[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUnMt7Vbrjkk_1I8iOaukIMCsBAr3eFP4pOy-5lB4Xsk":3},{"lesson":4},{"id":5,"slug":6,"article_id":7,"title":8,"body":9,"prevention":10,"framework_refs":11,"status":17,"created_at":18,"published_at":19,"article":20,"tags":23},"71d4685b-1fdd-47f5-850f-6a78f1f64af2","compromised-admin-keys-enable-285m-defi-vault-drainage","16e11405-40a5-433b-b627-6a5caf300f83","Compromised Admin Keys Enable $285M DeFi Vault Drainage","North Korean attackers compromised multisig admin keys on the Drift DeFi platform, allowing them to create fake collateral markets and disable safety systems before draining $285 million in 10 seconds. The attack succeeded because administrative access controls were insufficient to prevent key compromise, and platform configurations allowed rapid disabling of protective mechanisms. This demonstrates how privileged access in DeFi platforms becomes a single point of catastrophic failure when proper controls aren't implemented. The speed of execution (10 seconds) shows how automated attacks can exploit compromised admin privileges faster than human response times.","**Immediate actions:**\n- Implement time-delayed execution for all administrative changes to critical systems\n- Enable multi-party approval requirements for disabling safety mechanisms\n- Deploy real-time monitoring alerts for administrative key usage\n\n**Long-term improvements:**\n- Establish hardware security modules (HSMs) for storing critical administrative keys\n- Implement principle of least privilege with role-based access controls for admin functions\n- Create immutable audit trails for all administrative actions\n\n**Detection measures:**\n- Monitor for unusual patterns in administrative account activity\n- Set up automated alerts for safety system modifications or disabling",[12,13,14,15,16],"CIS Control 5 (Account Management)","CIS Control 6 (Access Control Management)","NIST AC-2 (Account Management)","NIST AC-6 (Least Privilege)","NIST CM-5 (Access Restrictions for Change)","published","2026-04-03T10:08:01.640467+00:00","2026-04-03T10:08:01.547+00:00",{"id":7,"url":21,"title":22},"https:\u002F\u002Fwww.securityweek.com\u002Fnorth-korean-hackers-drain-285-million-from-drift-in-10-seconds\u002F","North Korean Hackers Drain $285 Million From Drift in 10 Seconds",[24,30],{"id":25,"name":26,"slug":27,"description":28,"color":29},"1ec88fde-2d0f-4ed8-932a-33f5ccc0fdc7","Access Control","access-control","Excessive privileges, missing MFA, weak auth","#f97316",{"id":31,"name":32,"slug":33,"description":34,"color":35},"859cf0ad-a7e9-42bb-a75d-bac6511fa5d5","Configuration Management","configuration-management","Misconfigs, default credentials, exposed services","#eab308"]