Drift reveals attack details, multi-signature was breached and exploited through pre-signed transactions

Drift Protocol disclosed that the execution process of this security incident began with a test withdrawal transaction initiated from its insurance fund. About one minute later, the attacker took over administrative privileges and executed subsequent operations through two pre-signed durable nonce transactions.

The project team stated that this attack was caused by multiple factors, including the delayed execution of pre-signed transactions and the compromise of multi-signature approval, which may be related to targeted social engineering attacks or transaction misdirection. Drift is currently collaborating with several security agencies to investigate the causes and is working with cross-chain bridges, exchanges, and law enforcement agencies to track and freeze related funds. A detailed review report will be published later.