Drift Protocol was drained after an attacker spent weeks preparing a fake Solana token, durable nonce transactions, and social-engineering conditions around multisig signing. The attacker created CarbonVote Token, seeded minimal liquidity, wash-traded it to build an apparent price history, and used an attacker-controlled oracle before listing it as collateral through compromised admin authority. Pre-signed nonce transactions transferred control of Drift's State account, enabled permissive collateral and withdrawal parameters, and allowed the attacker to withdraw about $285 million across assets including JLP, USDC, WETH, WBTC, and Solana derivatives. Funds were routed through Solana swaps and bridges including Circle CCTP and Chainflip, then consolidated on Ethereum, highlighting governance, oracle, and multisig process weaknesses rather than a conventional smart-contract bug.