嗯,用户让我帮忙总结一篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”这样的开头。首先,我需要仔细阅读这篇文章,抓住主要信息。 文章讲的是Drift Protocol被攻击,损失了至少2.8亿美元。攻击者利用了安全理事会的管理权限,通过预签名交易和耐用nonce账户来延迟执行,然后在特定时间发起攻击。Drift强调他们没有漏洞被利用,也没有种子短语被泄露。攻击发生在3月23日至30日之间,攻击者设置了账户并获得了多重签名批准。4月1日执行了恶意交易,转移了管理权限,最终盗取资金。 用户可能需要一个简洁明了的总结,用于快速了解事件。所以我要提炼出关键点:损失金额、攻击手段、时间线、影响范围以及后续措施。 接下来,我需要用简短的语言把这些点整合起来,确保不超过一百个字。可能的结构是:Drift Protocol遭遇攻击,损失金额,攻击手段和时间线,影响范围以及应对措施。 最后检查一下是否符合要求:没有使用特定开头,控制在一百字以内,并且准确传达主要内容。 </think> Drift Protocol遭遇黑客攻击,损失约2.8亿美元。攻击者通过操控安全理事会权限和预签名交易,在4月1日成功转移控制权并盗取资金。此次事件未利用平台漏洞或泄露种子短语。目前平台功能已冻结,正在调查并追回资金。 2026-4-2 19:15:16 Author: www.bleepingcomputer.com(查看原文) 阅读量:4 收藏
The Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated operation.
The attacker leveraged durable nonce accounts and pre-signed transactions to delay execution and strike with accuracy at a chosen time, the platform explained.
Drift underlines that the hacker did not exploit any flaws in its programs or smart contracts, and no seed phrases have been compromised.
Drift Protocol is a DeFi trading platform built on the Solana blockchain that serves as a non-custodial exchange, giving users full control of their funds as they interact with on-chain markets.
As of late 2024, the platform claimed to have 200,000 traders, supporting total trading volumes of more than $55 billion and a daily peak of $13 million.
According to Drift's report, the heist was prepared between March 23 and 30, with the attacker setting up durable nonce accounts and obtaining 2/5 multisig approvals from Security Council members to meet the required threshold.
This enabled them to pre-sign malicious transactions that weren’t executed immediately.
On April 1st, the attacker performed a legitimate transaction and immediately executed the pre-signed malicious transactions, transferring admin control to themselves within minutes.
Having gained admin control, they introduced a malicious asset, removed withdrawal limits, and eventually drained funds.
Drift Protocol estimates the losses at about $280 million, while blockchain tracking account PeckShieldAlert has calculated them at $285 million.
When unusual activity on the protocol was detected, Drift issued a public warning to users, stating that started an investigation and urging them not to deposit any funds until further notice.
.png)
As a result of the attack, borrow/lend deposits, vault deposits, and trading funds have been affected, and all protocol functions are now essentially frozen. Drift said DSOL is unaffected, and insurance fund assets are secured.
The platform is now working with security firms, cryptocurrency exchanges, and law enforcement authorities to trace and freeze the stolen funds.
Drift promised to publish a detailed post-mortem report in the coming days.
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
如有侵权请联系:admin#unsafe.sh