- Drift Protocol Confirms $280 Million Cryptocurrency Theft Through Sophisticated Attack Abusing Durable Data
- Hackers hijacked Security Council powers through misrepresented transaction approvals and social engineering
- Affected loan/loan deposits, vaults and transactions; The incident marks the largest cryptocurrency theft of 2026 so far
Decentralized cryptocurrency exchange Drift has confirmed to have suffered a cyberattack in which threat actors stole tokens worth hundreds of millions of dollars.
On April 1, 2026, Drift Protocol posted on X, saying that it was “experiencing an active attack” and that all deposits and withdrawals were suspended as a result.
“This is not an April Fool’s joke,” the maintainers tweeted. “We are coordinating with multiple security companies, bridges and exchanges to contain the incident.”
Article continues below.
Highly sophisticated attack
Shortly after, an update was released explaining that a malicious actor was able to access the protocol “through a new attack involving durable nonces,” resulting in a “rapid takeover of the Drift Security Council’s administrative powers.”
The Security Council is a governance and security mechanism designed to act quickly in emergencies, without waiting for a full DAO vote. It is a small, trusted group (usually multi-signature signers) within the protocol’s governance structure, which has limited and fast-track powers. Ironically, the Security Council was supposed to prevent attacks like this.
Drift says the attack was a “very sophisticated operation that appears to have involved several weeks of preparation and staged execution.”
It was not a mistake and no opening sentence was compromised. Instead, the attack involved “unauthorized or misrepresented transaction approvals obtained prior to execution, likely facilitated through long-lived nonce mechanisms and sophisticated social engineering.”
As of press time, no one claimed responsibility for this attack, but Drift said approximately $280 million was withdrawn from the protocol. North Korean state-sponsored groups Lazarus and other Chollima variants (Labyrinth, Force, Golden) are typically tasked with stealing cryptocurrency from organizations in the West. Some researchers claim that the country uses the stolen money to finance its government apparatus and its weapons program.
All deposits placed on loans/loans, vault deposits and funds deposited for trading are affected, Drift confirmed. This is now one of the largest cryptocurrency thefts in history and the largest this year so far.
Through The record
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
