Drift Protocol: No evidence indicates that the mnemonic was stolen; the attack was highly sophisticated and took weeks to prepare.

Golden Finance reports that on April 2, Drift Protocol posted on X that a malicious actor gained unauthorized access through a new type of attack involving durable nonces, quickly taking over administrative control of Drift’s security committee. The attack is highly complex, taking weeks of preparation; it includes using pre-signed transactions from a durable nonce account to delay execution.
Current investigations indicate that the cause of this incident is not a vulnerability in the Drift program or smart contracts; there is no evidence that the mnemonic phrase was stolen. The attacker obtained access by approving unauthorized or forged transactions (possibly involving social engineering). The final outcome led to approximately $280 million in funds from the protocol being withdrawn. All borrowing, gold reserves deposits, and transaction funds are affected. DSOL (excluding portions not deposited into Drift, including assets staked to Drift validators) and insurance fund assets are unaffected; the latter is being withdrawn for protection. As a preventative measure, all remaining protocol functions have been frozen, and the multisig has been updated to remove the compromised wallets.