en.bitcoinsistemi.com
Technical details are beginning to emerge regarding the potential large-scale attack on Drift Protocol, a Solana-based decentralized derivatives platform. On-chain data suggests the attack may have been the result of a highly complex and pre-planned manipulation process.
According to the analysis, the attacker created a fake token called “CarbonVote Token (CVT)” approximately three weeks before the attack and established a pool on Raydium with only about $500 in liquidity. While the token price was artificially pegged at around $1, the oracle price history was manipulated through wash trading operations carried out over several weeks.
It was alleged that a compromised Drift administrator key was used during the critical phase of the attack. With this authorization, CVT was listed as a new spot market on the platform. In the same operation, withdrawal limits for $USDC and four other markets were increased to astronomical levels (500 trillion), effectively disabling the platform’s security mechanisms.
Following this, the attacker deposited approximately 785 million CVT tokens (worth approximately $785 million at manipulated prices) as collateral. However, it is stated that the actual liquidity behind this collateral was only a few hundred dollars.
Using fraudulent collateral, the attacker withdrew a large amount of assets from the platform’s spot market vaults. In approximately 12 minutes, 31 transactions were executed, resulting in the withdrawal of numerous assets including 66.4 million $USDC, 42.7 million $JLP, 23.3 million MOODENG, 5.6 million USDT, 5.2 million USDS, 2.6 million JUP, 583,000 RAY, and 477,000 WETH. It is reported that nearly 20 different vaults were almost completely emptied.
While some of the funds were transferred directly to a specific wallet, it was reported that 42.7 million $JLP were burned, and the remaining assets were largely converted to SOL and distributed across different wallets. The fact that the transactions were carried out with different signature keys suggests either that the key management infrastructure was compromised or that the attack was carried out by someone with access to multiple authoritative keys.
It is stated that a total of 313 transactions could be traced on the chain from a specific block, and the size of the attack is estimated to be over $200 million.
*This is not investment advice.