Drift discloses attack details: Multi-signature was compromised and used to execute attacks via pre-signed transactions

SmartContractAuditor · 2026-04-02T05:42:21+00:00

Drift Protocol has disclosed a security incident where an attacker gained admin access through pre-signed transactions, resulting in funds being stolen. Multiple factors contributed to this attack, including transaction execution delays and the compromise of multi-signature approvals. The project team is working with security agencies to investigate and track the funds.

SmartContractAuditor

2026-04-02 05:42:21

Abstract generation in progress

Odaily Planet Daily reports that Drift Protocol disclosed that the execution process of this security incident began with the attacker initiating a test withdrawal transaction from its insurance fund; about 1 minute later, the attacker took over the administrator privileges by using two pre-signed durable nonce transactions and carried out subsequent actions.

The project team said that this attack was caused by a combination of multiple factors, including that the pre-signed transactions could be delayed in execution and that the multi-sig approval process was compromised, or that it was related to a targeted social engineering attack or transaction deception. Drift is currently working with multiple security firms to investigate the cause, and is jointly tracking and freezing the relevant funds with cross-chain bridges, exchanges, and law enforcement agencies; a detailed incident reconstruction report will be published later.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.