
285 Million Drift Hack Traced To Six
The Drift Protocol Exploit involved a sophisticated attack on the Drift Protocol, resulting in the theft of over $285 million in just 10 seconds. The attacker utilized a combination of admin key exploits, fake oracles, and fake collateral to drain the protocol's vaults. The funds were then scattered across 63,000+ wallets using automated bots, making recovery efforts extremely challenging.
Notes
<div><b>CONCLUSION</b></div><div>The threat actor behind the Drift Protocol exploit demonstrated strategic adaptability by leveraging multiple blockchain technologies and exploiting protocol vulnerabilities. This adaptability allowed them to execute a highly coordinated attack that drained significant funds in a very short time. The impact on the targeted sectors, particularly those involved in cryptocurrency and blockchain, was severe, with over $285 million stolen and laundered across thousands of wallets. To mitigate such threats, organizations should utilize tools like SOCRadar IOC Radar for investigating indicators, SOCRadar Dark Web Monitoring for detecting credential leaks, SOCRadar Cyber Threat Intelligence for tracking threat actor TTPs, SOCRadar Brand Protection for identifying phishing domains, and SOCRadar Attack Surface Management for gaining visibility into exposed assets. These measures can help in early detection and prevention of similar sophisticated attacks.</div><div><br></div>
Mitigation
<span id="docs-internal-guid-0f7be750-7fff-703c-371d-e3ada9f4b9b1"><p style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">MITIGATION</span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"><br><br></span></p><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col><col></colgroup><thead><tr style="height:0pt;"><th style="border-left:solid #cccccc 0.5pt;border-right:solid #cccccc 0.5pt;border-bottom:solid #cccccc 0.5pt;border-top:solid #cccccc 0.5pt;vertical-align:middle;background-color:#2e4057;padding:5pt 7.5pt 5pt 7.5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></th><th style="border-left:solid #cccccc 0.5pt;border-right:solid #cccccc 0.5pt;border-bottom:solid #cccccc 0.5pt;border-top:solid #cccccc 0.5pt;vertical-align:middle;background-color:#2e4057;padding:5pt 7.5pt 5pt 7.5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Control / Strategy name</span></p></th><th style="border-left:solid #cccccc 0.5pt;border-right:solid #cccccc 0.5pt;border-bottom:solid #cccccc 0.5pt;border-top:solid #cccccc 0.5pt;vertical-align:middle;background-color:#2e4057;padding:5pt 7.5pt 5pt 7.5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Description & Drift campaign relevance</span></p></th></tr></thead><tbody><tr style="height:0pt;"><td colspan="3" style="border-left:solid #cccccc 0.5pt;border-right:solid #cccccc 0.5pt;border-bottom:solid #cccccc 0.5pt;border-top:solid #cccccc 0.5pt;vertical-align:top;background-color:#1a5276;padding:5pt 7.5pt 5pt 7.5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">🛡 Mitigations · attack.mitre.org/mitigations</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #cccccc 0.5pt;border-right:solid #cccccc 0.5pt;border-bottom:solid #cccccc 0.5pt;border-top:solid #cccccc 0.5pt;vertical-align:middle;background-color:#eaf4fb;padding:5pt 7.5pt 5pt 7.5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 9pt; font-family: " color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;"><a href="https://attack.mitre.org/mitigations/M1047/">M1047</a></span></p></td><td style="border-left:solid #cccccc 0.5pt;border-right:solid #cccccc 0.5pt;border-bottom:solid #cccccc 0.5pt;border-top:solid #cccccc 0.5pt;vertical-align:middle;background-color:#eaf4fb;padding:5pt 7.5pt 5pt 7.5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(34, 34, 34); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Audit</span></p></td><td style="border-left:solid #cccccc 0.5pt;border-right:solid #cccccc 0.5pt;border-bottom:solid #cccccc 0.5pt;border-top:solid #cccccc 0.5pt;vertical-align:top;background-color:#eaf4fb;padding:5pt 7.5pt 5pt 7.5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(34, 34, 34); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Systematically record and review system activity, user behaviors, configurations, and logs to detect anomalies and weaknesses. Includes network traffic audits, permission scans, and insecure software identification via tools such as Wireshark or Zeek.</span></p><p style="line-height:1.2;margin-top:3pt;margin-bottom:0pt;"><span style="font-size: 8pt; font-family: Arial, sans-serif; color: rgb(123, 84, 0); background-color: transparent; font-style: italic; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">↳ Drift: audit multisig signer approvals & governance tx logs</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #cccccc 0.5pt;border-right:solid #cccccc 0.5pt;border-bottom:solid #cccccc 0.5pt;border-top:solid #cccccc 0.5pt;vertical-align:middle;background-color:#fafeff;padding:5pt 7.5pt 5pt 7.5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 9pt; font-family: " color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;"><a href="https://attack.mitre.org/mitigations/M1035/">M1035</a></span></p></td><td style="border-left:solid #cccccc 0.5pt;border-right:solid #cccccc 0.5pt;border-bottom:solid #cccccc 0.5pt;border-top:solid #cccccc 0.5pt;vertical-align:middle;background-color:#fafeff;padding:5pt 7.5pt 5pt 7.5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(34, 34, 34); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Limit Access to Resource Over Network</span></p></td><td style="border-left:solid #cccccc 0.5pt;border-right:solid #cccccc 0.5pt;border-bottom:solid #cccccc 0.5pt;border-top:solid #cccccc 0.5pt;vertical-align:top;background-color:#fafeff;padding:5pt 7.5pt 5pt 7.5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(34, 34, 34); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Restrict access to network resources — file shares, remote systems, services — to only users with a legitimate business need. Employ network concentrators, RDP gateways, and zero-trust network access (ZTNA) models to prevent unauthorized lateral movement.</span></p><p style="line-height:1.2;margin-top:3pt;margin-bottom:0pt;"><span style="font-size: 8pt; font-family: Arial, sans-serif; color: rgb(123, 84, 0); background-color: transparent; font-style: italic; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">↳ Drift: restrict Security Council admin key interfaces & vault endpoints</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #cccccc 0.5pt;border-right:solid #cccccc 0.5pt;border-bottom:solid #cccccc 0.5pt;border-top:solid #cccccc 0.5pt;vertical-align:middle;background-color:#eaf4fb;padding:5pt 7.5pt 5pt 7.5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 9pt; font-family: " color: rgb(17, 85, 204); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;"><a href="https://attack.mitre.org/mitigations/M1053/">M1053</a></span></p></td><td style="border-left:solid #cccccc 0.5pt;border-right:solid #cccccc 0.5pt;border-bottom:solid #cccccc 0.5pt;border-top:solid #cccccc 0.5pt;vertical-align:middle;background-color:#eaf4fb;padding:5pt 7.5pt 5pt 7.5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(34, 34, 34); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Data Backup</span></p></td><td style="border-left:solid #cccccc 0.5pt;border-right:solid #cccccc 0.5pt;border-bottom:solid #cccccc 0.5pt;border-top:solid #cccccc 0.5pt;vertical-align:top;background-color:#eaf4fb;padding:5pt 7.5pt 5pt 7.5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(34, 34, 34); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Take and securely store backups from end-user systems and critical servers. Harden and isolate backup systems from the corporate network. Implement disaster recovery plans and test restoration processes to ensure availability after destructive attacks.</span></p><p style="line-height:1.2;margin-top:3pt;margin-bottom:0pt;"><span style="font-size: 8pt; font-family: Arial, sans-serif; color: rgb(123, 84, 0); background-color: transparent; font-style: italic; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">↳ Drift: vault state snapshots & off-chain governance record backups</span></p></td></tr></tbody></table></div><br></span>