PANews reported on April 2nd that Drift Protocol released an update on its investigation into the attack. Attackers used a novel attack involving persistent random numbers, combined with social engineering targeting multi-signature signers, to gain administrative control of the Drift Security Council and steal approximately $280 million. All funds deposited into lending, vaults, and used for transactions were affected. Unaffected assets include DSOL not deposited with Drift (including assets staked to Drift validators) and insurance fund assets (which will be withdrawn from the protocol for protection). Drift has frozen all remaining protocol functionality and updated its multi-signature wallet to remove the attacked wallet.

The attack was prepared starting March 23, with the creation of four persistent random number accounts (two associated with multisignature members, and two controlled by the attacker), obtaining at least 2/5 multisignature approval. During the execution phase on April 1, the attacker executed a pre-signed transaction approximately one minute after a legitimate test transaction, completing administrator takeover, introducing malicious assets, and removing all withdrawal limits. Drift stated that this incident was not caused by a contract vulnerability or mnemonic phrase leak, and is cooperating with security companies, cross-chain bridges, exchanges, and law enforcement to trace the stolen assets.