Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Inside the Trump Family’s $1.2B Crypto Windfall Who Paid the Price
    Inside the Trump Family’s $1.2B Crypto Windfall: Who Paid the Price?
  • Opinion
    OpinionShow More
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
    Is Crypto Dying, or Is Pump.fun Turning It Into an Attention Casino
    Is Crypto Dying, or Is Pump.fun Turning It Into an Attention Casino?
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
Market News

Drift’s $230M Hack Looks Like Bybit All Over Again: Ledger CTO

Charles Guillemet says the $230 million Drift Protocol exploit likely involved compromised multisig signers tricked into approving a malicious transaction.

Written By Dhara Chavda Dhara Chavda
Fact Checked by Divya Mistry Divya Mistry
Published 2026-04-02·Updated 3 months ago
Make The Crypto Times preferred on GoogleGoogle
Share
Drift's $230M Hack Looks Like Bybit All Over Again: Ledger CTO

Key Highlights

  • Ledger CTO Charles Guillemet says the $230 million Drift Protocol hack likely resulted from a compromised multisig, where attackers either stole enough private keys or tricked signers into approving a malicious transaction.
  • Guillemet compared the attack pattern directly to the Bybit hack, widely attributed to DPRK-linked actors.
  • He called for an industry-wide security reset, advocating for better detection mechanisms, hardware-backed key management, and clear signing standards.

Charles Guillemet, Chief Technology Officer at hardware wallet manufacturer Ledger, has weighed in on the Drift Protocol exploit, calling it “yet another wake-up call for the industry” and drawing a direct comparison to the $1.4 billion Bybit hack of 2025—widely attributed to North Korea’s Lazarus Group.

Guillemet said the full details of the attack are still unfolding, but based on available evidence, the multisig controlling Drift Protocol was compromised—potentially days or even weeks before the $230 million in funds were actually drained.

“Either the attackers directly stole enough private keys to meet the multisig threshold, or, more likely, they compromised several machines belonging to multisig signers and tricked the operators into approving a malicious transaction,” Guillemet said. “The signers may have believed they were signing a legitimate operation while unknowingly authorizing the drain.”

This attack vector — targeting the human and operational layer rather than the underlying smart contracts — has become the defining pattern of the most devastating crypto exploits in recent years. Guillemet called it “patient, sophisticated supply-chain-level compromise,” explicitly connecting it to the DPRK-linked playbook seen in the Bybit breach.

The Bybit playbook: Human layer, not code

The comparison to Bybit is pointed. In February 2025, attackers — later attributed by the FBI to North Korea’s Lazarus Group — compromised Bybit’s multisig infrastructure by targeting the machines of individual signers.

The signers believed they were approving routine transactions; instead, they authorized transfers that drained approximately $1.4 billion from the exchange’s cold wallet. The attack did not exploit any smart contract bug. It exploited trust, operational process, and the gap between what signers saw on screen and what they actually signed.

Guillemet is now warning that the same blueprint is being repeated.

Drift Protocol’s $230 million exploit follows an identical arc: multisig compromise, compromised signer machines, and malicious transaction approval disguised as a legitimate operation.

On-chain researchers have noted that the attacker’s address was first funded with 1 SOL approximately a week before the exploit, suggesting pre-positioning well ahead of the actual drain.

Three pillars: Detection, Key Management, Clear Signing

Guillemet outlined three concrete steps the industry must adopt:

First, better detection mechanisms at the network and endpoint level to identify compromised environments before they can be weaponized. In both the Bybit and Drift cases, the attacker had access to signer machines for an extended period before executing the drain. Earlier detection of anomalous endpoint behavior could have interrupted the kill chain.

Second, secure key management with proper governance — specifically, hardware-backed signing and operational procedures that assume individual machines can be compromised. Multisig setups that rely on software wallets running on internet-connected machines are fundamentally vulnerable to the type of supply-chain compromise seen here.

Third, and most critical, clear signing ensures that signers always have full, human-readable visibility into what they are actually approving. In both the Bybit and Drift exploits, the attackers’ advantage was that signers could not distinguish a malicious transaction from a legitimate one at the point of approval.

“Security is not just about code audits,” Guillemet said. “It’s about giving operators and users the right information at the right time, so they can make informed decisions about what they sign.”

Drift fallout

The exploit’s impact on Drift Protocol has been severe. The platform’s total value locked (TVL) collapsed from approximately $550 million to under $250 million, according to DeFiLlama data. Drift’s native token, DRIFT, dropped nearly 28%, trading around $0.049—down more than 98% from its November 2024 all-time high of $2.60.

Drift confirmed the attack on X, stating it had suspended deposits and withdrawals and was coordinating with security firms, bridges, and exchanges to contain the incident. The attacker rapidly swapped stolen assets into USDC and bridged them from Solana to Ethereum, with on-chain investigator ZachXBT reporting that over $230 million in USDC was bridged via Circle’s CCTP across 100+ transactions over approximately six hours—with no intervention from Circle, drawing sharp criticism from the crypto community.

Publicly traded Solana treasury firms Forward Industries and DeFi Development Corp confirmed their treasuries were not impacted, while wallet provider Phantom implemented user warnings.

As Guillemet said, “Ultimately, security is not just about code audits. It’s about giving operators and users the right information at the right time.”

The $230 million question for the industry is whether it will treat this as another isolated incident—or as the pattern it clearly is.

Also Read: The First 24 Hours After a Crypto Hack: A Minute-by-Minute Breakdown

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News
Google News Banner

TAGGED:BybitCrypto Hack
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link
Dhara Chavda
By Dhara Chavda
Follow:
Dhara Chavda is a Research Analyst at The Crypto Times. She covers U.S. crypto regulation — including the CLARITY Act and GENIUS Act — DeFi security and major protocol exploits, and investigations into crypto fraud and enforcement actions. Her work emphasizes primary sourcing and on-chain verification over secondary commentary. Dhara joined The Crypto Times in 2020 and has followed every major market cycle since — the 2021 bull run, the 2022 Terra and FTX collapses, the 2023 banking turmoil, the 2024 spot Bitcoin ETF launch, and the 2025–2026 regulatory cycle — first assigning and reviewing the desk's coverage, and now writing it herself. Her reporting has been cited by international outlets including TheStreet and Argentina's La Nación. She holds a Bachelor of Engineering in Computer Engineering from Gujarat Technological University (GTU), which informs her technical reporting on on-chain data, smart contract analysis, and protocol architecture.
Divya Mistry
By Divya Mistry
Follow:
Divya Mistry is the Senior Editor at The Crypto Times. She leads the central editorial desk, overseeing the review and publication of policy analyses, investigative reports, exchange coverage, and protocol exploit stories. Her editorial remit spans digital asset markets, global exchange operations, cross-border digital asset settlements, regulatory developments, and other key developments shaping the cryptocurrency industry. Divya brings more than a decade of experience in editorial strategy, content development, public relations, marketing communications, and research. Before joining The Crypto Times, she worked across multiple sectors, including finance, technology, education, healthcare, real estate, entertainment, lifestyle, and vertical transport, contributing to both digital and print publications. Her research and content work has been featured on platforms including DNA India, Zee, Forbes, and Elevator World India. She holds a Master's degree in English Literature from the University of Mumbai. Drawing on her background in long-form publishing, research, and editorial leadership, she reviews and refines complex stories to ensure accuracy, clarity, and strong editorial standards before publication.

Latest News

Pak Deputy PM Ishaq Dar's Relative Arrested in Crypto Extortion Case
Pak Deputy PM Ishaq Dar’s Relative Arrested in Crypto Extortion Case
Kalshi Nears $10B Monthly Volume as Prediction Markets Grow
Kalshi Nears $10B Monthly Volume as Prediction Markets Grow
Algorand Calls for Shared Post-Quantum Crypto Security Standards
Algorand Calls for Shared Post-Quantum Crypto Security Standards
Vitalik Buterin Unveils Lean Ethereum Roadmap for Next Era
Vitalik Buterin Unveils Lean Ethereum Roadmap for Next Era 
Bitcoin Miner IREN Awards Co-CEOs $700M in Stock
Bitcoin Miner IREN Awards Co-CEOs $700M in Stock

Find Us on Socials

You may also like

Trader Turns $213K ANSEM Long Into 209% Unrealized Gain

Trader Turns $213K ANSEM Long Into 209% Unrealized Gain 

French Couple Loses €1.5M in Crypto to Camera-Glasses 'Rip Deal' Scam

French Couple Loses €1.5M in Crypto to Camera-Glasses ‘Rip Deal’ Scam

Belgian Authorities Arrest 19-Year-Old in €500K Crypto Laundering Scheme

Belgian Authorities Arrest 19-Year-Old in €500K Crypto Laundering Scheme

Who Really Controls Open USD The Governance Questions Behind the Hype

Who Really Controls Open USD? The Governance Questions Behind the Hype

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information