Drift Reveals Attack Details: Multi-Signature Compromised and Pre-Signed Transactions Used in Attack

Odaily News Drift Protocol disclosed the execution process of this security incident, stating that the attack began with a test withdrawal transaction initiated from its insurance fund. Approximately one minute later, the attacker took over administrator permissions and executed subsequent operations through two pre-signed durable nonce transactions.

The project team indicated that this attack was caused by multiple factors, including the delayed execution capability of pre-signed transactions, and the compromise of multi-signature approval, which may be related to targeted social engineering attacks or transaction spoofing. Drift is currently collaborating with multiple security agencies to investigate the cause, and is working with cross-chain bridges, exchanges, and law enforcement to track and freeze the related funds. A detailed post-mortem report will be released subsequently.