Earn up to 50% APR
Boost earnings with NFTs
Play, HODL & earn more
How Hackers Manipulated DeFi Systems to Drain Millions
-
The Drift exploit wasn’t just a hack—it was a multi-stage manipulation of decentralized finance infrastructure. Attackers introduced a fake asset (CVT), artificially boosted its trading activity, and tricked the protocol’s oracles into recognizing it as legitimate collateral.
Once trusted, they used pre-approved permissions to withdraw real assets like USDC, draining funds in minutes. Blockchain analysis linked early activity to Tornado Cash, a tool often used to obscure fund origins. The sophistication of this attack shows how DeFi vulnerabilities increasingly stem from social engineering and system design flaws—not just code bugs.
-
at this point the biggest vulnerability is just humans being humans
-
this wasn’t just a smart contract issue, it was a full system-level failure across trust, oracles, and permissions
-
industry learning the hard way
