Security Incidents

In brief Social media platform X is working on new changes to combat crypto scams on the platform. The platform will attempt to lock down accounts that are posting about crypto for the first time, particularly those with large followings. The change comes as financial scams continue to

Social media platform X will auto-lock accounts that mention cryptocurrency for the first time, requiring additional verification to deter crypto phishing scams. This new measure aims to eliminate incentives for attacks that hijack accounts to promote fraudulent tokens.

The Drift Protocol exploit on April 1, 2026, drained $285 million through admin control, triggering a sharp decline in Solana DeFi. Attackers manipulated oracle pricing and governance, leading to rapid asset withdrawals and cross-chain fund transfers, complicating recovery efforts.

X (formerly Twitter) will implement new protective measures. If a user posts content related to cryptocurrency for the first time, the account will automatically be locked and prompted for identity verification to prevent hackers from using the account to carry out scams. X product lead Nikita Bier also criticized Google for tolerating phishing emails, emphasizing that this move can eliminate 99% of hackers’ motivations.

X platform product lead Nikita Bier announced that it will roll out new measures against crypto phishing scams. The account that is first to publish relevant content will be locked and will need to complete identity verification. It is expected to eliminate 99% of malicious actors’ motives. He also pointed out that Google failed to effectively block phishing emails.

Ledger wallet was scammed, US authorities recover over $600,000 The U.S. Attorney's Office in Connecticut has seized more than $600,000 in crypto from a scam targeting Ledger users, tightening on-chain cash flow risks. Ledger wallet appears at the center of a recent crypto scam just exposed by U.S. authorities

Resolv Labs updated users on the recent exploit that minted 80 million USR tokens. While whitelisted holders have largely redeemed their tokens, non-whitelisted users and RLP holders face delays. Investigations found no insider involvement, but recovery remains uncertain.

Gate News message, on April 2, Wormhole posted on the X platform in response to the Drift Protocol attack incident. Wormhole said that user assets are not currently at risk, and the cross-chain bridge functionality can still be used normally. However, due to the built-in security mechanisms configured for Solana, some cross-chain transfers may experience delays. Wormhole’s core contributors have been in communication with the Solana ecosystem team and will continue to provide support as needed.

Solana Foundation Chief Product Officer Vibhu Norby responded to the Drift Protocol security incident, confirming that an attack occurred. The cause of the attack is still under investigation. The incident is related to operational security or social engineering, highlights the potential risks of multisig mechanisms, and says that this incident does not represent a systemic issue with Solana DeFi.

Ledger CTO Charles Guillemet noted that Drift Protocol’s exploitation method is similar to a 2025 CEX hack incident, and that the security issues mainly stem from people and operations rather than code defects. The attacker infiltrated a multisig device to trick the signer into approving a malicious transaction.

Magic Eden is discontinuing its wallet app, transitioning to an export-only mode, which means users must export their private keys to avoid losing access to their funds. This change emphasizes the importance of self-custody and key preservation for cryptocurrency users.

On April 1, 2026, Drift Protocol in the Solana ecosystem was hacked, resulting in losses of about $285 million. The attacker obtained administrator permissions for a multisig wallet, swiftly withdrew funds, and transferred them cross-chain to Ethereum, becoming the largest single security incident in the DeFi space. The investigation found that the attack was caused by a multisig management configuration flaw: the lack of a time-lock mechanism allowed the attacker to execute malicious actions immediately. The incident caused Drift’s total value locked to drop sharply, significantly impacting the Solana ecosystem.

Google's quantum AI team research indicates that the quantum computing power required to break Bitcoin is far lower than expected, potentially less than 500,000 qubits. Research simulations show that hackers could intercept ongoing Bitcoin transactions within 9 minutes, and that about one-third of the Bitcoin is stored in already exposed wallets, increasing the risk of quantum attacks. While Bitcoin's Taproot upgrade strengthens privacy, it also increases the exposure of public keys, raising the risk to assets.

Li Xiong was extradited back to China from Cambodia, involving a cross-border money laundering case tied to the $4 billion Weiwang Group. The case has exposed the links between the Southeast Asian scam industry chain and crypto funds. Experts noted that the group, as a scam infrastructure provider, supports online scams and the movement of funds. Despite intensified international crackdown efforts, the money-laundering network remains highly adaptable, making it extremely difficult to trace.

All-chain stablecoin protocol USDT0 responded rapidly after the Solana Drift security incident, pausing its cross-chain communication network within 90 minutes. Tether’s CEO praised its team’s handling, while Z achXBT criticized Circle for not freezing USDC transfers.

Gate News message, the Drift Protocol exploiter has purchased an additional 1,195 ETH for $2.46M USDC. The hacker's wallet now holds 130,262 ETH valued at $267.67M. According to Onchain Lens, Drift Protocol was exploited for over $270M, with the stolen funds converted into 129,067 ETH worth $277.4

Chinese police have escorted back to China the key figure Li Xiong, who is alleged to have led the Huione criminal network from Cambodia and faces charges including fraud and money laundering. The network is linked to a global illegal online trading system, which has handled more than $89 billion in crypto assets. Although the core members were arrested, the Huione system is still operating using new methods, reflecting the complexity of laundering crypto assets and the challenges faced by global regulation.

Prince Group’s core member Li Xiong was escorted back to China by the Ministry of Public Security of China on April 1, after being arrested in Cambodia. He is suspected of multiple offenses including fraud and money laundering. He is the chairman of Huowang Group, which is under the Prince Group umbrella. The amount involved in the group’s cryptocurrency business reaches $24 billion, and the money-laundering amount is at least $4 billion. This operation was carried out with cooperation from Cambodia, and it has raised issues related to international judicial cooperation.

Drift Protocol recently suffered a complex attack. Malicious actors used the durable nonce technology to obtain unauthorized administrative privileges, resulting in approximately $280 million in funds being withdrawn. The investigation found no program vulnerabilities; it may involve social engineering. Drift has frozen protocol functionality and updated the multisig to protect assets.