Protect.Computer
NEWS

Drift Protocol suspends withdrawals after Security Council takeover drains hundreds of millions

· 1 min read · Data hijack Financial loss
Drift Protocol suspends withdrawals after Security Council takeover drains hundreds of millions

Photo by Shubham Dhage on Unsplash

What happened

Drift Protocol reported an active security incident after an attacker gained administrative control and executed malicious transactions that drained a large share of protocol funds.

Public reporting puts the loss in the $280M–$285M range, with the protocol pausing deposits and withdrawals while investigating and coordinating containment.

Why this matters

For users, this is a custody and liquidity event: when protocol controls are abused, normal assumptions about withdrawals, balances, and market operations can break quickly.

Even if smart-contract code itself was not directly exploited, compromised governance/admin paths can create the same end-user outcome: funds inaccessible or lost.

How to check if you’re affected

Affected versions: All Drift Protocol deployments handling user deposits/withdrawals at incident time (April 1, 2026), until Drift confirms remediation and normal operations are safely restored.

You are likely affected if you had funds on Drift during the incident window.

  1. Check your wallet history

    • Review all Drift-related transactions and token balances around the incident date.
    • Capture wallet addresses and tx hashes for records.

  2. Verify protocol status before interacting

    • Confirm deposits/withdrawals/trading status via Drift official channels and trusted trackers.
    • Do not add new deposits until full recovery guidance is published.

  3. Reassess wallet permissions

    • Revoke stale approvals tied to affected dApps.
    • Rotate wallet operational practices if you used automation/signers in high-value flows.

  4. Document loss and exposure now

    • Export balance snapshots and timestamps for any insurance/legal/recovery process.
    • Track recovery announcements and any claims process from protocol operators.

Immediate defensive actions

  • Pause interactions with affected DeFi contracts until postmortem and remediation are complete.
  • Revoke unnecessary token approvals from hot wallets.
  • Split operational funds across risk tiers instead of concentrating assets in one protocol.
  • Require stricter multisig and signer hygiene for treasury/DAO operations.

Sources

Bottom line

If you hold assets connected to Drift, treat this as an active incident: verify exposure, avoid new deposits, and wait for confirmed remediation and recovery guidance before resuming normal use.

Related reading

News
Google Drive ransomware detection is now generally available for Workspace tiers

Google says Drive ransomware detection is now GA with a newer model that detects more infections and pauses sync when suspicious encryption is detected.

News
Attackers abuse .arpa and IPv6 reverse DNS to evade phishing detection

Infoblox reports phishing actors abusing ip6.arpa reverse DNS and IPv6 tunnel allocations to bypass domain-reputation controls and deliver short-lived phishing chains.

News
Marquis Software breach impacts 672,000+ people at U.S. financial institutions

Bank software vendor Marquis Software says a 2025 ransomware incident exposed personal and financial data tied to customers of dozens of institutions.

News
AI sandbox flaws in Bedrock, LangSmith, and SGLang raise data-exfiltration and RCE risk

Newly disclosed weaknesses in popular AI execution environments could let attackers exfiltrate sensitive data or execute arbitrary code in downstream workflows.