How Solana's Largest Perp DEX Was Exploited for $285 Million
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “How Solana's Largest Perp DEX Was Exploited for $285 Million” inside PodZeus.
The Unchained podcast episode examines the $285 million hack of Drift Protocol, Solana's largest decentralized perpetual futures exchange, which occurred after a methodical, multi-stage attack spanning weeks. Omer Goldberg of Chaos Labs breaks down how attackers exploited a 205 multi-sig with no time lock, created a fake token (CBT) with manipulated oracle and market parameters, and used durable nonces to delay execution without triggering alarms. The hack leveraged social engineering, oracle manipulation, and market pump-and-dump tactics, with the attacker likely gaining early access through a compromised admin key—possibly via a supply chain attack on open-source libraries. The breach triggered a contagion across over 20 Solana protocols, including vaults, lending platforms, and yield products, due to lack of monitoring and alerting. The episode also explores the controversy around Circle’s failure to freeze stolen USDC via CCTP, speculation about North Korean involvement (Lazarus Group), and broader debates on DeFi’s centralization, security best practices, and the need for time locks, circuit breakers, and transparent risk disclosures. Despite the devastation, the conversation underscores that while DeFi offers innovation, foundational security and user protection must not be sacrificed for speed or UX. Key takeaways include: 1) Never deploy admin keys without time locks and multi-sig thresholds (3/5 or higher); 2) Monitor durable nonces and key transfers with real-time alerts; 3) Disclose centralized risks transparently to users; 4) Implement circuit breakers for deposits and withdrawals; 5) Use security councils and audits as mandatory safeguards; 6) Treat supply chain dependencies (e.g., Axios, LightLLM) as critical attack vectors; 7) Integrate risk monitoring across all partners; 8) Recognize that DeFi’s brand depends on trust, not just code. The overall sentiment is one of cautious urgency—acknowledging systemic flaws while calling for immediate, responsible improvements.
Implement time locks on admin actions to allow for review and intervention.
Use multi-sig thresholds of at least 3/5 for high-value protocols.
Monitor durable nonces and key transfers in real time with alert systems like PagerDuty.
Disclose centralized risks (e.g., admin keys) clearly to users.
Enforce circuit breakers for deposits, withdrawals, and parameter changes.
…and 3 more takeaways available in PodZeus
The Drift Hack: A $285M Breach
“So that was over half of the money in the protocol that was drained.”
The Attack Timeline: A Methodical Operation
“It looked like this was a planned event. And I think that the hacker had some type of access that the team didn't know about.”
The Role of Supply Chain Attacks and Social Engineering
Discussion on how the attacker may have compromised a developer’s machine via infected open-source libraries (e.g., Axios, LightLLM), enabling access to admin keys without breaking cryptography.
The Fake Token and Oracle Manipulation
“They had hundreds of millions of dollars in collateral at least that's what the Drift program viewed it as.”
Durable Nonces: A Double-Edged Sword
Analysis of Solana’s durable nonces, which allowed the attacker to sign transactions without time expiration, enabling stealthy execution and bypassing standard security checks.
“Six hours is how long Circle had to freeze stolen funds from the $280 million plus drift hack. Why does our industry allow them to stay silent?”
“People might accuse me of grave dancing for saying it, but we have to stop letting centralized things call themselves DeFi.”
“The worst possible UX is losing your users' money.”
Host
Guest
Drift Protocol
other
Omer Goldberg
person
Solana
other
Chaos Labs
organization
Circle
organization
Lazarus Group
organization
CCTP
other
Axios
other
PagerDuty
product
Nexo
organization
Quantum Computing Got 20x Closer. It Threatens A Third of All Bitcoin
Unchained • 1h 9m • 4/3/2026
DEX in the City: Why the Prediction Market Bans Could Just Be Beginning
Unchained • 41m • 4/3/2026
How Bitcoin Is Both a Risk Asset and a Hedge Against Debasement
Unchained • 46m • 4/5/2026
Do Centralized Real World Assets on DeFi Break Ethereum? - Bits + Bips
Unchained • 1h 4m • 4/5/2026
The Chopping Block: Is Canton a Real Blockchain? Ethereum’s Cypherpunk Dilemma, AI Security Chaos
Unchained • 56m • 4/5/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “How Solana's Largest Perp DEX Was Exploited for $285 Million” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime