Expert Warns of Admin Key Vulnerabilities After $200 Million Drift Hack

By Omkar Godbole (All times ET unless indicated otherwise) The SOL token of the Solana programmable blockchain has plummeted to a five-week low following a security breach at Drift, one of its largest decentralized exchanges. This incident highlights that security risks extend beyond smart contracts to administrative keys. According to Omer Goldberg, founder of Chaos Labs, 'When building in DeFi, it's crucial to audit the admin key's surface area, not just the smart contracts.' Goldberg explained in an X thread that the attacker gained control of Drift's admin key, granting them unrestricted access to the system. The attacker exploited this power to create a fake market for the worthless CVT token, manipulating its price and using it as collateral to drain over $250 million in tokens. This was possible due to Drift's single shared liquidity pool, which holds all users' collateral and trading funds. The issue wasn't a code bug but rather the vast 'surface area' of the admin key, which allowed the attacker to rewrite protocol-wide risk rules and disable safety guards. This incident emphasizes the importance of strong governance and key controls in ensuring protocol safety, in addition to smart contract audits. The SOL token's near 3% drop to $78.30 is consistent with the broader market weakness, including bitcoin, ether, and the CoinDesk 20 Index. President Donald Trump's renewed threat to Iran has led to higher oil prices, influencing both traditional and crypto markets. For more analysis and market updates, see Crypto Markets Today and CoinDesk's Crypto Week Ahead.