Drift Protocol hack raises crypto lending red flags as institutional funds chase yields

Drift Protocol, exploited for up to $285M, may have lasting repercussions on Solana DeFi and lending as a whole. The incident exposed significant whale funds, showing the ongoing weakness in Web3 infrastructure. 

Drift Protocol exposed the weakness of Web3 lending and decentralized trading. The protocol discovered the main cause of the exploit, which was the loss of two private keys to the multisig wallet. This allowed the hacker to change the rules, lock the team out of the admin account, and drain valuable assets against a fake token collateral. 

Drift Protocol was not exploited through a smart contract, but its governance process was too fast and without failsafe mechanisms. This allowed the hacker to withdraw funds continuously for more than an hour, mimicking borrowing against the posted token collateral. 

According to OShield Protocol, the compromised wallets allowed the hacker to change the admin key with an on-chain transaction on Solana. Another multisig member, presumably the second compromised key, approved the change. 

The hacker then created a vault based on a falsely valued token with an inflated oracle price. After that, the hacker was free to use Drift Protocol’s own features for cross-margin and swapping to drain multiple vaults.  

After the hack, the funds were consolidated on Ethereum addresses in the form of ETH. The hacker used Phantom Wallet, Wormhole bridge and Jupiter’s bridging service to take the funds out of Solana, later using other DEXs to swap out of freezable USDC tokens. The ETH can become hard to trace if mixed through Tornado Cash. 

On-chain researcher ZachXBT noted Circle did not react to over $230M in USDC while it moved in the early hours after the hack. 

In theory, Circle can freeze tokens, but rarely does so, and only if there are legal concerns against a known entity. 

Which protocols were affected by the Drift Protocol hack? 

One of the biggest concerns was which other DeFi hubs would be affected by Drift Protocol. The DEX and lending vaults advertised themselves as reliable sources of yield for USDC, just as Solana lending was growing. 

DeFi Dev Corp., one of the biggest Solana treasury companies, stated it did not get exposure to Drift Protocol. Previously, the DAT company stated it may put some of its funds to use within Solana DeFi vaults, but did not build a direct exposure to Drift. The company still allocates some of its assets to on-chain yield strategies, but has a high standard of risk management. 

Several smaller DeFi protocols, however, reported indirect losses. In DeFi, vault curation has turned into a tool that sometimes consolidates funds into the largest and presumably, most stable protocols. Before the exploit, Drift Protocol held around $550M in liquidity and was linked to smaller Solana DeFi apps. 

Protocols include Trade Neutral, Elemental DeFi, SynatraXYZ, Project0, Ranger Finance, and Reflect Money. Carrot Protocol also reported direct losses from funds locked in Drift vaults, an estimated 50% of value locked. 

All user funds were also affected for Pyra Protocol, which was just a storefront for using Drift. The app cannot honor user withdrawals, as all funds were locked with Drift and are completely inaccessible. 

The exposure of private keys also raises questions about the wider DeFi lending market. Recently, the rise in stablecoin supply and search for yield presented lending as an activity suitable even for institutions.

This recent exposure of private keys and admin access hijack showed that Web3 security still has weak spots, which could expose institutional-grade capital to major risks. 

Following the hack, the overall Solana DeFi value fell from $6.1B to $5.4B, as reported by Defillama. DRIFT tokens also incurred losses, wiping out 37% to a price of $0.04. SOL also lost 5.7% in the past day, sinking below $80.

If you're reading this, you’re already ahead. Stay there with our newsletter.