On April 1, 2026, Solana’s Drift Protocol was drained of 285 million USD in roughly two and a half hours. The exploit code wasn’t sophisticated. What made the attack work was six months of social engineering that ended with the Drift Security Council unknowingly handing over admin control.
For self-custody holders, the hack is worth understanding because the technique scales down. The same attack pattern (long-duration social engineering, abuse of pre-signed transactions, privileged-access takeover) shows up in attacks targeting individuals at smaller scale.
This piece walks through what happened at Drift, what privileged access means in a self-custody context, and what hardware wallet users can do to keep the attack out of their own setup.
The attack unfolded in three phases.
The setup phase started in fall 2025. Attackers posing as a quantitative trading firm approached Drift contributors at crypto conferences under the pretext of integrating the protocol. Months of meetings, technical discussions, and apparent integration work built trust with the Drift Security Council, the multisig responsible for protocol upgrades and admin actions.
The pre-signing phase came next. The attackers used Solana’s durable nonce feature to get Security Council members to pre-sign transactions that, on the surface, looked like routine integration approvals. The signed transactions sat ready to execute, with the actual effect of those transactions hidden behind technical complexity that wasn’t visible during signing.
The execution phase happened on April 1. The attackers submitted the pre-signed transactions, which gave them admin control over the protocol. Once in control, they whitelisted a fake token (CVT) with an artificial price, deposited 500 million CVT as collateral, and withdrew 285 million USD in real assets (USDC, SOL, ETH, and others). The drain ran for about 2.5 hours before completing.
Drift’s own post-mortem and Chainalysis attribute the attack to DPRK-linked actors, the same group connected to the October 2024 Radiant Capital hack.
In a protocol context, privileged access is the ability to perform admin actions: upgrade the contract, change parameters, whitelist or blacklist assets, pause withdrawals. Most DeFi protocols have some form of privileged access, usually held by a multisig or a governance system.
In a self-custody context, the analogous concept is the ability to sign transactions on your wallet. The “admin” is whoever controls the key, and the privilege is the right to move funds.
The Drift attack worked because the attackers got the Security Council to use its privilege without understanding what they were authorizing. The attackers controlled the meaning of the signed transactions, while the keys themselves stayed in legitimate hands. The signatures were valid; the intent behind them was manufactured.
That pattern translates directly to retail self-custody attacks. When a wallet drainer gets you to sign an unlimited approval, the signature is yours and the key is in your control. The drainer manipulated the meaning of what you signed.
Three retail attack patterns mirror the Drift playbook at smaller scale.
Long-duration social engineering. Attackers spend weeks or months building trust with a high-value target through professional channels (LinkedIn, conferences, Twitter DMs). The eventual ask (sign this airdrop claim, approve this trading integration, connect to this DApp) feels legitimate because of the relationship built around it.
Manipulated signatures. The drainer gets the user to sign something that looks routine (an EIP-712 permit, a gasless approval, a delegation) without surfacing the actual effect. The user’s wallet shows a signature request. The host machine may show a benign-looking summary. The signature, once collected, lets the attacker drain funds on their own timeline.
Pre-positioned approvals. The user signs a “normal” approval to a contract they expect to interact with. The approval permission gets used later, sometimes weeks or months after the initial signature, when the attacker decides to drain the position. The pre-signed authority is the parallel to Drift’s durable nonces.
In all three cases, the attacker controls the meaning of the signature rather than the key itself.
The most common defense pattern works at the moment of signing: show the user exactly what they’re signing, on a screen the attacker can’t manipulate.
A hardware wallet with on-device transaction verification displays the receiving address, the amount, the contract being called, and any relevant metadata on its own screen. The host machine doesn’t get to draw what the user sees. If the attacker has manipulated the wallet’s UI to show one thing while the actual transaction is something else, the device’s screen reveals the mismatch.
For signature-based attacks (EIP-712 permits, gasless approvals), a hardware wallet that displays the signed payload in human-readable form gives the user a chance to see what they’re authorizing. The attacker has to manipulate the structured signature itself, which is harder than manipulating a host-side display.
For pre-positioned approvals, the defense runs through regular auditing of token approvals (tools like Revoke.cash) to revoke permissions that aren’t needed.
Ryder One holds the private key on an EAL6+ Infineon SLC38 secure element, with every transaction verified on the device’s 1.6-inch AMOLED touchscreen. The host machine doesn’t draw the address or the amount; the device does. For signature-based attacks where the attacker manipulates host-side UI, the device’s display is the source of truth at signing time.
The structural answer is that even a sophisticated multi-month social engineering operation has to terminate in a signature. If the signature gets reviewed on a screen the attacker can’t reach, the operation fails at the last step.
TapSafe Recovery handles the backup question independently: 50% on the Recovery Tag, 50% in the phone’s iCloud or Google Drive backup, optional 25% per Recovery Contact for the people you trust.
Three practical moves close most of the exposure.
Review any signing request against what you think it does. If the host’s summary says “approve token swap” and the hardware wallet’s screen shows an unlimited approval to an unknown contract, the host is lying.
Audit your existing approvals regularly. Revoke anything you don’t actively need. Each open approval is a pre-positioned signature waiting to be abused.
Treat long-duration professional outreach with the same skepticism you’d apply to a one-off DM. The relationship is the bait. The signature is the exploit.
The Drift hack worked because the attackers controlled the meaning of legitimate signatures, without ever needing to steal keys. The same pattern, scaled down, drives most of the retail self-custody attacks that succeed in 2026. The defense is to terminate every signature on a screen the attacker can’t reach, and to keep open approvals minimal so the surface for pre-positioned attacks stays small.
Verify every signature on a screen the attacker can’t touch. Ryder One shows every transaction on its own display, with a physical button wired directly to the EAL6+ secure element. Months of social engineering still terminate at a button press the attacker can’t make for you. See how it works.
The only crypto wallet you can install on a crowded subway.
Set it up in less than 60 seconds and just tap your phone to send, swap, and recover.
Share: