David Hoffman
👤 SpeakerAppearances Over Time
Podcast Appearances
So again, it took two of five on this multisig in order to have this kind of god mode ability to drain 285 million, which is 50% of Drift's TVL.
And it was a very sophisticated group that pulled this off.
So someone like the Lazarus group, maybe even Indeed was them.
I'm not sure.
I haven't seen kind of the reporting on this.
And that was the vulnerability.
So they were able to trick two of Drift's five multi-sig signers to sign these transactions that they didn't fully understand.
And that's how this hack happened.
Unfortunately for users, the money's gone, right?
So Drift hasn't come out with a way to remunerate users.
Drift was not a huge perps protocol in the scheme of all perps protocols.
They were kind of like top 30, but they were the biggest, I think, on Solana, at least one of the largest on Solana.
And as you said, I mean, this ranks as one of the biggest hacks ever, certainly the largest on Solana.
This reminded me a little bit of the Ronin sidechain hack.
Do you remember 625 million?
That was in 2022.
That was also a multi-sig type hack, social engineering, compromised keys.
Like these multi-sigs are, they are just hazardous for protocols to have in place, right?
And I mean, what are the lessons that we learned from this?
Certainly, even if you have a multi-sig, there are better ways to design it.