Solana's Drift Protocol drained of $285M through fake token and governance hijack
Summary
AnonHaven reports a $285 million drain from Drift Protocol on Solana via a fake token (CVT) and a governance hijack that exploited social engineering and durable nonces. Investigations by TRM Labs and Elliptic point to North Korean actors, with governance and human-factor weaknesses identified as the core attack surface, rather than just code flaws. The incident underscores governance as a critical risk for DeFi and the need for stronger oversight and response mechanisms.