Drift Hack: North Korea's $285M Heist

⚡ Key Takeaways

• The Drift Protocol hack, resulting in a $285 million loss, was primarily a social engineering attack, not a smart contract exploit. 𝕏
• Attackers spent months building trust with Drift team members before executing the hack. 𝕏
• The use of Solana's 'durable nonces' allowed attackers to use pre-signed transactions for control. 𝕏
• A fake token (CVT) was created and manipulated to be whitelisted as collateral, enabling the withdrawal of real assets. 𝕏
• The incident highlights the vulnerability of DeFi protocols to human manipulation, beyond just code flaws. 𝕏