame to get the 3 signatures.

[Davidvictorson]

A hack subtracting around 285 m Dollar and bitcointalk did not notice? 

These things don't take time. I am surprised that it happened all under 15 minutes. In reality the systems that are going to always be vulnerable are those whose administrators sacrifice advanced security protocols to so as to save money for the organization. I am speaking generally as I do not know if that was the situation in this instance.
Companies as well as individuals should pay more attention to their security online and offline.

I sure know that the hackers will be caught but now they'll spend more money on getting them caught which is what they should have done to secure their systems.

[joniboini]

These things don't take time. I am surprised that it happened all under 15 minutes.

I mean, I don't think it will take that long to process queries to begin with, or do you think the 15 minutes refers to their social engineering efforts and whatnot? I don't get that impression from reading the article. How would they even track that if that's what they're referring to? I always assume this timing is taken from the first time the attacker gains access to the system, not prior to that.