Drift's GovernanceExecutor accepted any token named CARBON because the audit fix — bind tally signature to a specific mint address — was filed as 'low severity, accepted as design'. A spoof mint + a forged tally drained $285M in 12 minutes.
This is a full investigative report from CryptoStrapon's Dark Bits desk. We document how the bridge exploit works, who runs it, the exact messages victims receive, the wallets involved, and the verification steps that would have stopped it in seconds.
What you will learn
- What this scam looks like in the wild
- Step-by-step breakdown of the playbook
- Red flags and warning signs to watch for
- On-chain evidence, wallets and transactions
- How to protect yourself and recover funds
- Frequently asked questions
Continue to the full investigation, browse more scam investigations, or run a suspicious offer through our free Scam Detector.
Enable JavaScript for the interactive version with timeline, on-chain evidence, screenshots and recommendations.