A malicious actor gained unauthorized administrative control over Drift Protocol by abusing durable nonce accounts and previously obtained multisig approvals. The intrusion was not attributed to a smart-contract flaw or compromised seed phrases; the excerpt points instead to pre-signed transactions, delayed execution, and likely targeted social engineering or transaction misrepresentation against multisig signers. After securing 2-of-5 approvals across Security Council migrations, the attacker transferred admin control, introduced a malicious asset, removed withdrawal limits, and withdrew about $280 million from affected protocol deposits. Drift froze remaining protocol functions, updated the multisig to remove the compromised wallet, and began coordinating with security firms, bridges, exchanges, and law enforcement to trace and freeze stolen assets.