Drift Protocol: No evidence shows that the mnemonic phrase was stolen; the attack was highly complex and took weeks of preparation

Drift Protocol tweeted that a malicious actor gained unauthorized access through a new type of attack involving durable nonce, quickly taking over the management rights of the Drift security committee. The attack was highly sophisticated, prepared over several weeks, and included the use of durable nonce accounts to pre-sign transactions to delay execution. Current investigations show that the cause of this incident is not due to vulnerabilities in the Drift program or smart contracts; there is no evidence that the mnemonic phrases were stolen; the attacker gained access through unauthorized or forged transaction approvals (possibly involving social engineering).

The final result led to approximately $280 million in funds being withdrawn from the protocol. All lending, vault deposits, and trading funds were affected. DSOL (the portion not deposited in Drift, including assets staked to Drift validators) and insurance fund assets were not affected, and the latter is being withdrawn for protection. As a precaution, all remaining protocol functions have been frozen, and the multi-signature has been updated to remove the compromised wallet.