The $285M Drift Protocol hack wasn't the largest hack in Web3 history — Bybit's $1.4B exploit holds that title. But it may be the most important one for the industry to understand. Here's why.
Drift Protocol operated behind a 2-of-5 multisig using Squads, a standard multisig infrastructure on Solana. The team confirmed that all multisig signers used cold wallets.
The attacker needed just two approvals. From Drift's post-mortem:
The attack was enabled by a combination of pre-signed durable nonce transactions and compromise of multiple multisig signer's approvals, likely through targeted social engineering or transaction misrepresentation.
The exploit itself — compromising a multisig by manipulating what signers approve — is not new. We saw this exact pattern with Bybit ($1.4B), WazirX ($200M), and Radiant Capital ($50M). The playbook is consistent:
The exploit transaction executed in roughly 12 minutes.
Every previous state-sponsored hack in crypto has relied on remote social engineering — fake job offers, Telegram messages, malicious links sent to strangers. Meeting in person was considered too risky for the attackers, which meant teams could use in-person verification as a mitigation.
The Drift attackers removed that assumption.
From Drift's disclosure:
Drift contributors were approached by a group of individuals at a major crypto conference who presented as a quantitative firm looking to engage on the protocol. They were technically fluent, had verifiable professional backgrounds, and were familiar with how Drift operated.
Over the following six months, the attackers onboarded an Ecosystem Vault on Drift, deposited over $1M of their own capital, participated in working sessions, and met contributors face-to-face at multiple conferences across several countries. By the time the attack executed, the relationship was nearly half a year old.
This is reminiscent of the XZ Utils backdoor — a multi-year infiltration of critical open-source infrastructure by a contributor who spent years building trust before inserting a backdoor.
Two things make this escalation significant for every team in Web3:
There are specific steps that could have reduced the attack surface. We should acknowledge them honestly:
Transaction verification. Hardware wallets were used, but the signers could not verify what they were actually signing. Transaction data on hardware wallets — especially for complex Solana instructions — is rendered as raw hex. Verifying thousands of characters against expected values is impractical. This is the blind signing problem that exists across every chain.
Code execution hygiene. One contributor was likely compromised after cloning a code repository shared by the attackers. Tools like Docker containers, dev containers, and sandboxed environments exist for this. Pascal Caversaccio from SEAL recommends Qubes OS for full isolation.
Device separation. Signing devices should be physically and logically separated from working devices. A compromised laptop should not have any path to a signing key.
Each of these is valid. Each was available before the hack. But here's the problem — none of them are the default path for how teams operate today. And that's the systemic issue.
There's a concept in security called security fatigue — when the cognitive burden of doing the right thing is so high that people just stop doing it. Every hack where the response is "they should have known better" is a symptom of this problem.
Consider passwords. For decades, the "solution" to credential reuse was telling people to memorize unique passwords. The advice was technically correct. In practice, it was infeasible. The real fix came when we built infrastructure — password managers, passkeys — that made the secure path the easy path.
The same pattern applies here. We can tell every multisig signer to verify every character of every transaction on their hardware wallet. That advice is technically correct. In practice, no one does it — because it's 20 pages of hex data and a single wrong character means a catastrophic loss.
This is the fundamental attribution error applied to security: blaming individuals for situational failures. The fix isn't better education. The fix is better infrastructure.
ERC-8213 is a standard we've proposed for the Ethereum ecosystem. Instead of displaying raw calldata on hardware wallets, the wallet displays a single 32-byte digest. The signer independently computes the expected digest on a separate device and compares. One hash to verify instead of thousands of characters.
This targets technical users and enterprise signers — anyone responsible for high-value multisig operations.
ERC-7730 is the longer-term companion. It establishes a registry where projects provide structured metadata that translates raw transaction data into plain-language descriptions. This targets non-technical and retail users.
The Drift hack happened on Solana, where these standards don't exist yet. We've opened a discussion in the SIMD repository to bring both approaches to the Solana ecosystem — a transaction digest equivalent and a human-readable signing registry.
If you operate a multisig, manage a treasury, or sign transactions on behalf of a protocol:
These are the immediate individual steps. But the real fix — the systemic fix — is making wallets that don't let this happen in the first place.
The default path must be the secure one.
