DeFi platform Drift suspends deposits and withdrawals after crypto hack

Share This Post

DeFi platform Drift has suspended deposits and withdrawals after losing millions of dollars in a crypto hack.

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The firm posted on X that it was investigating ‘unusual activity’ on the protocol, telling users that it was not an April Fool’s joke.

Security researchers estimate losses at up to $240 million, blaming governance security as the chief vulnerability after the attcker infiltrated a multisig upgrade a week ago.

One independent researcher observed: “This isn’t a technical vulnerability, It’s a governance catastrophe. Drift’s smart contracts themselves were fine. The problem was:
• Multisig handoff process failure
• Handing the hacker a “master key”
• All subsequent operations were “legitimate” calls”

In summary: “The essence of the Drift hack = Unified Liquidity Pool (risk concentration) × Multisig Vulnerability (privilege loss) × Excessive Admin Privileges (no checks)”

“At the cost of $240 million, it sounds the alarm for the entire DeFi industry.”

Related Posts

EU Enters MiCA Enforcement Phase for Crypto Companies

The European Union’s cryptocurrency industry has entered a new...

Strategy CEO Phong Le Buys 11,000 STRC Shares Through Revocable Trust

Phong Le acquired the Series A Perpetual Stretch Preferred...

Bitcoin Exchange Flows Point To More Volatility: Report

CryptoQuant’s weekly report, “Incoming Volatility?”, makes a...

ESMA’s First Post-Deadline MiCA Update Adds Standard Chartered

The European Securities and Markets Authority (ESMA) has published...