Discussion
Solana's Drift Protocol drained of $285 million through fake token and governance hijack
ph4rsikal: https://www.web3isgoinggreat.com/
embedding-shape: > The attacker used social engineering to induce Drift Security Council multisig signers into pre-signing transactions that appeared routine but carried hidden authorisations.So much for the "Security Council". What an embarrassment to be in a team/org like that and fail your most basic duty which would be "look at what you sign".
Overpower0416: What kind of DeFi protocol has super power private keys to alter the protocol just like that? And no timelock. Seriously? What a joke
pawelduda: Trusting any of these crypto protocols is hard with any serious money. If anyone wants to target you, they'll go great lengths to trick you into making a mistake. Even if you do everything right, the people behind the service can step into a mine for you. Even easier if you add AI to the pipeline where people will tend to offload the vulnerable parts of development/ops to a LLM
yieldcrv: this is a beautiful attack, the way that multisig signers were compromised with innocuous signatures in advance, without really compromising private keysfrom the pre-funding to a virgin address, to the bundler, to the exit strategy to decentralized assetsto the protocols exposed but functioning perfectly under the stress test - props to Jupiter! - and the optional insurance protocols functioning decently, all while people point fingers at Circle for their bridge working perfectly, it's not even clear what people want them to do specifically! All of these aspects of web3 are working great, and it's easy for a cynic that only sees these headlines to miss thatinspirational, great place to build
maipen: It took a long time until we got real digital money, Bitcoin.But all these new protocols want to do stuff at the expense of trustlesssness.
lokar: That was inevitable, and all designs like that will eventually yield the same outcome.The people who should be embarrassed are the ones who thought having a group of humans routinely review (possibly complex) transactions for correctness, with no ability to undo/revert the outcome, was a good idea.
lokar: Also, how could one reasonably disprove that the signers were not in on the scam?
bombcar: That’s the best part, you can’t!
estetlinus: > The funds were used to deploy CarbonVote Token (CVT), a completely fictitious assetCrypto calling out other cryptos, made me giggle
rvnx: + "ZachXBT publicly criticised Circle for not freezing the stolen USDC during the bridge"calling for this, when the whole concept is to avoid government control
haakon: Backed stablecoins aren't some anarchistic anti-government thing; they are highly regulated and will lose access to their banking if they don't follow the rules – rules which require them to freeze coins in cases of crime.If you want to show a middle finger to government there are cryptocurrencies for that, but USD stablecoins with centralized backing is not it.
nradov: It's always entertaining to see worthless idiots lose money on an obvious scam like cryptocurrency. Ha ha. Although in this case it seems that North Koreans might have ended up with actual valuable fiat currency, which is unfortunate.
youniverse: What a nice retirement fund!
Night_Thastus: Bitcoin isn't 'real digital money'. It's a speculative asset for gambling with. That's all it is, and all it ever was.
