How Solana's Largest Perp DEX Was Exploited for $285 Million

Chaos Labs' Omer Goldberg unpacks the $285 million Drift Protocol exploit. Did the perp DEX fail to implement best practices? Sponsored by ⁠Nexo⁠: A crypto lending and borrowing platform that lets users earn interest on digital assets and access credit against their holdings. Now available in the US with exclusive privileges for new clients. Get started today:⁠ http://nexo.com/unchained⁠ Solana's biggest perp DEX Drift Protocol was exploited for $285 million on April Fool's Day in a compromise observers have described as “methodical” and “chilling.” Chaos Labs founder Omer Goldberg unpacks how the exploit, which is among the 10 largest in DeFi history, went down, including how hackers leveraged a Solana feature to lie in wait without triggering alarms and how the attack bore some resemblance to the Mango DAO and Resolv exploits. He also weighs in on criticism against Circle for its slow response and whether the exploit has the markings of a North Korean state sponsored attack. In Omer's telling, the loss could have been avoided. Listen to find out more! Guest: ⁠Omer Goldberg, Founder and CEO of Chaos Labs Previous appearances on Unchained: How the Resolv Hack Was a Web2 Exploit, Not a Crypto One - Uneasy Money Links Unchained: Drift Protocol Suffers $285 Million Exploit After Admin Key Compromise and Oracle Manipulation Uneasy Money: How the Resolv Hack Shows an Audit Doesn’t Mean ‘Secure’ The Mango Markets Attacker on Whether His ‘Trade’ Was Ethical or Not North Korean Hackers Are Winning. Is the Crypto Industry Ready to Stop Them? Timestamps 🚀 0:00 Introduction 🥶 0:54 Why the Drift protocol hack is so chilling ⁉️ 4:32 Was the admin key set up to blame? Or Was it a supply chain attack? 📍 9:17 How the attack is reminiscent of the Mango DAO and Resolv exploits 😬 14:09 How a Solana feature allowed Drift's hackers to lie in wait without triggering alarms ❌️ 19:55 How Drift Protocol failed to implement best practices 🦠24:53 Who else has been impacted by the Drift Protocol exploit? 🤔 27:50 Should Circle have acted faster to freeze the loot? ⚠️ 31:20 Why Omer thinks the Drift Protocol exploit has North Korea written all over it 📝 34:34 Why Omer says the incident calls for better DeFi disclosures and audits Learn more about your ad choices. Visit megaphone.fm/adchoices