- Drift Protocol confirms $280 million crypto theft via sophisticated attack abusing durable nonces
- Hackers hijacked Security Council powers through misrepresented transaction authorizations and social engineering
- Deposits in loans/lending, vaults and trading affected; the incident marks the largest crypto theft of 2026 so far
Decentralized cryptocurrency exchange Drift has confirmed that it has suffered a cyber attack in which threat actors stole hundreds of millions of dollars worth of tokens.
On April 1, 2026, Drift Protocol on X issued a statement saying that it “experienced an active attack” and that all deposits and withdrawals were suspended as a result.
“This is not an April Fool’s joke,” the maintainers tweeted. “We are coordinating with multiple security firms, bridges and exchanges to contain the incident.”
The article continues below
Very sophisticated attack
Soon after, an update was issued explaining that a malicious actor was able to gain access to the protocol “through a new attack involving persistent nonces,” resulting in a “rapid takeover of the Operational Security Council’s administrative powers.”
The Security Council is a governance and security mechanism designed to act quickly in an emergency without waiting for a full DAO vote. It is a small, trusted group (usually multisig signers) within the protocol governance structure that has limited, fast powers. Ironically, the Security Council was supposed to prevent attacks like this.
Drift says the attack was a “highly sophisticated operation that appears to have involved several weeks of preparation and staged execution”.
It was not an error and no seed sets were compromised. Instead, the attack involved “unauthorized or false transaction authorizations obtained before execution, likely facilitated through durable nonce mechanisms and sophisticated social engineering.”
At press time, no one claimed responsibility for this attack, but Drift said that about $280 million was withdrawn from the protocol. North Korean state-sponsored groups Lazarus and various Chollima variants (Labyrinth, Pressure, Golden) are usually tasked with stealing cryptocurrencies from organizations in the West. The country uses the stolen money to finance its government apparatus and its weapons program, some researchers claim.
All deposits placed in loans/lending, bank deposits and funds deposited for trading are affected, Operations confirmed. This is now one of the biggest crypto thefts ever, and the biggest so far this year.
Via The record
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
