- Drift Protocol Confirms $280 Million Crypto Theft Via Sophisticated Attack Abusing Lasting Occasional Circumstances
- Hackers have hijacked the Security Council’s powers by falsifying transaction approvals and social engineering.
- Loan/loan deposits, safes and exchanges concerned; incident marks biggest crypto heist of 2026 so far
Decentralized cryptocurrency exchange Drift has confirmed that it suffered a cyberattack in which malicious actors stole hundreds of millions of dollars in tokens.
On April 1, 2026, Drift Protocol posted on X, claiming that it was “under active attack” and that all deposits and withdrawals were suspended as a result.
“This is not an April Fool’s joke,” officials tweeted. “We are coordinating with several security companies, bridges and exchanges to contain the incident.”
Article continues below
Very sophisticated attack
Shortly after, an update was released explaining that a malicious actor was able to gain access to the protocol “through a new attack involving durable nonces,” leading to a “rapid takeover of the administrative powers of the Drift Security Council.”
The Security Council is a governance and security mechanism designed to act quickly in emergencies, without waiting for a full vote by the DAO. This is a small trusted group (usually multisig signers) within the protocol’s governance structure, which has limited and expedited powers. Ironically, the Security Council was supposed to prevent attacks like this.
Drift says the attack was “a highly sophisticated operation that appears to have required several weeks of preparation and staged execution.”
This was not a bug and no seed phrases were compromised. Instead, the attack involved “unauthorized or false transaction approvals obtained before execution, likely facilitated by durable casual mechanisms and sophisticated social engineering.”
As of press time, no one has claimed responsibility for this attack, but Drift said approximately $280 million had been removed from the protocol. North Korean state-sponsored groups Lazarus and different variants of Chollima (Labyrinth, Pressure, Golden) are usually responsible for stealing cryptocurrencies from Western organizations. The country uses the stolen money to finance its government apparatus and weapons program, some researchers say.
All borrow/loan deposits, vault deposits and funds deposited for trading purposes are affected, Drift confirmed. This is now one of the biggest cryptocurrency heists ever, and the biggest this year so far.
Via The file
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
